Merge 4d83d02a8f into bbc69f945e

Update release.yml
2026-03-22 11:04:18 +03:00 · 2026-03-22 11:04:09 +03:00 · 2026-03-22 10:36:54 +03:00 · 2026-03-22 10:28:06 +03:00 · 2026-03-22 00:27:16 +03:00 · 2026-03-22 00:18:54 +03:00
5 changed files with 293 additions and 278 deletions
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -4,7 +4,6 @@ on:
  push:
    tags:
      - '[0-9]+.[0-9]+.[0-9]+'
      - '[0-9]+.[0-9]+.[0-9]+-*'
  workflow_dispatch:
 concurrency:
@ -13,341 +12,274 @@ concurrency:
 permissions:
  contents: read
  packages: write
 env:
  CARGO_TERM_COLOR: always
  RUST_BACKTRACE: "1"
  BINARY_NAME: telemt
 jobs:
-  prepare:
+# ==========================
-    name: Prepare metadata
+# GNU / glibc
 # ==========================
  build-gnu:
    name: GNU ${{ matrix.target }}
    runs-on: ubuntu-latest
    outputs:
      version: ${{ steps.meta.outputs.version }}
      prerelease: ${{ steps.meta.outputs.prerelease }}
      release_enabled: ${{ steps.meta.outputs.release_enabled }}
    steps:
      - name: Derive version
        id: meta
        shell: bash
        run: |
          set -euo pipefail
          if [[ "${GITHUB_REF}" == refs/tags/* ]]; then
            VERSION="${GITHUB_REF#refs/tags/}"
            RELEASE_ENABLED=true
          else
            VERSION="manual-${GITHUB_SHA::7}"
            RELEASE_ENABLED=false
          fi
          if [[ "$VERSION" == *"-alpha"* || "$VERSION" == *"-beta"* || "$VERSION" == *"-rc"* ]]; then
            PRERELEASE=true
          else
            PRERELEASE=false
          fi
          echo "version=$VERSION" >> "$GITHUB_OUTPUT"
          echo "prerelease=$PRERELEASE" >> "$GITHUB_OUTPUT"
          echo "release_enabled=$RELEASE_ENABLED" >> "$GITHUB_OUTPUT"
  checks:
    name: Checks
    runs-on: ubuntu-latest
    container:
      image: debian:trixie
    steps:
      - name: Install system dependencies
        shell: bash
        run: |
          set -euo pipefail
          apt-get update
          apt-get install -y --no-install-recommends \
            ca-certificates \
            curl \
            git \
            build-essential \
            pkg-config \
            clang \
            llvm \
            python3 \
            python3-pip
          update-ca-certificates
      - uses: actions/checkout@v4
      - uses: dtolnay/rust-toolchain@stable
        with:
          components: rustfmt, clippy
      - name: Cache cargo
        uses: actions/cache@v4
        with:
          path: |
            /github/home/.cargo/registry
            /github/home/.cargo/git
            target
          key: checks-${{ runner.os }}-${{ hashFiles('**/Cargo.lock') }}
          restore-keys: |
            checks-${{ runner.os }}-
      - name: Cargo fetch
        shell: bash
        run: cargo fetch --locked
      - name: Format
        shell: bash
        run: cargo fmt --all -- --check
      - name: Clippy
        shell: bash
        run: |
             cargo clippy
      - name: Tests
        shell: bash
        run: cargo test
  build-binaries:
    name: Build ${{ matrix.asset_name }}
    needs: [prepare, checks]
    runs-on: ubuntu-latest
    container:
      image: debian:trixie
    strategy:
      fail-fast: false
      matrix:
        include:
-          - rust_target: x86_64-unknown-linux-gnu
+          - target: x86_64-unknown-linux-gnu
-            zig_target: x86_64-unknown-linux-gnu.2.28
+            asset: telemt-x86_64-linux-gnu
-            asset_name: telemt-x86_64-linux-gnu
+          - target: aarch64-unknown-linux-gnu
-          - rust_target: aarch64-unknown-linux-gnu
+            asset: telemt-aarch64-linux-gnu
            zig_target: aarch64-unknown-linux-gnu.2.28
            asset_name: telemt-aarch64-linux-gnu
          - rust_target: x86_64-unknown-linux-musl
            zig_target: x86_64-unknown-linux-musl
            asset_name: telemt-x86_64-linux-musl
          - rust_target: aarch64-unknown-linux-musl
            zig_target: aarch64-unknown-linux-musl
            asset_name: telemt-aarch64-linux-musl
    steps:
      - name: Install system dependencies
        shell: bash
        run: |
          set -euo pipefail
          apt-get update
          apt-get install -y --no-install-recommends \
            ca-certificates \
            curl \
            git \
            build-essential \
            pkg-config \
            clang \
            llvm \
            file \
            tar \
            xz-utils \
            python3 \
            python3-pip
          update-ca-certificates
      - uses: actions/checkout@v4
-      - uses: dtolnay/rust-toolchain@stable
+      - uses: dtolnay/rust-toolchain@v1
        with:
-          targets: ${{ matrix.rust_target }}
+          toolchain: stable
          targets: |
            x86_64-unknown-linux-gnu
            aarch64-unknown-linux-gnu
-      - name: Cache cargo
+      - name: Install deps
-        uses: actions/cache@v4
+        run: |
          sudo apt-get update
          sudo apt-get install -y \
            build-essential \
            clang \
            lld \
            pkg-config \
            gcc-aarch64-linux-gnu \
            g++-aarch64-linux-gnu
      - uses: actions/cache@v4
        with:
          path: |
-            /github/home/.cargo/registry
+            ~/.cargo/registry
-            /github/home/.cargo/git
+            ~/.cargo/git
            target
-          key: build-${{ matrix.zig_target }}-${{ hashFiles('**/Cargo.lock') }}
+          key: gnu-${{ matrix.target }}-${{ hashFiles('**/Cargo.lock') }}
          restore-keys: |
            build-${{ matrix.zig_target }}-
-      - name: Install cargo-zigbuild + Zig
+      - name: Build
        shell: bash
        run: |
-          set -euo pipefail
+          if [ "${{ matrix.target }}" = "aarch64-unknown-linux-gnu" ]; then
-          python3 -m pip install --user --break-system-packages cargo-zigbuild
+            export CC=aarch64-linux-gnu-gcc
-          echo "/github/home/.local/bin" >> "$GITHUB_PATH"
+            export CXX=aarch64-linux-gnu-g++
            export CC_aarch64_unknown_linux_gnu=aarch64-linux-gnu-gcc
            export CXX_aarch64_unknown_linux_gnu=aarch64-linux-gnu-g++
            export RUSTFLAGS="-C linker=aarch64-linux-gnu-gcc"
          else
            export CC=clang
            export CXX=clang++
            export CC_x86_64_unknown_linux_gnu=clang
            export CXX_x86_64_unknown_linux_gnu=clang++
            export RUSTFLAGS="-C linker=clang -C link-arg=-fuse-ld=lld"
          fi
-      - name: Cargo fetch
+          cargo build --release --target ${{ matrix.target }}
        shell: bash
        run: cargo fetch --locked
      - name: Build release
        shell: bash
        env:
          CARGO_PROFILE_RELEASE_LTO: "fat"
          CARGO_PROFILE_RELEASE_CODEGEN_UNITS: "1"
          CARGO_PROFILE_RELEASE_PANIC: "abort"
        run: |
          set -euo pipefail
          cargo zigbuild --release --locked --target "${{ matrix.zig_target }}"
      - name: Strip binary
        shell: bash
        run: |
          set -euo pipefail
          llvm-strip "target/${{ matrix.zig_target }}/release/${BINARY_NAME}" || true
      - name: Inspect binary
        shell: bash
        run: |
          set -euo pipefail
          file "target/${{ matrix.zig_target }}/release/${BINARY_NAME}"
      - name: Package
        shell: bash
        run: |
          set -euo pipefail
          OUTDIR="$RUNNER_TEMP/pkg/${{ matrix.asset_name }}"
          mkdir -p "$OUTDIR"
          install -m 0755 "target/${{ matrix.zig_target }}/release/${BINARY_NAME}" "$OUTDIR/${BINARY_NAME}"
          if [[ -f LICENSE ]]; then cp LICENSE "$OUTDIR/"; fi
          if [[ -f README.md ]]; then cp README.md "$OUTDIR/"; fi
          cat > "$OUTDIR/BUILD-INFO.txt" <<EOF
          project=${GITHUB_REPOSITORY}
          version=${{ needs.prepare.outputs.version }}
          git_ref=${GITHUB_REF}
          git_sha=${GITHUB_SHA}
          rust_target=${{ matrix.rust_target }}
          zig_target=${{ matrix.zig_target }}
          built_at=$(date -u +%Y-%m-%dT%H:%M:%SZ)
          EOF
          mkdir -p dist
-          tar -C "$RUNNER_TEMP/pkg" -czf "dist/${{ matrix.asset_name }}.tar.gz" "${{ matrix.asset_name }}"
+          BIN=target/${{ matrix.target }}/release/${{ env.BINARY_NAME }}
-          sha256sum "dist/${{ matrix.asset_name }}.tar.gz" > "dist/${{ matrix.asset_name }}.sha256"
+
          cp "$BIN" dist/${{ env.BINARY_NAME }}-${{ matrix.target }}
          cd dist
          tar -czf ${{ matrix.asset }}.tar.gz ${{ env.BINARY_NAME }}-${{ matrix.target }}
          sha256sum ${{ matrix.asset }}.tar.gz > ${{ matrix.asset }}.sha256
      - uses: actions/upload-artifact@v4
        with:
-          name: ${{ matrix.asset_name }}
+          name: ${{ matrix.asset }}
          path: |
-            dist/${{ matrix.asset_name }}.tar.gz
+            dist/${{ matrix.asset }}.tar.gz
-            dist/${{ matrix.asset_name }}.sha256
+            dist/${{ matrix.asset }}.sha256
          if-no-files-found: error
          retention-days: 14
-  attest-binaries:
+# ==========================
-    name: Attest binary archives
+# MUSL
-    needs: build-binaries
+# ==========================
  build-musl:
    name: MUSL ${{ matrix.target }}
    runs-on: ubuntu-latest
    permissions:
      contents: read
      attestations: write
      id-token: write
    steps:
      - uses: actions/download-artifact@v4
        with:
          path: dist
-      - name: Flatten artifacts
+    container:
-        shell: bash
+      image: rust:slim-bookworm
        run: |
          set -euo pipefail
          mkdir -p upload
          find dist -type f \( -name '*.tar.gz' -o -name '*.sha256' \) -exec cp {} upload/ \;
          ls -lah upload
-      - name: Attest release archives
+    strategy:
-        uses: actions/attest-build-provenance@v3
+      fail-fast: false
-        with:
+      matrix:
-          subject-path: 'upload/*.tar.gz'
+        include:
-
+          - target: x86_64-unknown-linux-musl
-  docker-image:
+            asset: telemt-x86_64-linux-musl
-    name: Build and push GHCR image
+          - target: aarch64-unknown-linux-musl
-    needs: [prepare, checks]
+            asset: telemt-aarch64-linux-musl
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write
    steps:
      - uses: actions/checkout@v4
-      - name: Set up QEMU
+      - name: Install deps
-        uses: docker/setup-qemu-action@v3
+        run: |
          apt-get update
          apt-get install -y \
            musl-tools \
            pkg-config \
            curl
-      - name: Set up Buildx
+      - uses: actions/cache@v4
-        uses: docker/setup-buildx-action@v3
+        if: matrix.target == 'aarch64-unknown-linux-musl'
        with:
          path: ~/.musl-aarch64
          key: musl-toolchain-aarch64-v1
      - name: Install aarch64 musl toolchain
        if: matrix.target == 'aarch64-unknown-linux-musl'
        run: |
          set -e
          TOOLCHAIN_DIR="$HOME/.musl-aarch64"
          ARCHIVE="aarch64-linux-musl-cross.tgz"
          URL="https://github.com/telemt/telemt/releases/download/toolchains/$ARCHIVE"
          if [ -x "$TOOLCHAIN_DIR/bin/aarch64-linux-musl-gcc" ]; then
            echo "✅ MUSL toolchain already installed"
          else
            echo "⬇️ Downloading musl toolchain from Telemt GitHub Releases..."
            curl -fL \
              --retry 5 \
              --retry-delay 3 \
              --connect-timeout 10 \
              --max-time 120 \
              -o "$ARCHIVE" "$URL"
            mkdir -p "$TOOLCHAIN_DIR"
            tar -xzf "$ARCHIVE" --strip-components=1 -C "$TOOLCHAIN_DIR"
          fi
          echo "$TOOLCHAIN_DIR/bin" >> $GITHUB_PATH
      - name: Add rust target
        run: rustup target add ${{ matrix.target }}
      - uses: actions/cache@v4
        with:
          path: |
            /usr/local/cargo/registry
            /usr/local/cargo/git
            target
          key: musl-${{ matrix.target }}-${{ hashFiles('**/Cargo.lock') }}
      - name: Build
        run: |
          if [ "${{ matrix.target }}" = "aarch64-unknown-linux-musl" ]; then
            export CC=aarch64-linux-musl-gcc
            export CC_aarch64_unknown_linux_musl=aarch64-linux-musl-gcc
            export RUSTFLAGS="-C target-feature=+crt-static -C linker=aarch64-linux-musl-gcc"
          else
            export CC=musl-gcc
            export CC_x86_64_unknown_linux_musl=musl-gcc
            export RUSTFLAGS="-C target-feature=+crt-static"
          fi
          cargo build --release --target ${{ matrix.target }}
      - name: Package
        run: |
          mkdir -p dist
          BIN=target/${{ matrix.target }}/release/${{ env.BINARY_NAME }}
          cp "$BIN" dist/${{ env.BINARY_NAME }}-${{ matrix.target }}
          cd dist
          tar -czf ${{ matrix.asset }}.tar.gz ${{ env.BINARY_NAME }}-${{ matrix.target }}
          sha256sum ${{ matrix.asset }}.tar.gz > ${{ matrix.asset }}.sha256
      - uses: actions/upload-artifact@v4
        with:
          name: ${{ matrix.asset }}
          path: |
            dist/${{ matrix.asset }}.tar.gz
            dist/${{ matrix.asset }}.sha256
 # ==========================
 # Docker
 # ==========================
  docker:
    name: Docker
    runs-on: ubuntu-latest
    needs: [build-gnu, build-musl]
    continue-on-error: true
    steps:
      - uses: actions/checkout@v4
      - uses: actions/download-artifact@v4
        with:
          path: artifacts
      - name: Extract binaries
        run: |
          mkdir dist
          find artifacts -name "*.tar.gz" -exec tar -xzf {} -C dist \;
          cp dist/telemt-x86_64-unknown-linux-musl dist/telemt || true
      - uses: docker/setup-qemu-action@v3
      - uses: docker/setup-buildx-action@v3
      - name: Login to GHCR
        if: ${{ needs.prepare.outputs.release_enabled == 'true' }}
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
-      - name: Docker metadata
+      - name: Extract version
-        id: meta
+        id: vars
-        uses: docker/metadata-action@v5
+        run: echo "VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT
        with:
          images: ghcr.io/${{ github.repository }}
          tags: |
            type=raw,value=${{ needs.prepare.outputs.version }}
            type=raw,value=latest,enable=${{ needs.prepare.outputs.prerelease != 'true' && needs.prepare.outputs.release_enabled == 'true' }}
          labels: |
            org.opencontainers.image.title=telemt
            org.opencontainers.image.description=telemt
            org.opencontainers.image.source=https://github.com/${{ github.repository }}
            org.opencontainers.image.version=${{ needs.prepare.outputs.version }}
            org.opencontainers.image.revision=${{ github.sha }}
-      - name: Build and push
+      - name: Build & Push
        id: build
        uses: docker/build-push-action@v6
        with:
          context: .
-          file: ./Dockerfile
+          push: true
          platforms: linux/amd64,linux/arm64
-          push: ${{ needs.prepare.outputs.release_enabled == 'true' }}
+          tags: |
-          tags: ${{ steps.meta.outputs.tags }}
+            ghcr.io/${{ github.repository }}:${{ steps.vars.outputs.VERSION }}
-          labels: ${{ steps.meta.outputs.labels }}
+            ghcr.io/${{ github.repository }}:latest
          cache-from: type=gha
          cache-to: type=gha,mode=max
          provenance: mode=max
          sbom: true
          build-args: |
-            TELEMT_VERSION=${{ needs.prepare.outputs.version }}
+            BINARY=dist/telemt
            VCS_REF=${{ github.sha }}
 # ==========================
 # Release
 # ==========================
  release:
-    name: Create GitHub Release
+    name: Release
    if: ${{ needs.prepare.outputs.release_enabled == 'true' }}
    needs: [prepare, build-binaries, attest-binaries, docker-image]
    runs-on: ubuntu-latest
    needs: [build-gnu, build-musl]
    permissions:
      contents: write
    steps:
      - uses: actions/download-artifact@v4
        with:
-          path: release-artifacts
+          path: artifacts
      - name: Flatten artifacts
        shell: bash
        run: |
-          set -euo pipefail
+          mkdir dist
-          mkdir -p upload
+          find artifacts -type f -exec cp {} dist/ \;
          find release-artifacts -type f \( -name '*.tar.gz' -o -name '*.sha256' \) -exec cp {} upload/ \;
          ls -lah upload
-      - name: Create release
+      - name: Create Release
        uses: softprops/action-gh-release@v2
        with:
-          files: upload/*
+          files: dist/*
          generate_release_notes: true
          draft: false
-          prerelease: ${{ needs.prepare.outputs.prerelease == 'true' }}
+          prerelease: ${{ contains(github.ref, '-rc') || contains(github.ref, '-beta') || contains(github.ref, '-alpha') }}
--- a/65
+++ b/65
@ -1,3 +1,5 @@
 # syntax=docker/dockerfile:1
 # ==========================
 # Stage 1: Build
 # ==========================
@ -5,36 +7,87 @@ FROM rust:1.88-slim-bookworm AS builder
 RUN apt-get update && apt-get install -y --no-install-recommends \
    pkg-config \
    ca-certificates \
    && rm -rf /var/lib/apt/lists/*
 WORKDIR /build
 # Depcache
 COPY Cargo.toml Cargo.lock* ./
 RUN mkdir src && echo 'fn main() {}' > src/main.rs && \
    cargo build --release 2>/dev/null || true && \
    rm -rf src
 # Build
 COPY . .
 RUN cargo build --release && strip target/release/telemt
 # ==========================
-# Stage 2: Runtime
+# Stage 2: Compress (strip + UPX)
 # ==========================
-FROM debian:bookworm-slim
+FROM debian:12-slim AS minimal
 RUN apt-get update && apt-get install -y --no-install-recommends \
    upx \
    binutils \
    && rm -rf /var/lib/apt/lists/*
 COPY --from=builder /build/target/release/telemt /telemt
 RUN strip /telemt || true
 RUN upx --best --lzma /telemt || true
 # ==========================
 # Stage 3: Debug base
 # ==========================
 FROM debian:12-slim AS debug-base
 RUN apt-get update && apt-get install -y --no-install-recommends \
    ca-certificates \
    tzdata \
    curl \
    iproute2 \
    busybox \
    && rm -rf /var/lib/apt/lists/*
-RUN useradd -r -s /usr/sbin/nologin telemt
+# ==========================
 # Stage 4: Debug image
 # ==========================
 FROM debug-base AS debug
 WORKDIR /app
-COPY --from=builder /build/target/release/telemt /app/telemt
+COPY --from=minimal /telemt /app/telemt
 COPY config.toml /app/config.toml
-RUN chown -R telemt:telemt /app
+USER root
-USER telemt
+
 EXPOSE 443
 EXPOSE 9090
 EXPOSE 9091
 ENTRYPOINT ["/app/telemt"]
 CMD ["config.toml"]
 # ==========================
 # Stage 5: Production (distroless)
 # ==========================
 FROM gcr.io/distroless/base-debian12 AS prod
 WORKDIR /app
 COPY --from=minimal /telemt /app/telemt
 COPY config.toml /app/config.toml
 # TLS + timezone + shell
 COPY --from=debug-base /etc/ssl/certs /etc/ssl/certs
 COPY --from=debug-base /usr/share/zoneinfo /usr/share/zoneinfo
 COPY --from=debug-base /bin/busybox /bin/busybox
 RUN ["/bin/busybox", "--install", "-s", "/bin"]
 # distroless user
 USER nonroot:nonroot
 EXPOSE 443
 EXPOSE 9090
--- a/src/config/load.rs
+++ b/src/config/load.rs
@ -346,6 +346,12 @@ impl ProxyConfig {
            ));
        }
        if config.timeouts.tg_connect == 0 {
            return Err(ProxyError::Config(
                "timeouts.tg_connect must be > 0".to_string(),
            ));
        }
        if config.general.upstream_unhealthy_fail_threshold == 0 {
            return Err(ProxyError::Config(
                "general.upstream_unhealthy_fail_threshold must be > 0".to_string(),
@ -1625,6 +1631,26 @@ mod tests {
        let _ = std::fs::remove_file(path);
    }
    #[test]
    fn tg_connect_zero_is_rejected() {
        let toml = r#"
            [timeouts]
            tg_connect = 0
            [censorship]
            tls_domain = "example.com"
            [access.users]
            user = "00000000000000000000000000000000"
        "#;
        let dir = std::env::temp_dir();
        let path = dir.join("telemt_tg_connect_zero_test.toml");
        std::fs::write(&path, toml).unwrap();
        let err = ProxyConfig::load(&path).unwrap_err().to_string();
        assert!(err.contains("timeouts.tg_connect must be > 0"));
        let _ = std::fs::remove_file(path);
    }
    #[test]
    fn rpc_proxy_req_every_out_of_range_is_rejected() {
        let toml = r#"
--- a/src/maestro/mod.rs
+++ b/src/maestro/mod.rs
@ -191,6 +191,7 @@ pub async fn run() -> std::result::Result<(), Box<dyn std::error::Error>> {
        config.general.upstream_connect_retry_attempts,
        config.general.upstream_connect_retry_backoff_ms,
        config.general.upstream_connect_budget_ms,
        config.timeouts.tg_connect,
        config.general.upstream_unhealthy_fail_threshold,
        config.general.upstream_connect_failfast_hard_errors,
        stats.clone(),
--- a/src/transport/upstream.rs
+++ b/src/transport/upstream.rs
@ -34,8 +34,6 @@ const NUM_DCS: usize = 5;
 /// Timeout for individual DC ping attempt
 const DC_PING_TIMEOUT_SECS: u64 = 5;
 /// Timeout for direct TG DC TCP connect readiness.
 const DIRECT_CONNECT_TIMEOUT_SECS: u64 = 10;
 /// Interval between upstream health-check cycles.
 const HEALTH_CHECK_INTERVAL_SECS: u64 = 30;
 /// Timeout for a single health-check connect attempt.
@ -319,6 +317,8 @@ pub struct UpstreamManager {
    connect_retry_attempts: u32,
    connect_retry_backoff: Duration,
    connect_budget: Duration,
    /// Per-attempt TCP connect timeout to Telegram DC (`[timeouts] tg_connect`, seconds).
    tg_connect_timeout_secs: u64,
    unhealthy_fail_threshold: u32,
    connect_failfast_hard_errors: bool,
    no_upstreams_warn_epoch_ms: Arc<AtomicU64>,
@ -332,6 +332,7 @@ impl UpstreamManager {
        connect_retry_attempts: u32,
        connect_retry_backoff_ms: u64,
        connect_budget_ms: u64,
        tg_connect_timeout_secs: u64,
        unhealthy_fail_threshold: u32,
        connect_failfast_hard_errors: bool,
        stats: Arc<Stats>,
@ -347,6 +348,7 @@ impl UpstreamManager {
            connect_retry_attempts: connect_retry_attempts.max(1),
            connect_retry_backoff: Duration::from_millis(connect_retry_backoff_ms),
            connect_budget: Duration::from_millis(connect_budget_ms.max(1)),
            tg_connect_timeout_secs: tg_connect_timeout_secs.max(1),
            unhealthy_fail_threshold: unhealthy_fail_threshold.max(1),
            connect_failfast_hard_errors,
            no_upstreams_warn_epoch_ms: Arc::new(AtomicU64::new(0)),
@ -797,8 +799,8 @@ impl UpstreamManager {
                break;
            }
            let remaining_budget = self.connect_budget.saturating_sub(elapsed);
-            let attempt_timeout =
+            let attempt_timeout = Duration::from_secs(self.tg_connect_timeout_secs)
-                Duration::from_secs(DIRECT_CONNECT_TIMEOUT_SECS).min(remaining_budget);
+                .min(remaining_budget);
            if attempt_timeout.is_zero() {
                last_error = Some(ProxyError::ConnectionTimeout {
                    addr: target.to_string(),
@ -1901,6 +1903,7 @@ mod tests {
            1,
            100,
            1000,
            10,
            1,
            false,
            Arc::new(Stats::new()),
Author	SHA1	Message	Date
Roman Martynov	d0f02f59f8	Merge `4d83d02a8f` into `bbc69f945e`	2026-03-22 11:04:18 +03:00
Alexey	bbc69f945e	Update release.yml	2026-03-22 11:04:09 +03:00
Alexey	9de8b2f0bf	Update release.yml	2026-03-22 10:36:54 +03:00
Alexey	4e5b67bae8	Update release.yml	2026-03-22 10:28:06 +03:00
Alexey	73f218b62a	Update release.yml	2026-03-22 00:27:16 +03:00
Alexey	13ff3af1db	Update release.yml	2026-03-22 00:18:54 +03:00
Alexey	77f717e3d1	Merge pull request #534 from telemt/workflow Update release.yml	2026-03-22 00:16:11 +03:00
Alexey	db3e246390	Update release.yml	2026-03-22 00:15:56 +03:00
Alexey	b74ba38d40	Merge pull request #533 from telemt/workflow Workflow	2026-03-22 00:10:38 +03:00
Alexey	269fce839f	Update Dockerfile	2026-03-22 00:10:19 +03:00
Alexey	5a4072c964	Update release.yml	2026-03-22 00:08:16 +03:00
Alexey	a95678988a	Merge pull request #530 from telemt/workflow Update release.yml	2026-03-21 21:45:23 +03:00
Alexey	b17482ede3	Update release.yml	2026-03-21 21:45:01 +03:00
Alexey	e7a1d26e6e	Merge pull request #526 from telemt/workflow Update release.yml	2026-03-21 16:48:53 +03:00
Alexey	b91c6cb339	Update release.yml	2026-03-21 16:48:42 +03:00
sintanial	4d83d02a8f	Apply [timeouts] tg_connect to upstream DC TCP connect attempts Wire config.timeouts.tg_connect into UpstreamManager; per-attempt timeout uses the same .max(1) pattern as connect_budget_ms. Reject timeouts.tg_connect = 0 at config load (consistent with general.upstream_connect_budget_ms and related checks). Default when the key is omitted remains default_connect_timeout() via serde. Fixes telemt/telemt#439	2026-03-21 16:26:51 +03:00
sintanial	fea8bc63fd	Merge branch 'main' of https://github.com/telemt/telemt	2026-03-20 23:27:02 +03:00
sintanial	d8f7173f15	Merge branch 'main' of https://github.com/telemt/telemt	2026-03-01 15:18:47 +03:00
sintanial	b23d433e19	Merge branch 'main' of https://github.com/telemt/telemt	2026-03-01 13:48:59 +03:00