stability fixes for CI pipeline #1095
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: ["**"] | |
| pull_request: | |
| branches: ["**"] | |
| env: | |
| CARGO_TERM_COLOR: always | |
| RUSTFLAGS: "-D warnings" | |
| jobs: | |
| build: | |
| name: Build / ${{ matrix.os }} | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ubuntu-latest, macos-latest, windows-latest] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@stable | |
| - uses: Swatinem/rust-cache@v2 | |
| with: | |
| key: ci-${{ matrix.os }} | |
| - name: Install Tauri system deps (Linux) | |
| if: runner.os == 'Linux' | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y \ | |
| libwebkit2gtk-4.1-dev \ | |
| libgtk-3-dev \ | |
| libayatana-appindicator3-dev \ | |
| librsvg2-dev \ | |
| patchelf | |
| - run: cargo check --workspace | |
| test: | |
| name: Test / ${{ matrix.os }} | |
| runs-on: ${{ matrix.os }} | |
| timeout-minutes: 60 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ubuntu-latest, macos-latest, windows-latest] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@stable | |
| - uses: Swatinem/rust-cache@v2 | |
| with: | |
| key: ci-${{ matrix.os }} | |
| - name: Install Tauri system deps (Linux) | |
| if: runner.os == 'Linux' | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y \ | |
| libwebkit2gtk-4.1-dev \ | |
| libgtk-3-dev \ | |
| libayatana-appindicator3-dev \ | |
| librsvg2-dev \ | |
| patchelf | |
| # Tests that need a display (Tauri) are skipped in headless CI via cfg | |
| # Run unit tests only in CI (skip integration tests in tests/ directory) | |
| - run: cargo test --workspace --lib -- --test-threads=2 | |
| clippy: | |
| name: Clippy | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@stable | |
| with: | |
| components: clippy | |
| - uses: Swatinem/rust-cache@v2 | |
| with: | |
| key: ci-ubuntu-latest | |
| - name: Install Tauri system deps | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y \ | |
| libwebkit2gtk-4.1-dev \ | |
| libgtk-3-dev \ | |
| libayatana-appindicator3-dev \ | |
| librsvg2-dev \ | |
| patchelf | |
| - run: cargo clippy --workspace -- -D warnings | |
| fmt: | |
| name: Format | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@stable | |
| with: | |
| components: rustfmt | |
| - uses: Swatinem/rust-cache@v2 | |
| with: | |
| key: ci-ubuntu-latest | |
| - run: cargo fmt --check | |
| audit: | |
| name: Security Audit | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@stable | |
| - uses: Swatinem/rust-cache@v2 | |
| with: | |
| key: ci-ubuntu-latest | |
| - name: Install cargo-audit | |
| run: cargo install cargo-audit --locked | |
| - run: cargo audit | |
| # ── Secrets scanning (prevent accidental credential commits) ────────────── | |
| secrets: | |
| name: Secrets Scan | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Install trufflehog | |
| run: | | |
| curl -sSfL https://raw.githubusercontent.com/trufflesecurity/trufflehog/main/scripts/install.sh | sh -s -- -b /usr/local/bin | |
| - name: Scan for secrets | |
| run: | | |
| trufflehog filesystem . \ | |
| --no-update \ | |
| --fail \ | |
| --only-verified \ | |
| --exclude-paths=<(echo -e "target/\n.git/\nCargo.lock") | |
| # ── Installer smoke test (verify install scripts from Vercel) ────────────── | |
| install-smoke: | |
| name: Install Script Smoke Test | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Fetch and syntax-check shell installer | |
| run: | | |
| curl -fsSL https://openfang.sh/install -o /tmp/install.sh | |
| bash -n /tmp/install.sh | |
| - name: Fetch and syntax-check PowerShell installer | |
| run: | | |
| curl -fsSL https://openfang.sh/install.ps1 -o /tmp/install.ps1 | |
| pwsh -NoProfile -Command "Get-Content /tmp/install.ps1 | Out-Null" 2>&1 || true |