better #23
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| env: | |
| CARGO_TERM_COLOR: always | |
| RUST_BACKTRACE: 1 | |
| jobs: | |
| check: | |
| name: Check | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install Rust toolchain | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| components: rustfmt, clippy | |
| - name: Cache cargo registry | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cargo/registry | |
| ~/.cargo/git | |
| target | |
| key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} | |
| restore-keys: | | |
| ${{ runner.os }}-cargo- | |
| - name: Check formatting | |
| run: cargo fmt --all -- --check | |
| - name: Validate docs code blocks | |
| run: tools/scripts/validate-docs | |
| - name: Clippy | |
| run: cargo clippy --all-targets --all-features -- -D warnings | |
| - name: Build | |
| run: cargo build --all-targets | |
| - name: Test | |
| run: cargo test --all | |
| msrv: | |
| name: Minimum Supported Rust Version | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install MSRV toolchain | |
| uses: dtolnay/rust-toolchain@1.75 | |
| - name: Build with MSRV | |
| run: cargo build --all-targets | |
| offline: | |
| name: Offline Build/Test (vendored) | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install Rust toolchain | |
| uses: dtolnay/rust-toolchain@stable | |
| - name: Test offline | |
| run: scripts/cargo-offline.sh test --workspace --all-targets | |
| env: | |
| CARGO_NET_OFFLINE: "true" | |
| docs: | |
| name: Documentation | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install Rust toolchain | |
| uses: dtolnay/rust-toolchain@stable | |
| - name: Build documentation | |
| run: cargo doc --no-deps --all-features | |
| env: | |
| RUSTDOCFLAGS: -D warnings | |
| security-audit: | |
| name: Security Audit | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install cargo-audit | |
| run: cargo install cargo-audit | |
| - name: Run security audit | |
| run: cargo audit | |
| license-check: | |
| name: License Check | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install cargo-deny | |
| uses: taiki-e/install-action@cargo-deny | |
| - name: Run cargo-deny | |
| run: cargo deny check | |
| coverage: | |
| name: Code Coverage | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install Rust toolchain | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| components: llvm-tools-preview | |
| - name: Install cargo-llvm-cov | |
| uses: taiki-e/install-action@cargo-llvm-cov | |
| - name: Generate coverage report | |
| run: cargo llvm-cov --all-features --lcov --output-path lcov.info | |
| - name: Upload coverage to Codecov | |
| uses: codecov/codecov-action@v4 | |
| with: | |
| files: lcov.info | |
| fail_ci_if_error: false | |
| wasm: | |
| name: WASM Build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup Rust | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| targets: wasm32-unknown-unknown | |
| - name: Cache cargo registry | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cargo/registry | |
| ~/.cargo/git | |
| target | |
| key: ${{ runner.os }}-wasm-${{ hashFiles('**/Cargo.lock') }} | |
| restore-keys: | | |
| ${{ runner.os }}-wasm- | |
| - name: Install wasm-pack | |
| run: cargo install wasm-pack | |
| - name: Build WASM | |
| run: | | |
| cd crates/hush-wasm | |
| wasm-pack build --target web --release | |
| - name: Check bundle size | |
| run: | | |
| SIZE=$(wc -c < crates/hush-wasm/pkg/hush_wasm_bg.wasm) | |
| echo "Bundle size: $SIZE bytes" | |
| if [ $SIZE -gt 512000 ]; then | |
| echo "ERROR: Bundle exceeds 500KB limit" | |
| exit 1 | |
| fi | |
| echo "Bundle size is within 500KB limit" | |
| proptest: | |
| name: Property Tests | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install Rust toolchain | |
| uses: dtolnay/rust-toolchain@stable | |
| - name: Cache cargo registry | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cargo/registry | |
| ~/.cargo/git | |
| target | |
| key: ${{ runner.os }}-cargo-proptest-${{ hashFiles('**/Cargo.lock') }} | |
| restore-keys: | | |
| ${{ runner.os }}-cargo-proptest- | |
| - name: Run property tests | |
| run: cargo test --workspace proptest | |
| env: | |
| PROPTEST_CASES: 500 | |
| integration-tests: | |
| name: Integration Tests | |
| runs-on: ubuntu-latest | |
| needs: check | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install Rust toolchain | |
| uses: dtolnay/rust-toolchain@stable | |
| - name: Cache cargo registry | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cargo/registry | |
| ~/.cargo/git | |
| target | |
| key: ${{ runner.os }}-cargo-integration-${{ hashFiles('**/Cargo.lock') }} | |
| restore-keys: | | |
| ${{ runner.os }}-cargo-integration- | |
| ${{ runner.os }}-cargo- | |
| - name: Build daemon | |
| run: cargo build -p hushd | |
| - name: Start daemon in background | |
| run: | | |
| ./target/debug/hushd start & | |
| echo $! > /tmp/hushd.pid | |
| env: | |
| RUST_LOG: info | |
| - name: Wait for daemon health | |
| run: | | |
| for i in {1..30}; do | |
| if curl -s http://127.0.0.1:9876/health | grep -q '"status":"healthy"'; then | |
| echo "Daemon is healthy" | |
| exit 0 | |
| fi | |
| echo "Waiting for daemon... (attempt $i/30)" | |
| sleep 1 | |
| done | |
| echo "Daemon failed to start" | |
| exit 1 | |
| - name: Run integration tests | |
| run: cargo test -p hushd --test integration | |
| env: | |
| HUSHD_TEST_URL: http://127.0.0.1:9876 | |
| - name: Stop daemon | |
| if: always() | |
| run: | | |
| if [ -f /tmp/hushd.pid ]; then | |
| kill $(cat /tmp/hushd.pid) 2>/dev/null || true | |
| rm /tmp/hushd.pid | |
| fi | |
| fuzz-check: | |
| name: Fuzz Check | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install Rust nightly | |
| uses: dtolnay/rust-toolchain@nightly | |
| - name: Install cargo-fuzz | |
| run: cargo install cargo-fuzz | |
| - name: Build fuzz targets | |
| run: | | |
| cd fuzz | |
| cargo +nightly build | |
| typescript-sdk: | |
| name: TypeScript SDK | |
| runs-on: ubuntu-latest | |
| defaults: | |
| run: | |
| working-directory: packages/hush-ts | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20' | |
| cache: 'npm' | |
| cache-dependency-path: packages/hush-ts/package-lock.json | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Type check | |
| run: npm run typecheck | |
| - name: Build | |
| run: npm run build | |
| - name: Test | |
| run: npm test | |
| - name: Verify package exports | |
| run: | | |
| node -e "const sdk = require('./dist/index.cjs'); console.log('CJS exports:', Object.keys(sdk).slice(0, 10))" | |
| node --input-type=module -e "import * as sdk from './dist/index.js'; console.log('ESM exports:', Object.keys(sdk).slice(0, 10))" | |
| openclaw-plugin: | |
| name: OpenClaw Plugin | |
| runs-on: ubuntu-latest | |
| defaults: | |
| run: | |
| working-directory: packages/clawdstrike-openclaw | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20' | |
| cache: 'npm' | |
| cache-dependency-path: packages/clawdstrike-openclaw/package-lock.json | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Type check | |
| run: npm run typecheck | |
| - name: Build | |
| run: npm run build | |
| - name: Test | |
| run: npm test | |
| - name: OpenClaw E2E (simulated runtime) | |
| run: npm run e2e | |
| python-sdk: | |
| name: Python SDK | |
| runs-on: ubuntu-latest | |
| defaults: | |
| run: | |
| working-directory: packages/hush-py | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.12' | |
| cache: 'pip' | |
| cache-dependency-path: packages/hush-py/pyproject.toml | |
| - name: Install package (editable) | |
| run: | | |
| python -m pip install --upgrade pip | |
| python -m pip install -e ".[dev]" | |
| - name: Run tests | |
| run: python -m pytest |