Miri

v0.0.9 — Enterprise readiness: 4-crate workspace, multi-algo verify+rehash, KMS pepper, FIPS contract, CLI #13

Workflow file for this run

	name: Miri

	# Focused per-PR (cheap), full weekly (expensive).
	on:
	pull_request:
	paths:
	- "crates/**"
	- "fuzz/**"
	- "Cargo.toml"
	- "Cargo.lock"
	- ".github/workflows/miri.yml"
	- "scripts/miri.sh"
	schedule:
	# Sunday 03:00 UTC — full sweep budget.
	- cron: "0 3 * * 0"
	workflow_dispatch:

	concurrency:
	group: miri-${{ github.ref }}
	cancel-in-progress: true

	permissions: {}

	jobs:
	focused:
	name: Miri (focused, per-PR)
	if: github.event_name == 'pull_request' \|\| github.event_name == 'workflow_dispatch'
	runs-on: ubuntu-latest
	timeout-minutes: 60
	permissions:
	contents: read
	steps:
	- name: Checkout
	uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
	with:
	persist-credentials: false
	- name: Install nightly + miri
	uses: dtolnay/rust-toolchain@3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9 # master
	with:
	toolchain: nightly
	components: miri, rust-src
	- name: Cache
	uses: Swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4 # v2.9.1
	- name: Miri setup
	run: cargo +nightly miri setup
	- name: Run focused Miri suite
	env:
	# proptest reads `current_dir()` for failure-persistence file
	# resolution; Miri's isolation blocks that syscall.
	MIRIFLAGS: "-Zmiri-disable-isolation"
	run: ./scripts/miri.sh focused

	full:
	name: Miri (full sweep, weekly)
	if: github.event_name == 'schedule' \|\| github.event_name == 'workflow_dispatch'
	runs-on: ubuntu-latest
	timeout-minutes: 90
	permissions:
	contents: read
	steps:
	- name: Checkout
	uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
	with:
	persist-credentials: false
	- name: Install nightly + miri
	uses: dtolnay/rust-toolchain@3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9 # master
	with:
	toolchain: nightly
	components: miri, rust-src
	- name: Cache
	uses: Swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4 # v2.9.1
	- name: Miri setup
	run: cargo +nightly miri setup
	- name: Run full Miri sweep
	env:
	MIRIFLAGS: "-Zmiri-disable-isolation -Zmiri-strict-provenance"
	run: ./scripts/miri.sh full

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

v0.0.9 — Enterprise readiness: 4-crate workspace, multi-algo verify+rehash, KMS pepper, FIPS contract, CLI #13

Workflow file

v0.0.9 — Enterprise readiness: 4-crate workspace, multi-algo verify+rehash, KMS pepper, FIPS contract, CLI #13

Uh oh!

Workflow file for this run