Skip to content
CI

Marketplace signed feed roadmap (#35) #119

Sign in to view logs

Marketplace signed feed roadmap (#35)

Marketplace signed feed roadmap (#35) #119

Workflow file for this run

.github/workflows/ci.yml at cf86c72
name: CI
on:
push:
branches: [main]
pull_request:
branches: [main]
env:
CARGO_TERM_COLOR: always
RUST_BACKTRACE: 1
jobs:
check:
name: Check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@stable
with:
components: rustfmt, clippy
- name: Cache cargo registry
uses: actions/cache@v4
with:
path: |
~/.cargo/registry
~/.cargo/git
target
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
${{ runner.os }}-cargo-
- name: Check formatting
run: cargo fmt --all -- --check
- name: Setup Node
uses: actions/setup-node@v4
with:
node-version: "24"
- name: Install TypeScript compiler
run: npm install -g typescript@5.9.3
- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: "3.12"
- name: Install mypy
run: python -m pip install --disable-pip-version-check mypy==1.19.1
- name: Validate docs code blocks
run: tools/scripts/validate-docs
- name: Clippy
run: cargo clippy --all-targets --all-features -- -D warnings
- name: Build
run: cargo build --all-targets
- name: Test
run: cargo test --all
tauri-rust-check:
name: Tauri Rust Crates
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Install Linux dependencies for Tauri
run: |
sudo apt-get update
sudo apt-get install -y \
libgtk-3-dev \
libayatana-appindicator3-dev \
librsvg2-dev
sudo apt-get install -y libwebkit2gtk-4.1-dev || sudo apt-get install -y libwebkit2gtk-4.0-dev
- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@stable
- name: Cache cargo registry
uses: actions/cache@v4
with:
path: |
~/.cargo/registry
~/.cargo/git
target
key: ${{ runner.os }}-cargo-tauri-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
${{ runner.os }}-cargo-tauri-
${{ runner.os }}-cargo-
- name: Check desktop Tauri crate
run: cargo check --manifest-path apps/desktop/src-tauri/Cargo.toml
- name: Check agent Tauri crate
run: cargo check --manifest-path apps/agent/src-tauri/Cargo.toml
msrv:
name: Minimum Supported Rust Version
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Install MSRV toolchain
uses: dtolnay/rust-toolchain@1.93
- name: Build with MSRV
run: cargo build --all-targets
offline:
name: Offline Build/Test (vendored)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@stable
- name: Test offline
run: scripts/cargo-offline.sh test --workspace --all-targets
env:
CARGO_NET_OFFLINE: "true"
docs:
name: Documentation
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@stable
- name: Build documentation
run: cargo doc --no-deps --all-features
env:
RUSTDOCFLAGS: -D warnings
security-audit:
name: Security Audit
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@stable
- name: Install cargo-audit
run: cargo install cargo-audit --locked --version 0.22.0
- name: Run security audit
run: cargo audit
license-check:
name: License Check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@stable
- name: Install cargo-deny
uses: taiki-e/install-action@cargo-deny
- name: Run cargo-deny
run: cargo deny check
coverage:
name: Code Coverage
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@stable
with:
components: llvm-tools-preview
- name: Install cargo-llvm-cov
uses: taiki-e/install-action@cargo-llvm-cov
- name: Generate coverage report
run: cargo llvm-cov --all-features --lcov --output-path lcov.info
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v4
with:
files: lcov.info
fail_ci_if_error: false
wasm:
name: WASM Build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Setup Rust
uses: dtolnay/rust-toolchain@stable
with:
targets: wasm32-unknown-unknown
- name: Cache cargo registry
uses: actions/cache@v4
with:
path: |
~/.cargo/registry
~/.cargo/git
target
key: ${{ runner.os }}-wasm-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
${{ runner.os }}-wasm-
- name: Install wasm-pack
run: cargo install wasm-pack --locked --version 0.14.0
- name: Build WASM
run: |
cd crates/hush-wasm
wasm-pack build --target web --release
- name: Check bundle size
run: |
SIZE=$(wc -c < crates/hush-wasm/pkg/hush_wasm_bg.wasm)
echo "Bundle size: $SIZE bytes"
if [ $SIZE -gt 512000 ]; then
echo "ERROR: Bundle exceeds 500KB limit"
exit 1
fi
echo "Bundle size is within 500KB limit"
proptest:
name: Property Tests
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@stable
- name: Cache cargo registry
uses: actions/cache@v4
with:
path: |
~/.cargo/registry
~/.cargo/git
target
key: ${{ runner.os }}-cargo-proptest-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
${{ runner.os }}-cargo-proptest-
- name: Run property tests
run: cargo test --workspace proptest
env:
PROPTEST_CASES: 500
integration-tests:
name: Integration Tests
runs-on: ubuntu-latest
needs: check
steps:
- uses: actions/checkout@v6
- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@stable
- name: Cache cargo registry
uses: actions/cache@v4
with:
path: |
~/.cargo/registry
~/.cargo/git
target
key: ${{ runner.os }}-cargo-integration-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
${{ runner.os }}-cargo-integration-
${{ runner.os }}-cargo-
- name: Build daemon
run: cargo build -p hushd
- name: Start daemon in background
run: |
./target/debug/hushd start &
echo $! > /tmp/hushd.pid
env:
RUST_LOG: info
- name: Wait for daemon health
run: |
for i in {1..30}; do
if curl -s http://127.0.0.1:9876/health | grep -q '"status":"healthy"'; then
echo "Daemon is healthy"
exit 0
fi
echo "Waiting for daemon... (attempt $i/30)"
sleep 1
done
echo "Daemon failed to start"
exit 1
- name: Run integration tests
run: cargo test -p hushd --test integration
env:
HUSHD_TEST_URL: http://127.0.0.1:9876
- name: Stop daemon
if: always()
run: |
if [ -f /tmp/hushd.pid ]; then
kill $(cat /tmp/hushd.pid) 2>/dev/null || true
rm /tmp/hushd.pid
fi
fuzz-check:
name: Fuzz Check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Install Rust nightly
uses: dtolnay/rust-toolchain@nightly
- name: Install cargo-fuzz
run: cargo install cargo-fuzz --locked --version 0.13.1
- name: Build fuzz targets
run: |
cd fuzz
cargo +nightly build
typescript-sdk:
name: TypeScript SDK
runs-on: ubuntu-latest
defaults:
run:
working-directory: packages/hush-ts
steps:
- uses: actions/checkout@v6
- name: Setup Node.js
uses: actions/setup-node@v6
with:
node-version: '24'
cache: 'npm'
cache-dependency-path: |
packages/hush-ts/package-lock.json
packages/clawdstrike-adapter-core/package-lock.json
- name: Bootstrap file deps (adapter-core)
working-directory: packages/clawdstrike-adapter-core
run: npm ci
- name: Build file deps (adapter-core)
working-directory: packages/clawdstrike-adapter-core
run: npm run build
- name: Install dependencies
run: npm ci
- name: Type check
run: npm run typecheck
- name: Build
run: npm run build
- name: Test
run: npm test
- name: Verify package exports
run: |
node -e "const sdk = require('./dist/index.cjs'); console.log('CJS exports:', Object.keys(sdk).slice(0, 10))"
node --input-type=module -e "import * as sdk from './dist/index.js'; console.log('ESM exports:', Object.keys(sdk).slice(0, 10))"
openclaw-plugin:
name: OpenClaw Plugin
runs-on: ubuntu-latest
defaults:
run:
working-directory: packages/clawdstrike-openclaw
steps:
- uses: actions/checkout@v6
- name: Setup Node.js
uses: actions/setup-node@v6
with:
node-version: '24'
cache: 'npm'
cache-dependency-path: packages/clawdstrike-openclaw/package-lock.json
- name: Bootstrap file deps (adapter-core)
working-directory: packages/clawdstrike-adapter-core
run: npm ci
- name: Build file deps (adapter-core)
working-directory: packages/clawdstrike-adapter-core
run: npm run build
- name: Bootstrap file deps (policy)
working-directory: packages/clawdstrike-policy
run: npm ci
- name: Build file deps (policy)
working-directory: packages/clawdstrike-policy
run: npm run build
- name: Install dependencies
run: npm ci
- name: Type check
run: npm run typecheck
- name: Build
run: npm run build
- name: Test
run: npm test
- name: OpenClaw E2E (simulated runtime)
run: npm run e2e
clawdstrike-policy:
name: Canonical Policy Engine (TS)
runs-on: ubuntu-latest
defaults:
run:
working-directory: packages/clawdstrike-policy
steps:
- uses: actions/checkout@v6
- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@stable
- name: Cache cargo registry
uses: actions/cache@v4
with:
path: |
~/.cargo/registry
~/.cargo/git
target
key: ${{ runner.os }}-cargo-policy-parity-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
${{ runner.os }}-cargo-policy-parity-
${{ runner.os }}-cargo-
- name: Setup Node.js
uses: actions/setup-node@v6
with:
node-version: '24'
cache: 'npm'
cache-dependency-path: |
packages/clawdstrike-policy/package-lock.json
packages/clawdstrike-adapter-core/package-lock.json
- name: Bootstrap file deps (adapter-core)
working-directory: packages/clawdstrike-adapter-core
run: npm ci
- name: Build file deps (adapter-core)
working-directory: packages/clawdstrike-adapter-core
run: npm run build
- name: Build hush CLI (for policy parity)
working-directory: .
run: cargo build -p hush-cli --bin hush
- name: Install dependencies
run: npm ci
- name: Type check
run: npm run typecheck
- name: Build
run: npm run build
- name: Policy parity (Rust ↔ TS)
working-directory: .
run: node tools/scripts/policy-parity.mjs
- name: Test
run: npm test
agent-framework-integrations:
name: Agent Framework Integrations (${{ matrix.name }})
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
include:
- name: Adapter Core
dir: packages/clawdstrike-adapter-core
bootstrap_adapter_core: false
bootstrap_sdk: false
- name: Hush CLI Engine
dir: packages/clawdstrike-hush-cli-engine
bootstrap_adapter_core: true
bootstrap_sdk: false
- name: Codex
dir: packages/clawdstrike-codex
bootstrap_adapter_core: true
bootstrap_sdk: false
- name: OpenCode
dir: packages/clawdstrike-opencode
bootstrap_adapter_core: true
bootstrap_sdk: false
- name: Claude Code
dir: packages/clawdstrike-claude-code
bootstrap_adapter_core: true
bootstrap_sdk: false
- name: Vercel AI
dir: packages/clawdstrike-vercel-ai
bootstrap_adapter_core: true
bootstrap_sdk: true
- name: LangChain
dir: packages/clawdstrike-langchain
bootstrap_adapter_core: true
bootstrap_sdk: false
steps:
- uses: actions/checkout@v6
- name: Setup Node.js
uses: actions/setup-node@v6
with:
node-version: '24'
cache: 'npm'
cache-dependency-path: ${{ matrix.dir }}/package-lock.json
- name: Bootstrap file deps (adapter-core)
if: ${{ matrix.bootstrap_adapter_core }}
working-directory: packages/clawdstrike-adapter-core
run: npm ci
- name: Build file deps (adapter-core)
if: ${{ matrix.bootstrap_adapter_core }}
working-directory: packages/clawdstrike-adapter-core
run: npm run build
- name: Bootstrap file deps (sdk)
if: ${{ matrix.bootstrap_sdk }}
working-directory: packages/hush-ts
run: npm ci
- name: Build file deps (sdk)
if: ${{ matrix.bootstrap_sdk }}
working-directory: packages/hush-ts
run: npm run build
- name: Install dependencies
working-directory: ${{ matrix.dir }}
run: npm ci
- name: Type check
working-directory: ${{ matrix.dir }}
run: npm run typecheck
- name: Build
working-directory: ${{ matrix.dir }}
run: npm run build
- name: Test
working-directory: ${{ matrix.dir }}
run: npm test
python-sdk:
name: Python SDK
runs-on: ubuntu-latest
defaults:
run:
working-directory: packages/hush-py
steps:
- uses: actions/checkout@v6
- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: '3.12'
cache: 'pip'
cache-dependency-path: packages/hush-py/pyproject.toml
- name: Install package (editable)
run: |
python -m pip install --upgrade pip
python -m pip install -e ".[dev]"
- name: Run tests
run: python -m pytest