From 984a20652fa0532bb55592b1110bab1b2cf5a3dc Mon Sep 17 00:00:00 2001
From: Tony Giorgio <tonygiorgio@protonmail.com>
Date: Fri, 24 Apr 2026 00:33:56 -0500
Subject: [PATCH] Avoid flaky ort downloads in Linux CI

Preload official ONNX Runtime in Linux workflows so ort-sys stops relying on flaky Pyke CDN downloads.

Co-authored-by: factory-droid[bot] <138933559+factory-droid[bot]@users.noreply.github.com>

Work around Linux AppImage strip failures

Set NO_STRIP for Linux desktop bundling so linuxdeploy stops choking on newer bundled system libraries.

Co-authored-by: factory-droid[bot] <138933559+factory-droid[bot]@users.noreply.github.com>

Improve Linux AppImage CI diagnostics

Set APPIMAGE_EXTRACT_AND_RUN and enable verbose Linux bundling so linuxdeploy failures surface clearly in CI.

Co-authored-by: factory-droid[bot] <138933559+factory-droid[bot]@users.noreply.github.com>

Expose ONNX Runtime libs to Linux bundlers

Co-authored-by: factory-droid[bot] <138933559+factory-droid[bot]@users.noreply.github.com>
---
 .github/workflows/desktop-build.yml | 16 +++++++++++++++-
 .github/workflows/release.yml       | 17 ++++++++++++++++-
 .github/workflows/rust-tests.yml    | 12 ++++++++++++
 3 files changed, 43 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/desktop-build.yml b/.github/workflows/desktop-build.yml
index 3764eb97..537a2c2d 100644
--- a/.github/workflows/desktop-build.yml
+++ b/.github/workflows/desktop-build.yml
@@ -167,6 +167,18 @@ jobs:
               libayatana-appindicator3-dev \
               librsvg2-dev
 
+      - name: Provide ONNX Runtime (Linux)
+        run: |
+          ORT_VERSION=1.22.0
+          ORT_ROOT="$RUNNER_TEMP/onnxruntime"
+          mkdir -p "$ORT_ROOT"
+          curl -fL --retry 5 --retry-delay 2 --retry-all-errors \
+            "https://github.com/microsoft/onnxruntime/releases/download/v${ORT_VERSION}/onnxruntime-linux-x64-${ORT_VERSION}.tgz" \
+            | tar -xz -C "$ORT_ROOT"
+          echo "ORT_LIB_LOCATION=$ORT_ROOT/onnxruntime-linux-x64-${ORT_VERSION}" >> "$GITHUB_ENV"
+          echo "ORT_SKIP_DOWNLOAD=true" >> "$GITHUB_ENV"
+          echo "LD_LIBRARY_PATH=$ORT_ROOT/onnxruntime-linux-x64-${ORT_VERSION}/lib${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}" >> "$GITHUB_ENV"
+
       - name: Install frontend dependencies
         working-directory: ./frontend
         run: bun install
@@ -191,8 +203,10 @@ jobs:
 
       - name: Build Tauri App (Linux)
         working-directory: ./frontend
-        run: cargo tauri build
+        run: cargo tauri build --verbose
         env:
+          APPIMAGE_EXTRACT_AND_RUN: "1"
+          NO_STRIP: true
           TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }}
           TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }}
           VITE_OPEN_SECRET_API_URL: ${{ github.event_name == 'pull_request' && 'https://enclave.secretgpt.ai' || 'https://enclave.trymaple.ai' }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index f6967716..e3066e62 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -33,7 +33,7 @@ jobs:
           - platform: macos-latest-xlarge
             args: --target universal-apple-darwin
           - platform: ubuntu-latest-8-cores
-            args: ""
+            args: --verbose
 
     runs-on: ${{ matrix.platform }}
     steps:
@@ -97,6 +97,19 @@ jobs:
               libayatana-appindicator3-dev \
               librsvg2-dev
 
+      - name: Provide ONNX Runtime (Linux)
+        if: matrix.platform == 'ubuntu-latest-8-cores'
+        run: |
+          ORT_VERSION=1.22.0
+          ORT_ROOT="$RUNNER_TEMP/onnxruntime"
+          mkdir -p "$ORT_ROOT"
+          curl -fL --retry 5 --retry-delay 2 --retry-all-errors \
+            "https://github.com/microsoft/onnxruntime/releases/download/v${ORT_VERSION}/onnxruntime-linux-x64-${ORT_VERSION}.tgz" \
+            | tar -xz -C "$ORT_ROOT"
+          echo "ORT_LIB_LOCATION=$ORT_ROOT/onnxruntime-linux-x64-${ORT_VERSION}" >> "$GITHUB_ENV"
+          echo "ORT_SKIP_DOWNLOAD=true" >> "$GITHUB_ENV"
+          echo "LD_LIBRARY_PATH=$ORT_ROOT/onnxruntime-linux-x64-${ORT_VERSION}/lib${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}" >> "$GITHUB_ENV"
+
       - name: Install frontend dependencies
         working-directory: ./frontend
         run: bun install
@@ -111,6 +124,8 @@ jobs:
       - name: Build Tauri App
         uses: tauri-apps/tauri-action@v0
         env:
+          APPIMAGE_EXTRACT_AND_RUN: ${{ matrix.platform == 'ubuntu-latest-8-cores' && '1' || '' }}
+          NO_STRIP: ${{ matrix.platform == 'ubuntu-latest-8-cores' && 'true' || '' }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }}
           TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }}
diff --git a/.github/workflows/rust-tests.yml b/.github/workflows/rust-tests.yml
index c1a5fdb1..5d6378e7 100644
--- a/.github/workflows/rust-tests.yml
+++ b/.github/workflows/rust-tests.yml
@@ -47,6 +47,18 @@ jobs:
             librsvg2-dev \
             pkg-config
 
+      - name: Provide ONNX Runtime (Linux)
+        run: |
+          ORT_VERSION=1.22.0
+          ORT_ROOT="$RUNNER_TEMP/onnxruntime"
+          mkdir -p "$ORT_ROOT"
+          curl -fL --retry 5 --retry-delay 2 --retry-all-errors \
+            "https://github.com/microsoft/onnxruntime/releases/download/v${ORT_VERSION}/onnxruntime-linux-x64-${ORT_VERSION}.tgz" \
+            | tar -xz -C "$ORT_ROOT"
+          echo "ORT_LIB_LOCATION=$ORT_ROOT/onnxruntime-linux-x64-${ORT_VERSION}" >> "$GITHUB_ENV"
+          echo "ORT_SKIP_DOWNLOAD=true" >> "$GITHUB_ENV"
+          echo "LD_LIBRARY_PATH=$ORT_ROOT/onnxruntime-linux-x64-${ORT_VERSION}/lib${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}" >> "$GITHUB_ENV"
+
       - name: Configure sccache
         run: |
           {