fix(ci): comprehensive CI fixes for self-hosted runner

[Coldaine]

Summary

Comprehensive fixes based on detailed CI analysis:

Fixes

1. XAUTHORITY for X11 auth - Runner service needs auth to connect to live KDE session
2. Better validation diagnostics - Shows DISPLAY, XAUTHORITY, WAYLAND_DISPLAY status
3. Remove stale Xvfb/fluxbox cleanup - No longer used
4. Remove Xvfb from action.yml - Live session doesn't need virtual display
5. Skip Moonshine E2E on GitHub-hosted - 4GB+ PyTorch deps exhaust disk (runs on self-hosted instead)
6. Add mold + CARGO_INCREMENTAL - Faster builds on self-hosted

🤖 Generated with Claude Code

[chatgpt-codex-connector]

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.

[qodo-code-review]

ⓘ Your approaching your monthly quota for Qodo. Upgrade your plan

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
⚪	Live X11 session access Description: Setting DISPLAY to the live KDE session (:0) allows CI steps to interact with the real X11 desktop (e.g., capture screenshots/clipboard, synthesize input, read window contents), which can expose sensitive on-runner data if untrusted workflow code can execute on this self-hosted runner. ci.yml [235-236] Referred Code # Runner's live KDE session uses :0 (not :99 which was for Xvfb) DISPLAY: ":0"
Ticket Compliance
⚪	🎫 No ticket provided Create ticket/issue
Codebase Duplication Compliance
⚪	Codebase context is not defined Follow the guide to enable codebase context checks.
Custom Compliance
🟢	Generic: Comprehensive Audit Trails Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Meaningful Naming and Self-Documenting Code Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Robust Error Handling and Edge Case Management Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Error Handling Objective: To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Logging Practices Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Security-First Input Validation and Data Handling Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
Update

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

[qodo-free-for-open-source-projects]

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
🟢	No security concerns identified No security vulnerabilities detected by AI analysis. Human verification advised for critical code.
Ticket Compliance
⚪	🎫 No ticket provided Create ticket/issue
Codebase Duplication Compliance
⚪	Codebase context is not defined Follow the guide to enable codebase context checks.
Custom Compliance
🟢	Generic: Comprehensive Audit Trails Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Meaningful Naming and Self-Documenting Code Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Robust Error Handling and Edge Case Management Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Error Handling Objective: To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Logging Practices Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Security-First Input Validation and Data Handling Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities Status: Passed Learn more about managing compliance generic rules or creating your own custom rules

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

[qodo-free-for-open-source-projects]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
Possible issue	Explicitly install required GUI dependencies Add a dedicated step to install GUI testing dependencies like xclip and xdotool, as their installation was removed with the xvfb-action, to make the CI pipeline more reliable. .github/workflows/ci.yml [274-281] - name: Setup ColdVox uses: ./.github/actions/setup-coldvox + +- name: Install GUI testing dependencies + run: sudo dnf install -y xclip xdotool at-spi2-core liberation-sans-fonts - name: Setup D-Bus Session run: | set -euo pipefail eval "$(dbus-run-session --sh-syntax)" echo "D-Bus session started." [To ensure code accuracy, apply this suggestion manually] Suggestion importance[1-10]: 7 __ Why: The suggestion correctly identifies that necessary dependencies were removed along with the xvfb-action. Explicitly installing these dependencies makes the CI workflow more robust and less reliant on the specific configuration of the self-hosted runner.	Medium
Update

[qodo-code-review]

ⓘ Your approaching your monthly quota for Qodo. Upgrade your plan

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
Possible issue	Re-add missing GUI test dependencies Re-add a step to install GUI test dependencies like xclip and xdotool. These were removed along with the Xvfb action and are likely still required, so restoring their installation ensures the workflow is self-contained. .github/workflows/ci.yml [275-277] uses: ./.github/actions/setup-coldvox + + - name: Install GUI test dependencies + run: sudo dnf install -y xclip xdotool at-spi2-core liberation-sans-fonts - name: Setup D-Bus Session [To ensure code accuracy, apply this suggestion manually] Suggestion importance[1-10]: 9 __ Why: This suggestion correctly identifies that critical GUI dependencies were removed along with the Xvfb step, and re-adding their installation is crucial for the workflow's reliability and to prevent potential test failures.	High
More

[Copilot]

Pull request overview

This PR migrates the CI workflow from using Xvfb (virtual X server on display :99) to using the runner's live KDE session (display :0) for hardware integration tests.

Key Changes:

• Updated DISPLAY environment variable from :99 to :0 to target the live KDE session
• Removed the "Start Xvfb" step that installed system dependencies and started the virtual X server
• Added clarifying comment explaining the runner uses a live KDE session instead of Xvfb

[kiloconnect]

✅ No Issues Found

2 files reviewed | Confidence: 95% | Recommendation: Merge

Review Details

Files: .github/actions/setup-coldvox/action.yml, .github/workflows/ci.yml

Changes Reviewed:

• Removed Xvfb/openbox dependencies from self-hosted runner (now uses live KDE session at DISPLAY=:0)
• Added XAUTHORITY setup for XWayland access with proper fallback and validation
• Added build optimizations: CARGO_INCREMENTAL + mold linker for faster builds
• Enhanced environment diagnostics (DISPLAY, XAUTHORITY, WAYLAND_DISPLAY status)
• Moved Moonshine E2E tests to self-hosted runner (disk space constraints on hosted)
• Removed stale Xvfb/fluxbox cleanup from background process handling

Quality Check:
✅ No security issues found
✅ Proper error handling and validation with informative diagnostics
✅ Good logging and diagnostics for troubleshooting
✅ No breaking changes to existing workflows
✅ Aligns with project CI architecture (self-hosted vs hosted split)
✅ Dependencies properly verified via setup-coldvox action
✅ GUI testing dependencies (xdotool, xclip, ydotool) still required and validated

Additional Notes:
The transition from Xvfb to live KDE session is well-implemented with proper X11 authentication via XAUTHORITY. The split between GitHub-hosted (no Moonshine due to disk limits) and self-hosted (full testing) runners is appropriate given the constraints.