Skip to content
CI

chore(deps): bump pyo3 from 0.23.5 to 0.24.1 #34

Sign in to view logs

chore(deps): bump pyo3 from 0.23.5 to 0.24.1

chore(deps): bump pyo3 from 0.23.5 to 0.24.1 #34

Workflow file for this run

.github/workflows/ci.yml at 8857792
# =============================================================================
# CI — Lint, Format, Test on every push and PR
# =============================================================================
name: CI
on:
push:
branches: [main]
pull_request:
branches: [main]
env:
CARGO_TERM_COLOR: always
RUSTFLAGS: "-D warnings"
jobs:
fmt:
name: Format
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
with:
components: rustfmt
- run: cargo fmt --all --check
clippy:
name: Clippy
runs-on: ubuntu-latest
needs: fmt
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
with:
components: clippy
- name: Install protoc
run: sudo apt-get update && sudo apt-get install -y protobuf-compiler
- uses: actions/cache@v4
with:
path: |
~/.cargo/bin/
~/.cargo/registry/index/
~/.cargo/registry/cache/
~/.cargo/git/db/
target/
key: ${{ runner.os }}-cargo-clippy-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
${{ runner.os }}-cargo-clippy-
- run: cargo clippy --workspace -- -D warnings
test:
name: Test
runs-on: ubuntu-latest
needs: fmt
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
- name: Install protoc
run: sudo apt-get update && sudo apt-get install -y protobuf-compiler
- uses: actions/cache@v4
with:
path: |
~/.cargo/bin/
~/.cargo/registry/index/
~/.cargo/registry/cache/
~/.cargo/git/db/
target/
key: ${{ runner.os }}-cargo-test-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
${{ runner.os }}-cargo-test-
- run: cargo test --workspace
# ---------------------------------------------------------------------------
# Integration tests — run ignored tests against real Docker Compose services
# ---------------------------------------------------------------------------
integration:
name: Integration Tests
runs-on: ubuntu-latest
needs: test
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
- name: Install protoc
run: sudo apt-get update && sudo apt-get install -y protobuf-compiler
- uses: actions/cache@v4
with:
path: |
~/.cargo/bin/
~/.cargo/registry/index/
~/.cargo/registry/cache/
~/.cargo/git/db/
target/
key: ${{ runner.os }}-cargo-integration-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
${{ runner.os }}-cargo-integration-
- name: Start infrastructure services
run: docker compose up -d --wait --wait-timeout 120 clickhouse postgres redis
env:
CLICKHOUSE_PORT: "8123"
CLICKHOUSE_NATIVE_PORT: "9000"
CLICKHOUSE_DATABASE: llmtrace
POSTGRES_USER: llmtrace
POSTGRES_PASSWORD: llmtrace
POSTGRES_DB: llmtrace
REDIS_PORT: "6379"
- name: Verify service health
run: |
for i in $(seq 1 30); do
echo "Attempt $i/30: Checking ClickHouse..."
if docker compose exec -T clickhouse wget --spider -q http://localhost:8123/ping 2>/dev/null; then
echo "ClickHouse is ready."
break
fi
if [ "$i" -eq 30 ]; then
echo "ClickHouse failed to become healthy after 30 attempts."
docker compose logs clickhouse
exit 1
fi
sleep 3
done
echo "Checking PostgreSQL..."
docker compose exec -T postgres pg_isready -U llmtrace
echo "Checking Redis..."
docker compose exec -T redis redis-cli ping
echo "All services healthy."
- name: Run integration tests
env:
LLMTRACE_CLICKHOUSE_URL: http://localhost:8123
LLMTRACE_CLICKHOUSE_DATABASE: llmtrace
LLMTRACE_POSTGRES_URL: postgres://llmtrace:llmtrace@localhost:5432/llmtrace
LLMTRACE_REDIS_URL: redis://127.0.0.1:6379
run: cargo test --workspace --features "clickhouse,postgres,redis_backend" -- --ignored
- name: Stop services
if: always()
run: docker compose down -v
build:
name: Build
runs-on: ubuntu-latest
needs: [clippy, test]
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
- name: Install protoc
run: sudo apt-get update && sudo apt-get install -y protobuf-compiler
- uses: actions/cache@v4
with:
path: |
~/.cargo/bin/
~/.cargo/registry/index/
~/.cargo/registry/cache/
~/.cargo/git/db/
target/
key: ${{ runner.os }}-cargo-build-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
${{ runner.os }}-cargo-build-
- run: cargo build --workspace --release
# ---------------------------------------------------------------------------
# Container scan (advisory) — scan Docker image on PRs, don't fail
# ---------------------------------------------------------------------------
trivy-scan:
name: Trivy Container Scan
runs-on: ubuntu-latest
needs: build
permissions:
security-events: write
steps:
- uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build Docker image for scanning
uses: docker/build-push-action@v6
with:
context: .
push: false
load: true
tags: llmtrace-proxy:scan
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@0.31.0
with:
image-ref: llmtrace-proxy:scan
format: sarif
output: trivy-results.sarif
severity: CRITICAL,HIGH
exit-code: "0"
- name: Upload Trivy SARIF to GitHub Security
uses: github/codeql-action/upload-sarif@v3
if: always()
with:
sarif_file: trivy-results.sarif