Fix: Pin tauri-cli to v2.8.0 across all CI workflows

[AnthonyRonning]

Problem

The deploy-testflight workflow was failing because cargo install tauri-cli was installing the broken v2.9.0, which has a compilation error in tauri-bundler v2.7.0 with tauri_macos_sign::Error.

Solution

Pin all CI workflows to use tauri-cli v2.8.0 (the version that works locally) by adding --version "2.8.0" --locked to all cargo install tauri-cli commands.

Workflows Updated

• testflight-on-comment.yml
• mobile-build.yml
• desktop-build.yml
• android-build.yml
• release.yml
• claude.yml

Testing

This ensures consistent tauri-cli versions across all CI/CD pipelines and avoids the v2.9.0 compilation bug.

Summary by CodeRabbit

• Chores
  • Updated CI/CD build pipelines to pin build tool dependency to a specific version with locked resolution for improved build reproducibility and stability across all platforms.

[coderabbitai]

Caution

Review failed

The pull request is closed.

Walkthrough

Across six GitHub workflow files, the Tauri CLI installation step has been updated to pin version 2.8.0 and add the --locked flag, replacing unversioned cargo install tauri-cli commands with cargo install tauri-cli --version "2.8.0" --locked for deterministic builds.

Changes

Cohort / File(s)	Summary
CI Workflow Tauri CLI Installation Updates \.github/workflows/android-build\.yml, \.github/workflows/claude\.yml, \.github/workflows/desktop-build\.yml, \.github/workflows/mobile-build\.yml, \.github/workflows/release\.yml, \.github/workflows/testflight-on-comment\.yml	Updated Tauri CLI installation steps to pin version 2.8.0 and enforce locked dependency resolution by changing cargo install tauri-cli to cargo install tauri-cli --version "2.8.0" --locked across all workflows.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

Possibly related PRs

• fix: resolve getrandom v0.2.16 compilation issues in CI/CD #204: Also modifies the "Install Tauri CLI" steps in CI workflows, applying environment variable configuration alongside CLI installation updates.
• Add android to release workflow #257: Introduces Android release job configuration that ensures tauri-cli is properly installed as part of the CI pipeline setup.

Poem

🐰 A version pinned, a lock held tight,
Six workflows now in sync, shining bright,
No more surprises from cargo's whim,
Deterministic builds, the future's grim—
Wait, that's good! Consistency wins! ✨

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/pin-tauri-cli-version

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8745c48 and d2d10b5.

📒 Files selected for processing (6)

• .github/workflows/android-build.yml (1 hunks)
• .github/workflows/claude.yml (1 hunks)
• .github/workflows/desktop-build.yml (1 hunks)
• .github/workflows/mobile-build.yml (1 hunks)
• .github/workflows/release.yml (1 hunks)
• .github/workflows/testflight-on-comment.yml (1 hunks)

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[greptile-apps]

Greptile Overview

Summary

This PR addresses a critical CI/CD failure by pinning tauri-cli to version 2.8.0 across all 6 GitHub workflow files. The change prevents the broken v2.9.0 from being installed, which was causing compilation errors related to tauri_macos_sign::Error in tauri-bundler v2.7.0.

Key Changes

• Added --version "2.8.0" --locked flags to all cargo install tauri-cli commands
• Consistent implementation across android-build, claude, desktop-build, mobile-build, release, and testflight-on-comment workflows
• Preserves all existing environment variables and conditional logic in each workflow

Confidence Score: 5/5

• This PR is safe to merge with no risk - it's a straightforward version pin to fix broken CI
• The changes are minimal, consistent, and directly address a known build failure. All modifications follow the same pattern (adding version and --locked flags), preserve existing workflow logic, and only affect CI/CD infrastructure without touching application code. The --locked flag ensures reproducible builds by using exact dependency versions from Cargo.lock.
• No files require special attention - all changes are identical in pattern and purpose

Important Files Changed

File Analysis

Filename	Score	Overview
.github/workflows/android-build.yml	5/5	Pinned tauri-cli to v2.8.0 with --locked flag in conditional install block
.github/workflows/claude.yml	5/5	Pinned tauri-cli to v2.8.0 with --locked flag, preserves CARGO_CFG_TARGET_OS=linux prefix
.github/workflows/desktop-build.yml	5/5	Pinned tauri-cli to v2.8.0 with --locked flag in direct install command
.github/workflows/mobile-build.yml	5/5	Pinned tauri-cli to v2.8.0 with --locked flag, includes getrandom workaround comment
.github/workflows/release.yml	5/5	Pinned tauri-cli to v2.8.0 with --locked flag in conditional install block
.github/workflows/testflight-on-comment.yml	5/5	Pinned tauri-cli to v2.8.0 with --locked flag, includes getrandom workaround comment

Sequence Diagram

sequenceDiagram
    participant Dev as Developer
    participant GH as GitHub Actions
    participant Cargo as Cargo Registry
    participant Build as Build Process

    Dev->>GH: Push/PR/Comment Trigger
    GH->>GH: Checkout & Setup Environment
    GH->>Cargo: cargo install tauri-cli --version "2.8.0" --locked
    Note over Cargo: Previously: installed v2.9.0 (broken)<br/>Now: installs v2.8.0 (working)
    Cargo-->>GH: tauri-cli v2.8.0 installed
    GH->>Build: Execute tauri build commands
    Note over Build: No more tauri_macos_sign::Error<br/>compilation failures
    Build-->>GH: Build artifacts
    GH-->>Dev: CI/CD Success

Loading

_{6 files reviewed, no comments}

_{Edit Code Review Agent Settings | Greptile}