Stabilize embedded Signal channel cutover #365
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [main, master] | |
| pull_request: | |
| branches: [main, master] | |
| permissions: | |
| contents: read | |
| env: | |
| CARGO_TERM_COLOR: always | |
| RUST_BACKTRACE: 1 | |
| jobs: | |
| # ───────────────────────────────────────────────────────────────────────────── | |
| # Check formatting and linting | |
| # ───────────────────────────────────────────────────────────────────────────── | |
| fmt-and-clippy: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| with: | |
| persist-credentials: false | |
| - name: Install Rust toolchain | |
| run: | | |
| rustup toolchain install stable --profile minimal --component rustfmt --component clippy | |
| rustup default stable | |
| - name: Cache Cargo registry | |
| uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5 | |
| with: | |
| path: | | |
| ~/.cargo/registry | |
| ~/.cargo/git | |
| target | |
| key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} | |
| - name: Check formatting | |
| run: cargo fmt --all -- --check | |
| - name: Run Clippy | |
| run: cargo clippy --workspace --all-targets -- -D warnings | |
| # ───────────────────────────────────────────────────────────────────────────── | |
| # Run tests for all workspace crates | |
| # ───────────────────────────────────────────────────────────────────────────── | |
| test-crates: | |
| name: Test Suite | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| crate: | |
| - calciforge | |
| - adversary-detector | |
| - host-agent | |
| - secrets-client | |
| - clashd | |
| - security-proxy | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| with: | |
| persist-credentials: false | |
| - name: Install Rust toolchain | |
| run: | | |
| rustup toolchain install stable --profile minimal | |
| rustup default stable | |
| - name: Cache Cargo registry | |
| uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5 | |
| with: | |
| path: | | |
| ~/.cargo/registry | |
| ~/.cargo/git | |
| target | |
| key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} | |
| - name: Test ${{ matrix.crate }} | |
| run: cargo test -p ${{ matrix.crate }} | |
| # Aggregator job that reports a single `test` status check (required by ruleset) | |
| test: | |
| runs-on: ubuntu-latest | |
| needs: [test-crates] | |
| if: always() | |
| steps: | |
| - name: Verify all crate test jobs succeeded | |
| env: | |
| TEST_CRATES_RESULT: ${{ needs.test-crates.result }} | |
| run: | | |
| if [ "$TEST_CRATES_RESULT" != "success" ]; then | |
| echo "One or more crate test jobs failed: $TEST_CRATES_RESULT" | |
| exit 1 | |
| fi | |
| # ───────────────────────────────────────────────────────────────────────────── | |
| # Loom concurrency tests (exhaustive concurrency exploration) | |
| # ───────────────────────────────────────────────────────────────────────────── | |
| loom: | |
| name: Loom Concurrency | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| with: | |
| persist-credentials: false | |
| - name: Install Rust toolchain | |
| run: | | |
| rustup toolchain install stable --profile minimal | |
| rustup default stable | |
| - name: Cache Cargo registry | |
| uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5 | |
| with: | |
| path: | | |
| ~/.cargo/registry | |
| ~/.cargo/git | |
| target | |
| key: ${{ runner.os }}-cargo-loom-${{ hashFiles('**/Cargo.lock') }} | |
| - name: Run Loom tests | |
| run: cargo test -p loom-tests | |
| env: | |
| LOOM_MAX_PREEMPTIONS: 2 | |
| RUSTFLAGS: "--cfg loom" | |
| # ───────────────────────────────────────────────────────────────────────────── | |
| # Build release binaries | |
| # ───────────────────────────────────────────────────────────────────────────── | |
| build: | |
| runs-on: ubuntu-latest | |
| needs: [fmt-and-clippy, test] | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| with: | |
| persist-credentials: false | |
| - name: Install Rust toolchain | |
| run: | | |
| rustup toolchain install stable --profile minimal | |
| rustup default stable | |
| - name: Cache Cargo registry | |
| uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5 | |
| with: | |
| path: | | |
| ~/.cargo/registry | |
| ~/.cargo/git | |
| target | |
| key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} | |
| - name: Build release binaries | |
| run: cargo build --release -p calciforge -p secrets-client -p security-proxy -p adversary-detector | |
| - name: Check binary sizes | |
| run: | | |
| ls -lh target/release/calciforge || true | |
| ls -lh target/release/secrets || true | |
| ls -lh target/release/security-proxy || true | |
| ls -lh target/release/adversary-detector || true |