Skip to content
Rust Crates CI

fix: harden bridge, consensus, and tee verifier safety paths #427

Sign in to view logs

fix: harden bridge, consensus, and tee verifier safety paths

fix: harden bridge, consensus, and tee verifier safety paths #427

Workflow file for this run

.github/workflows/rust-crates-ci.yml at 7e793e9
name: Rust Crates CI
permissions:
contents: read
on:
push:
branches: [main, develop, "release/**"]
pull_request:
branches: [main, develop, "release/**"]
workflow_dispatch:
env:
RUST_VERSION: "1.85.0"
jobs:
rust-quality:
name: Rust Clippy
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
with:
toolchain: ${{ env.RUST_VERSION }}
components: clippy, rustfmt
- uses: Swatinem/rust-cache@v2
- name: Run clippy across Rust crates
shell: bash
run: |
set -euo pipefail
manifests=(
"crates/core/Cargo.toml"
"crates/consensus/Cargo.toml"
"crates/mempool/Cargo.toml"
"crates/bridge/Cargo.toml"
"sdk/rust/Cargo.toml"
"sdk/aethelred-sdk/Cargo.toml"
"sdk/aethelred-py/Cargo.toml"
)
for manifest in "${manifests[@]}"; do
echo ">>> cargo clippy --manifest-path ${manifest}"
cargo clippy --manifest-path "${manifest}"
done
rust-tests:
name: Rust Tests
runs-on: ubuntu-latest
needs: rust-quality
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
with:
toolchain: ${{ env.RUST_VERSION }}
- uses: Swatinem/rust-cache@v2
- name: Run crate tests
shell: bash
run: |
set -euo pipefail
manifests=(
"crates/core/Cargo.toml"
"crates/consensus/Cargo.toml"
"crates/mempool/Cargo.toml"
"crates/bridge/Cargo.toml"
"sdk/rust/Cargo.toml"
"sdk/aethelred-sdk/Cargo.toml"
"sdk/aethelred-py/Cargo.toml"
)
for manifest in "${manifests[@]}"; do
echo ">>> cargo test --manifest-path ${manifest} --lib --bins --tests --no-run"
cargo test --manifest-path "${manifest}" --lib --bins --tests --no-run
done
echo ">>> verify SDK full source presence"
cargo test --manifest-path sdk/aethelred-sdk/Cargo.toml --lib source_presence_tests::lib_full_source_is_present -- --nocapture
echo ">>> cargo test --manifest-path crates/consensus/Cargo.toml"
cargo test --manifest-path crates/consensus/Cargo.toml
rust-build:
name: Rust Release Build
runs-on: ubuntu-latest
needs: rust-tests
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
with:
toolchain: ${{ env.RUST_VERSION }}
- uses: Swatinem/rust-cache@v2
- name: Build release artifacts
shell: bash
run: |
set -euo pipefail
manifests=(
"crates/core/Cargo.toml"
"crates/consensus/Cargo.toml"
"crates/mempool/Cargo.toml"
"crates/bridge/Cargo.toml"
"sdk/rust/Cargo.toml"
)
for manifest in "${manifests[@]}"; do
echo ">>> cargo build --release --manifest-path ${manifest}"
cargo build --release --manifest-path "${manifest}"
done
- name: Verify full-pqc crypto builds
run: |
echo ">>> cargo test --manifest-path crates/core/Cargo.toml --features full-pqc"
cargo test --manifest-path crates/core/Cargo.toml --features full-pqc --lib --no-run
rust-required-gate:
name: Rust Required Gate
if: ${{ always() && github.event_name == 'pull_request' }}
runs-on: ubuntu-latest
needs:
- rust-quality
- rust-tests
- rust-build
steps:
- name: Enforce required gate status
run: |
echo "rust-quality=${{ needs.rust-quality.result }}"
echo "rust-tests=${{ needs.rust-tests.result }}"
echo "rust-build=${{ needs.rust-build.result }}"
test "${{ needs.rust-quality.result }}" = "success"
test "${{ needs.rust-tests.result }}" = "success"
test "${{ needs.rust-build.result }}" = "success"