Add native support for desktop and android (Tauri)

[haslinghuis]

• Integration of Tauri into the project, along with configuration and dependency updates.
• Added support for serial communication for desktop and android
• Tau-ri is preferred over Electron (as Electron would basically be the counterpart of NW.js)

References

• https://docs.rs/tauri/latest/x86_64-linux-android/tauri/index.html
• https://docs.docker.com/desktop/setup/install

Todo

• implement serial connection (tested on linux)
• test serial connection (android)
• update YAML for CI (artifacts do not upload ???)
• Update YAML to add APK build to CI
• update comments below with the intent to create a documented development environment

Follow up

• Implement raw TCP - not webSockets (CRSF, ERLS, MAVLINK, SITL)
• Implement DFU
• Implement BLE (already provided by PWA)

Not sure Docker is a good solution as we need to avoid sandboxing

Requirements

# Update your system
sudo apt update && sudo apt upgrade -y

sudo apt install pkg-config
sudo apt install libwebkit2gtk-4.1-dev build-essential curl wget file libssl-dev libgtk-3-dev
sudo apt install libayatana-appindicator3-dev librsvg2-dev

# Install rust and cargo

# Remove snap rust if present
sudo snap remove rust

# Install via rustup
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
source "$HOME/.cargo/env"

# Start development
yarn && yarn tauri:dev

Docker

echo 'FROM rust:latest
WORKDIR /app
RUN apt-get update && apt-get install -y libwebkit2gtk-4.1-dev build-essential curl wget libssl-dev libgtk-3-dev libayatana-appindicator3-dev librsvg2-dev
RUN curl -fsSL https://deb.nodesource.com/setup_18.x | bash - && apt-get install -y nodejs
RUN npm install -g yarn
COPY . .
RUN yarn install
CMD ["yarn", "tauri:dev"]' > Dockerfile

# Build and run the Docker container
docker build -t betaflight-dev .
docker run -it betaflight-dev

Tauri Integration:

• package.json: Added new scripts for Tauri development and build, and included Tauri dependencies (@tauri-apps/api and @tauri-apps/cli). [1] [2]
• src-tauri/Cargo.toml: Created a new Cargo configuration file for the Tauri application.
• src-tauri/build.rs: Added a build script for Tauri.
• src-tauri/src/main.rs: Set up the main entry point for the Tauri application.
• src-tauri/tauri.conf.json: Created a Tauri configuration file with application settings and build commands.

Build Configuration:

• vite.config.js: Updated the build output directory and added an alias for the src directory. [1] [2]

Summary by CodeRabbit

• New Features

  • Desktop (Tauri) support across Windows/macOS/Linux, mobile entry for Android/iOS, Tauri dev/build commands, and a native Tauri-backed serial protocol with runtime selection and event forwarding.

• Documentation

  • Comprehensive Android development guide and Docker development/build guide.

• Chores

  • Android emulator/ADB helper scripts, android-env helper, new npm scripts, added Tauri runtime/CLI dependencies.

• Build / Config

  • Dockerfile, CI/workflow overhaul, Vite and ESLint tweaks, capability descriptor, and .gitignore updates.

[netlify]

✅ Deploy Preview for origin-betaflight-app ready!

Name	Link
🔨 Latest commit	6e96780
🔍 Latest deploy log	https://app.netlify.com/sites/origin-betaflight-app/deploys/67eb037d01c55000084a875e
😎 Deploy Preview	https://deploy-preview-4379.dev.app.betaflight.com
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[McGiverGim]

I haven't tested it, but two questions or confirmations:

• the instructions to build are for Linux. I suppose we can use other OS like windows for example to develop.
• if we merge this, we need to revert all the capacitor code. I suppose that this is only a test and for this reason it does not do that

I'm right?

[haslinghuis]

For now this is for evaluation purpose

[hcws]

I'm new to PWA , I want use tauri to communite with mavsdk , I want to base this project, I have no idea with this PWA , I don't know how to add tauri callback in this PWA,Can you give me some ideas.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[coderabbitai]

Walkthrough

Adds Tauri desktop/mobile integration and native Tauri serial transport, updates frontend runtime detection and serial wiring, introduces Android/Tauri npm scripts and dependencies, adds Docker and Android build tooling and docs, adjusts Vite/ESLint/.gitignore, and restructures CI/release GitHub Actions.

Changes

Cohort / File(s)	Summary
Tauri core & manifests src-tauri/Cargo.toml, src-tauri/build.rs, src-tauri/src/main.rs, src-tauri/src/lib.rs, src-tauri/tauri.conf.json, src-tauri/capabilities/default.json	Add Tauri Rust manifest, build script, desktop and mobile entry points, tauri config and capability descriptor; register plugins (shell, conditional serialplugin) and declare features/permissions.
Native serial transport & frontend wiring src/js/protocols/TauriSerial.js, src/js/serial.js, src/js/port_handler.js, src/js/utils/checkBrowserCompatibility.js	Add TauriSerial protocol file; detect isTauri() at runtime; load/prioritize tauriserial; add Serial.init and event-forwarding helper; add PortHandler.serialProtocol and update permission/device flows.
NPM scripts, deps & config package.json, vite.config.js, eslint.config.js, .gitignore	Add Android emulator/ADB and Tauri npm scripts; add @tauri-apps/api and @tauri-apps/cli deps; set Vite build/HMR/server options; expand ESLint ignores and Vue plugin wiring; ignore src-tauri build artifacts.
Android & Docker tooling + docs Dockerfile, android-env.sh, ANDROID.md, DOCKER.md	Add Debian-based Dockerfile with Rust/Android/Node toolchains; Android SDK/NDK env script; comprehensive Android and Docker developer guides.
CI / GitHub Actions .github/workflows/ci.yml, .github/workflows/ci-test.yml, .github/workflows/release.yml, .github/workflows/artifact-links.yml	Make Docker build optional via run_docker_build input; rename main job to node-ci; add optional docker-build job with Dockerfile detection/artifact export; add ci-test wrapper; restructure release workflow into desktop/android/publish jobs; adjust triggers and artifact handling.
Frontend runtime & packaging tweaks vite.config.js, .gitignore, eslint.config.js	Add Vite outDir/emptyOutDir, dev HMR/server host settings; expand ESLint ignores to include dist paths; update .gitignore to exclude src-tauri/target/ and src-tauri/gen/.

Sequence Diagram(s)

sequenceDiagram
    participant App as Betaflight App (UI)
    participant PortHandler as PortHandler
    participant Serial as Serial Manager
    participant Protocol as Protocol (TauriSerial / WebSerial)
    participant Backend as Backend (Tauri / Browser)

    App->>PortHandler: initialize()
    PortHandler->>PortHandler: detect runtime (isTauri)
    PortHandler->>Serial: selectProtocol()

    alt Tauri runtime
        Serial->>Serial: async load TauriSerial
        Serial->>Protocol: instantiate TauriSerial
        Protocol->>Backend: queryAvailablePorts()
    else Web runtime
        Serial->>Protocol: use WebSerial
        Protocol->>Backend: requestPort()/enumerate()
    end

    Serial->>Serial: setup event forwarding
    Protocol-->>Serial: emit addedDevice/removedDevice/connect/receive
    Serial-->>App: forward device/events (include protocolType)

    App->>PortHandler: connect(port)
    PortHandler->>Serial: connect(port)
    Serial->>Protocol: connect(path, options)
    Protocol->>Backend: openPort(path, baudRate)
    Protocol->>Protocol: startReadLoop()

    loop Data reception
        Protocol->>Backend: poll/read data
        Backend-->>Protocol: data (Uint8Array)
        Protocol->>Serial: emit receive(data)
        Serial-->>App: forward data
    end

    App->>PortHandler: send(data)
    PortHandler->>Serial: send(data)
    Serial->>Protocol: write(data)
    Protocol->>Backend: writePort(data)

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Areas needing extra attention:

• src/js/protocols/TauriSerial.js — read loop, batching, error handling, device detection and monitoring.
• src/js/serial.js & src/js/port_handler.js — async init sequencing, event-forwarding helper, protocol prioritization/fallback behavior.
• src-tauri/* — Cargo manifest features, plugin registration, capability permissions and platform guards.
• Dockerfile / android-env.sh — SDK/NDK installation steps, environment variables and permissions.
• .github/workflows/* — conditional Docker detection, artifact creation/publishing across jobs.

Possibly related issues

• Proposal: Use Tauri 2.0 for Native Desktop Application #4499 — Implements Tauri 2.0 support and tauri-plugin-serial integration; aligns with this PR’s Tauri manifests and tauriserial wiring.

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 60.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title Check	✅ Passed	The pull request title "Add native support for desktop and android (Tauri)" accurately and comprehensively summarizes the main changes in the changeset. The PR introduces a complete Tauri v2 integration with desktop support (main.rs, Cargo.toml, tauri.conf.json, Windows subsystem configuration) and Android support (mobile entry point in lib.rs, Android emulator management scripts, ANDROID.md documentation), plus supporting infrastructure (Docker build environment, updated package.json scripts and dependencies, protocol implementation for TauriSerial, and CI/CD workflow updates). The title is concise, specific (naming both platforms and the framework), and clearly communicates the primary scope without vague terminology or noise.
Description Check	✅ Passed	The pull request description provides a comprehensive overview of the Tauri v2 integration effort, including a clear summary of changes, rationale (Tauri preference over Electron), relevant documentation references, and detailed setup instructions for both system requirements and Docker environments. The template text has been properly removed, and the description includes substantive file-by-file details with links to specific changes. However, the description lacks an explicit issue reference in the form "Fixes #" that would automatically link to and close related issues upon merge, and the organization could be more streamlined for easier review.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (1)

src-tauri/src/main.rs (1)

6-11: Consider improving error handling for production use.

The main function structure is correct and follows Tauri best practices. However, using .expect() will cause the application to panic on startup errors.

For production use, consider implementing more graceful error handling:

fn main() {
-    tauri::Builder::default()
-        .plugin(tauri_plugin_shell::init())
-        .run(tauri::generate_context!())
-        .expect("error while running tauri application");
+    if let Err(e) = tauri::Builder::default()
+        .plugin(tauri_plugin_shell::init())
+        .run(tauri::generate_context!()) {
+        eprintln!("Failed to start application: {}", e);
+        std::process::exit(1);
+    }
}

Given this is experimental/evaluation code, the current approach is acceptable for now.

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1809bb8 and 31e7be6.

⛔ Files ignored due to path filters (3)

• src-tauri/Cargo.lock is excluded by !**/*.lock
• src-tauri/icons/bf_icon_128.png is excluded by !**/*.png
• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (8)

• .gitignore (1 hunks)
• package.json (2 hunks)
• src-tauri/Cargo.toml (1 hunks)
• src-tauri/build.rs (1 hunks)
• src-tauri/src/main.rs (1 hunks)
• src-tauri/tauri.conf.json (1 hunks)
• src/js/utils/checkBrowserCompatibility.js (1 hunks)
• vite.config.js (2 hunks)

🧰 Additional context used

🧬 Code Graph Analysis (2)

src-tauri/src/main.rs (1)

src-tauri/build.rs (1)

• main (1-3)

src-tauri/build.rs (1)

src-tauri/src/main.rs (1)

• main (6-11)

🔇 Additional comments (16)

.gitignore (1)

45-47: LGTM! Standard Tauri ignore patterns added.

The added entries correctly exclude Tauri build artifacts:

• src-tauri/target/ for Rust/Cargo compilation artifacts
• src-tauri/gen/ for Tauri-generated code

These are essential for keeping build outputs out of version control.

src-tauri/build.rs (1)

1-3: LGTM! Standard minimal Tauri build script.

This is the correct minimal implementation for a Tauri build script. The tauri_build::build() call handles all necessary Tauri-specific build steps during compilation.

vite.config.js (2)

59-60: LGTM! Build configuration aligned with Tauri requirements.

The explicit outDir: "dist" and emptyOutDir: true settings ensure that the frontend build outputs are correctly placed and cleaned for Tauri consumption.

---

120-120: LGTM! Convenient alias for source directory.

The "@": resolve(__dirname, "src") alias provides a clean way to reference the source directory in imports, which is a common pattern in Vue.js projects.

src-tauri/src/main.rs (1)

1-4: LGTM! Correct Windows subsystem configuration.

The conditional compilation attribute properly suppresses the console window on Windows in release builds, which is appropriate for a desktop GUI application.

src/js/utils/checkBrowserCompatibility.js (2)

63-65: LGTM! Standard Tauri detection implementation.

The function correctly uses the __TAURI_INTERNALS__ global variable to detect when running in a Tauri environment, which is the recommended approach according to Tauri documentation.

---

73-73: Good integration with existing platform detection.

Correctly treats Tauri as a native platform alongside Capacitor, which makes sense since both provide native desktop/mobile app capabilities that don't require web browser APIs like WebSerial or WebUSB.

src-tauri/tauri.conf.json (3)

25-28:

❓ Verification inconclusive

Bundle targets are Linux-focused - confirm platform strategy.

The bundle configuration only targets Linux packages (deb, appimage). Given that the PR mentions this is for evaluation purposes, confirm whether Windows and macOS targets will be added later or if Linux-only distribution is intentional.

---

🌐 Web query:

What are the recommended bundle targets for Tauri v2 cross-platform desktop applications?

💡 Result:

In Tauri v2, when configuring your cross-platform desktop application, you can specify the bundle targets in the tauri.conf.json configuration file under the bundle section. The targets property defines the formats in which your application will be bundled. By default, this is set to "all", which includes all available targets. You can customize this to include specific targets as needed.

The available bundle targets are:

• Windows:

  • "nsis": NSIS installer (.exe)
  • "msi": Microsoft Installer (.msi)
  • "app": Windows application bundle (.app)
  • "dmg": Apple Disk Image (.dmg)

• macOS:

  • "app": macOS application bundle (.app)
  • "dmg": Apple Disk Image (.dmg)

• Linux:

  • "deb": Debian package (.deb)
  • "rpm": RPM package (.rpm)
  • "appimage": AppImage bundle (.appimage)

• Cross-Platform:

  • "all": Bundles all available targets

To specify the bundle targets in your tauri.conf.json file, you can set the targets property under the bundle section. For example, to bundle your application for Windows and macOS, you would configure it as follows:

{
  "bundle": {
    "targets": ["nsis", "app", "dmg"]
  }
}

This configuration will generate installers for Windows (.exe), and application bundles for macOS (.app and .dmg). For a comprehensive list of all available bundle targets and their configurations, refer to the Tauri documentation. (tauri.app)

Citations:

• 1: https://tauri.app/reference/config/?utm_source=openai

---

Clarify cross-platform bundle targets

Currently in src-tauri/tauri.conf.json (around lines 25–28) your bundle targets are set to:

"bundle": {
  "active": true,
  "targets": ["deb", "appimage"],
  "icon": ["icons/bf_icon_128.png"]
}

– those are Linux-only formats. Tauri v2 also supports Windows ("nsis", "msi", "app", "dmg") and macOS ("app", "dmg") bundles, or a single "all" target to cover everything.

Please confirm whether you intend to ship Linux-only (for evaluation) or if you’ll add Windows/macOS targets (or switch to "all") before release.

---

5-9:

✅ Verification successful

Verify build commands consistency.

The build commands reference yarn dev and yarn build scripts. Ensure these correspond to the scripts defined in package.json and that the development server runs on the configured port (8000).

---

🏁 Script executed:

#!/bin/bash
# Verify that the referenced yarn scripts exist in package.json
echo "Checking for yarn scripts referenced in tauri.conf.json..."
jq -r '.scripts | keys[]' package.json | grep -E "^(dev|build)$" || echo "Missing required scripts"

# Check if dev script uses port 8000
echo "Checking dev script configuration..."
jq -r '.scripts.dev' package.json

Length of output: 325

---

🏁 Script executed:

#!/bin/bash
# Locate any Vite config files in the repo
echo "Locating vite config files..."
vite_configs=$(fd -t f -H "vite.config.*")
if [ -z "$vite_configs" ]; then
  echo "No vite.config.* files found."
else
  for cfg in $vite_configs; do
    echo "Inspecting $cfg for server port settings:"
    grep -R "server" -n "$cfg" -A3 || echo "No 'server' block in $cfg"
    grep -R "port" -n "$cfg" || echo "No explicit port setting in $cfg"
  done
fi

Length of output: 1222

---

Build commands and devUrl verified

• Both dev and build scripts exist in package.json.
• The Vite dev server is explicitly configured with

  server: {
    port: 8000,
    strictPort: true,
  }

  which matches "devUrl": "http://localhost:8000" in tauri.conf.json.
• The frontend build output defaults to dist, so "frontendDist": "../dist" is correct.

No changes required.

---

30-34:

❓ Verification inconclusive

Shell plugin enabled - verify security implications.

The shell plugin with open: true allows the application to execute system commands and open files/URLs. Ensure this is necessary for the application's functionality and that proper input validation is implemented wherever this plugin is used.

---

🏁 Script executed:

#!/bin/bash
# Search for usage of Tauri shell plugin in the codebase
echo "Searching for shell plugin usage..."
rg -A 3 -B 3 "shell|invoke.*shell|@tauri-apps.*shell" --type js

Length of output: 146

---

This will confirm whether the shell plugin is actually referenced in your Rust code.

---

🏁 Script executed:

#!/bin/bash
echo "Searching for shell plugin usage in Rust code..."
# Look for direct imports of the shell plugin
rg -n "use .*shell" --type rs
# Look for any references to the plugin namespace
rg -n "tauri_plugin_shell" --type rs
# Look for any invocation or initialization calls
rg -A3 -B3 "shell::" --type rs

Length of output: 287

---

🏁 Script executed:

#!/bin/bash
echo "Locating Cargo.toml files..."
find . -maxdepth 4 -type f -name Cargo.toml

echo
echo "Checking for tauri-plugin-shell in Cargo.toml dependencies..."
rg -n "tauri-plugin-shell" -g "*.toml"

echo
echo "Searching Rust source for plugin initialization or references..."
rg -n "tauri_plugin_shell" -g "*.rs"
rg -n "shell::init" -g "*.rs"
rg -n "plugin(" -g "*.rs" | grep shell || true

echo
echo "Searching front-end code for shell plugin invocations..."
rg -n "plugin:shell" -g "*.js" -g "*.ts" -g "*.tsx"

Length of output: 1014

---

Verify Shell Plugin Necessity and Usage

The Tauri Shell plugin is enabled in your configuration and initialized in the Rust backend, but we didn’t find any front-end invocations. Please confirm whether you actually need this plugin, and if so, ensure every call is properly validated to avoid command injection or unintended file/URL access.

• src-tauri/tauri.conf.json (lines 30–34): "plugins": { "shell": { "open": true } }
• src-tauri/Cargo.toml (line 15): tauri-plugin-shell = "2.0.0"
• src-tauri/src/main.rs (line 8): .plugin(tauri_plugin_shell::init())

If the shell plugin isn’t used, remove it to reduce your attack surface. Otherwise, audit all places where you call into the shell API and enforce strict input validation.

package.json (2)

26-27: LGTM! Standard Tauri script integration.

The script names follow Tauri conventions and integrate well with the existing build workflow. These scripts correspond to the build commands configured in tauri.conf.json.

---

25-25: Minor modification to prepare script looks correct.

The husky install preparation remains intact, which is good for maintaining git hooks functionality.

src-tauri/Cargo.toml (4)

1-8: Excellent version consistency across the project.

The package metadata properly matches the version (11.0.0) and project details from package.json and tauri.conf.json, ensuring consistency across the Tauri integration.

---

13-17: Standard and appropriate Tauri dependencies.

The dependency selection is correct for a basic Tauri v2 application:

• Core Tauri framework
• Shell plugin for system interactions
• Serde for JSON serialization (standard for Tauri apps)

---

19-21: Custom protocol feature is a good security practice.

Enabling the custom-protocol feature is recommended for production Tauri applications as it provides better security than the default localhost-based approach during development.

---

10-11:

✅ Verification successful

Verify Tauri build dependency version compatibility.

Let's ensure the tauri-build version is compatible with the runtime tauri dependency version (both should be from the same major.minor release).

---

🌐 Web query:

Are tauri-build 2.0.6 and tauri 2.0.6 compatible versions for Tauri v2 applications?

💡 Result:

Yes, tauri-build 2.0.6 and tauri 2.0.6 are compatible versions for Tauri v2 applications. The Tauri framework follows semantic versioning principles where the major version number is incremented for breaking changes, and minor or patch updates are backward compatible within the same major version. This means you should always be able to safely upgrade to the latest minor or patch versions without compatibility issues between related crates like tauri and tauri-build[2][8].

Specifically, at version 2.0.6, tauri and tauri-build are aligned as part of the Tauri 2.x stable release series, ensuring compatibility for building and running Tauri v2 applications[1][6]. It is recommended to keep the versions of the Tauri core crates (like tauri and tauri-build) in sync, generally using the exact same version number, to avoid any subtle incompatibilities[8].

Therefore, using tauri 2.0.6 together with tauri-build 2.0.6 is the correct approach for Tauri v2 apps.

Citations:

• 1: https://v2.tauri.app/blog/tauri-20/
• 2: https://v2.tauri.app/develop/configuration-files/
• 3: https://github.com/tauri-apps/tauri
• 4: tauri-apps/tauri#8813
• 5: https://v2.tauri.app/distribute/windows-installer/
• 6: https://tauri.app/release/@tauri-apps/cli/v2.0.0-alpha.6/
• 7: tauri-apps/tauri#9039
• 8: https://v2.tauri.app/develop/updating-dependencies/
• 9: tauri-apps/tauri#8563
• 10: https://v2.tauri.app/plugin/updater/

---

Tauri build dependency version compatibility confirmed

The tauri-build entry in src-tauri/Cargo.toml is already at version 2.0.6, matching the runtime tauri = "2.0.6" release. Since Tauri follows semantic versioning within the 2.x series, these versions are fully compatible—no changes needed.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Request new review

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (1)

src-tauri/tauri.conf.json (1)

30-31: Icon bundle configuration is incomplete for macOS and Windows.

The icon array (line 31) only includes the PNG for Linux. Tauri v2 bundle targets declared on line 30 include dmg (macOS) and nsis (Windows), which require:

• macOS (dmg): bf_icon.icns
• Windows (nsis): bf_icon.ico

Without these, the build will fail or produce warnings on those platforms. Run yarn tauri icon to generate missing formats from the existing PNG, then update line 31 to include all generated files.

-    "icon": ["icons/bf_icon_128.png"]
+    "icon": ["icons/bf_icon_128.png", "icons/bf_icon.icns", "icons/bf_icon.ico"]

(Ensure the generated .icns and .ico files exist in src-tauri/icons/ first.)

🧹 Nitpick comments (2)

.github/workflows/ci.yml (1)

78-87: Add Rust target caching to avoid redundant builds.

The tauri-linux-preview job rebuilds the entire Rust target directory on every run, which can be slow. Add a Rust cache step using swatinem/rust-cache@v2 after the toolchain installation to significantly reduce build times.

       - name: Install Rust
         uses: dtolnay/rust-toolchain@stable

+      - name: Cache Rust
+        uses: swatinem/rust-cache@v2
+        with:
+          workingDirectory: src-tauri
+
       - name: Build web assets (Vite)

src-tauri/tauri.conf.json (1)

34-36: Consider restricting shell open to trusted URL patterns.

Line 35 sets "open": true, which broadly permits opening any URL. For better security posture, restrict this to a regex allowlist (e.g., only https URLs or a specific domain allowlist) to reduce attack surface.

   "plugins": {
     "shell": {
-      "open": true
+      "open": "^https://\\w.+"
     }
   }

(Adjust the regex to match your application's URL scheme and security requirements.)

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between beaa32d and f29dc9e.

📒 Files selected for processing (2)

• .github/workflows/ci.yml (1 hunks)
• src-tauri/tauri.conf.json (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Tauri Linux preview (deb/appimage)

🔇 Additional comments (2)

.github/workflows/ci.yml (2)

78-79: ✓ Critical issue resolved: Rust toolchain now properly installed.

The explicit Rust toolchain setup is now present using dtolnay/rust-toolchain@stable, which addresses the critical issue flagged in the previous review. The placement after Linux dependencies and before the Tauri build step is correct.

---

85-87: No issues found—script is correctly defined.

The verification confirms that tauri:build is properly defined in package.json as "tauri:build": "tauri build", matching the reference in the CI workflow at line 87.

[haslinghuis]

First linux debian artifact: https://github.com/betaflight/betaflight-configurator/actions/runs/18810125440/artifacts/4372439098

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (3)

.github/workflows/ci.yml (3)

81-101: Consider adding Rust cache to speed up Cargo builds.

The tauri-linux-preview job installs Rust but lacks caching for the Cargo build artifacts. Subsequent runs will recompile dependencies, making builds slower. Add a Rust cache step after the toolchain setup to improve CI performance on repeated builds.

      - name: Install Rust
        uses: dtolnay/rust-toolchain@stable

+      - name: Cache Rust build artifacts
+        uses: swatinem/rust-cache@v2
+        with:
+          workspaces: src-tauri

       - name: Build web assets (Vite)

---

48-48: Align artifact retention days across jobs.

Artifact retention varies: web-dist (14 days), linux-installers (14 days), and linux-bundle-raw (7 days). Consider aligning retention policies for consistency unless the shorter retention for raw bundles is intentional (e.g., fallback-only, lower priority).

Also applies to: 111-111, 120-120

---

142-156: Consider alternative to Docker image tar export for CI artifacts.

Exporting Docker images to tar and uploading them as artifacts can result in very large files (hundreds of MB–GB depending on the image). If the goal is to enable downstream consumption of the built image, consider using a container registry (GitHub Container Registry, DockerHub, etc.) instead, which avoids large artifact uploads and integrates better with container ecosystems.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f29dc9e and b3f3259.

📒 Files selected for processing (1)

• .github/workflows/ci.yml (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Tauri Linux preview (deb/appimage)

🔇 Additional comments (1)

.github/workflows/ci.yml (1)

50-54: Clarify the intent of PR-only gating for Tauri builds.

The tauri-linux-preview job is conditioned to run only on pull_request events (line 54), but the workflow also triggers on push to the tauri branch (line 7). This means Tauri builds won't execute on direct pushes to the branch — only on PRs. Verify this is intentional (e.g., preview-only during development) or consider adjusting the condition.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

.github/workflows/ci.yml (2)

81-93: Add Rust build cache to optimize rebuild times.

The Rust toolchain is correctly installed (line 81-82), but the job lacks a Rust build cache. Since Tauri builds can be time-consuming, caching the Cargo target directory will significantly speed up subsequent runs. This is a recommended optimization for CI efficiency.

Add a Rust cache step after the Rust toolchain installation:

       - name: Install Rust
         uses: dtolnay/rust-toolchain@stable

+      - name: Cache Rust (Cargo)
+        uses: swatinem/rust-cache@v2
+        with:
+          workspaces: src-tauri
+
       - name: Build web assets (Vite)

This will cache Cargo's target directory for the src-tauri workspace, significantly reducing build times on repeated runs.

---

87-102: Narrow the AppImage artifact glob pattern to prevent unintended matches.

The tauri-action@v0 configuration (lines 87-102) is correct—tauriScript: yarn tauri and includeUpdaterJson: false are valid, supported options. Tauri produces deb files at src-tauri/target/release/bundle/deb/ and AppImage files at src-tauri/target/release/bundle/appimage/.

The glob pattern src-tauri/target/release/bundle/**/*.deb correctly matches deb output. However, **/*.AppImage is overly broad and could match AppImage files anywhere in the repository. Change it to src-tauri/target/release/bundle/**/*.AppImage (or the more specific src-tauri/target/release/bundle/appimage/*.AppImage) for consistency and to avoid unintended matches.

The debug inspection at lines 95–101 is helpful for verification.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b3f3259 and 1647074.

📒 Files selected for processing (2)

• .github/workflows/artifact-links.yml (1 hunks)
• .github/workflows/ci.yml (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Tauri Linux preview (deb/appimage)

🔇 Additional comments (5)

.github/workflows/artifact-links.yml (1)

1-20: Trigger alignment is correct.

Aligning the artifact-links workflow to trigger on CI workflow completion (rather than direct PR events) ensures artifact links are posted after all conditional build jobs finish, including the new tauri-linux-preview and docker-build steps.

.github/workflows/ci.yml (4)

3-14: Workflow triggers and inputs are well-configured.

The setup correctly routes pull requests and push events on the tauri branch, and the optional workflow_call input with a safe default (false) enables reusable workflow patterns for Docker builds without inadvertently triggering extra jobs.

---

17-48: Node CI job is well-structured and follows best practices.

The streamlined job structure (checkout → setup → install → lint → test → build → upload) is clearer than a multi-platform matrix. Frozen lockfile at line 31 prevents dependency drift, and the 14-day artifact retention balances storage costs with debugging needs.

---

68-79: Linux dependencies are comprehensive and well-chosen.

The dependency list (pkg-config, libgtk-3-dev, libwebkit2gtk-4.1-dev, libayatana-appindicator3-dev, librsvg2-dev, libudev-dev, libssl-dev, patchelf) covers the core requirements for Tauri on Linux, including additions like libudev-dev and libssl-dev for serial/USB and SSL support respectively.

---

113-147: Docker build job is well-designed with safe conditionals.

The job correctly gates Docker builds to reusable workflow calls with the run_docker_build flag (line 118), and the Dockerfile presence check (lines 127-131) with conditional step execution (lines 134, 138, 143) ensures graceful handling whether or not a Dockerfile exists. Artifact retention of 7 days is appropriate for Docker images.

[sonarqubecloud]

Quality Gate failed

Failed conditions
4 Security Hotspots

See analysis details on SonarQube Cloud

[github-actions]

Preview URL: https://pr4379.betaflight-app-preview.pages.dev