@@ -111,6 +111,7 @@ jobs:
111111 # shellcheck disable=SC2086
112112 if [ "$TOOLCHAIN" == "stable" ]; then
113113 cargo llvm-cov test $BUILD_TYPE --locked --include-ffi --codecov --output-path codecov.json
114+ cargo llvm-cov report $BUILD_TYPE --lcov --include-ffi --output-path lcov.info
114115 elif [ -n "$CAREFUL" ]; then
115116 cargo careful test $BUILD_TYPE --locked --target "$(rustc --print host-tuple)"
116117 fi
@@ -142,6 +143,13 @@ jobs:
142143 mkdir -p C:/msys64/home/runneradmin/
143144 touch C:/msys64/home/runneradmin/.gitconfig
144145
146+ uses : actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
147+ if : matrix.os == 'ubuntu-24.04' && matrix.rust-toolchain == 'stable' && matrix.type == 'debug'
148+ with :
149+ name : lcov-coverage
150+ path : lcov.info
151+ retention-days : 1
152+
145153 - uses : codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0
146154 with :
147155 files : codecov.json
@@ -161,6 +169,33 @@ jobs:
161169 path : simulation-seeds
162170 compression-level : 9
163171
172+ crap :
173+ name : CRAP analysis
174+ needs : check
175+ runs-on : ubuntu-24.04
176+ permissions :
177+ contents : read
178+ security-events : write # for uploading SARIF to code scanning
179+ steps :
180+ - uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
181+ with :
182+ persist-credentials : false
183+
184+ - uses : actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
185+ with :
186+ name : lcov-coverage
187+
188+ - uses : mozilla/actions/crap@2e46408d5c495e59a21e5e125e82008fad0d9408 # v1.1.7
189+ with :
190+ lcov-path : lcov.info
191+ threshold : " 30"
192+ token : ${{ secrets.GITHUB_TOKEN }}
193+
194+ - uses : github/codeql-action/upload-sarif@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0
195+ with :
196+ sarif_file : crap.sarif
197+ category : cargo-crap
198+
164199 check-cargo-lock :
165200 name : Ensure `Cargo.lock` contains all required dependencies
166201 runs-on : ubuntu-24.04
0 commit comments