ci: add lean cargo-check tripwire on develop pushes (ENG-550)#402
ci: add lean cargo-check tripwire on develop pushes (ENG-550)#402Andrew MacBride (amacbride) wants to merge 2 commits into
Conversation
The Rust Check / TypeScript / Treefmt jobs in evaluate.yml run only on
pull_request and merge_group, so nothing re-validates develop after a commit
lands on it. Add a push trigger on develop that re-runs cargo check against
the post-merge tip — a detector, not a gate: it can't block (the commit is
already on develop) but flips develop's commit status red within ~1 min when
something slips past the pre-merge gate, e.g. the main->develop merge
producing a broken tree from two individually green parents.
Keep the tripwire genuinely lightweight:
- Only the Rust Check job runs on push; TypeScript and Treefmt are guarded
to PR/merge_group (the develop tripwire is cargo check alone, since
compile breakage is the failure mode we keep hitting).
- Rust Check now sets install-devenv: false and install-bun-deps: false.
cargo check needs only the Rust toolchain plus the system C compiler
(libgit2-sys / libsqlite3-sys build their vendored C with `cc`); it does
not need the devenv profile (node/bun/sops/python). On the prior run the
check itself was 52s but devenv provisioning was ~8 min — this drops that
to a ~1 min toolchain setup, speeding up the PR check too. The full build
(build.yaml) is unaffected and still provides heavyweight coverage.
Context: ENG-550. The pre-merge cargo-check gate on develop already exists
(evaluate.yml since 2026-06-04; required via ruleset since 2026-06-08); this
adds the post-merge safety net without adding meaningful CI cost.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
🎨 Storybook previewUpdated for 69bcae0 ❌ Failed snapshots (1)These stories' HTML snapshots changed. Current renderings (run Widget/Steps/SetupStep › Default Config Required |
📋 PR Overview
🔬 Coverage
|
ENG-550 summaryInvestigated the current state first, and the headline finding reframes the issue. The pre-merge cargo-check gate ENG-550 asks for already exists. What was actually missing: nothing re-checks develop after a commit lands. The one path that can still break develop is the recurring What this PR adds:
Net: develop now has both a pre-merge gate (already there) and a fast post-merge safety net (new), at ~52s of real compute. (The |
1 participant
Summary
Closes ENG-550 (post-merge safety net portion).
Finding first: the pre-merge cargo-check gate ENG-550 asks for already exists —
evaluate.yml'sRust Check(cargo check --locked) has run on PRs since 2026-06-04, and ruleset15037341has required it (plusTypeScript, a PR, and the merge queue, with no bypass actors) on develop since 2026-06-08. The late-May compile breakages predate that gate. So the gate isn't the gap.The gap is that nothing re-checks develop after a commit lands — notably the periodic
main → developmerge, which can produce a broken tree from two individually green parents. This PR adds a lightweight post-merge tripwire:push: [develop]trigger runscargo checkagainst the actual post-merge tip. It's a detector, not a gate — it can't block, but it flips develop's commit status red within ~1 min so the team sees breakage immediately instead of via a confusing local build failure.cargo checkitself was only 52s; the other ~8 min was provisioning the full devenv profile (node/bun/sops/python) to run a Rust-only check.cargo checkneeds just the Rust toolchain + the system C compiler (libgit2-sys/libsqlite3-sysbuild their vendored C withcc), so this setsinstall-devenv: false+install-bun-deps: false. That drops it to a ~1 min toolchain setup and speeds up the PR check too. The full build (build.yaml) is untouched and still provides heavyweight coverage.Test Plan
This PR validates itself:
evaluate.ymlruns onpull_request, so the Rust Check job on this PR exercises the devenv-freecargo check. If it's green here, the slim setup works (and is now ~1 min instead of ~9). YAML validated locally; per-jobifguards confirmed (onlyrust-checkruns on push).Docs
CI-only change.
🤖 Generated with Claude Code