Skip to content

Added basic code coverage in CI #81

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
madclaws merged 1 commit into from
Jan 31, 2026
Merged

Added basic code coverage in CI #81

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions .codecov.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
coverage:
status:
project:
default:
target: 20%
78 changes: 52 additions & 26 deletions .github/workflows/rust.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,38 +2,64 @@ name: Rust

on:
push:
branches: [ "main" ]
branches: ["main"]
pull_request:
branches: [ "main" ]
branches: ["main"]

env:
CARGO_TERM_COLOR: always

jobs:
build:

check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4

- uses: dtolnay/rust-toolchain@master
with:
toolchain: 1.90.0
components: rustfmt, clippy

Comment on lines +18 to 22
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Jan 31, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

# Read the rust.yml workflow file
cat -n .github/workflows/rust.yml

Repository: tilesprivacy/tiles

Length of output: 1960

🌐 Web query:

Rust 1.90.0 release date and availability

💡 Result:

Rust 1.90.0 was released on September 18, 2025. [1][2]

Availability: it’s available on the stable channel via rustup:

rustup update stable

and via Rust’s official distribution/installers for that release. [1]

🌐 Web query:

Rust toolchain versions 2025 2026 latest stable

💡 Result:

Latest Rust stable (as of Jan 31, 2026)

  • Rust 1.93.0 — released Jan 22, 2026 (current stable) [1][2]
  • Next scheduled: 1.94.0 (will be stable Mar 5, 2026) [3]

Rust stable releases in 2025 → early 2026 (version → release date)

  • 1.84.0Jan 9, 2025 [4]
  • 1.85.0Feb 20, 2025 (stabilizes Rust 2024 Edition) [5]
  • 1.86.0Apr 3, 2025 [2]
  • 1.87.0May 15, 2025 [6]
  • 1.88.0Jun 26, 2025 [2]
  • 1.89.0Aug 7, 2025 [2]
  • 1.90.0Sep 18, 2025 [2]
  • 1.91.0Oct 30, 2025 [7]
  • 1.92.0Dec 11, 2025 [8]
  • 1.93.0Jan 22, 2026 [1][2]

Update command: rustup update stable [2]

Sources

[1] https://doc.rust-lang.org/stable/releases.html
[2] https://endoflife.date/rust
[3] https://releases.rs/
[4] https://blog.rust-lang.org/2025/01/09/Rust-1.84.0/
[5] https://blog.rust-lang.org/2025/02/20/Rust-1.85.0/
[6] https://blog.rust-lang.org/2025/05/15/Rust-1.87.0/
[7] https://blog.rust-lang.org/2025/10/30/Rust-1.91.0/
[8] https://releases.rs/docs/1.92.0/

🌐 Web query:

dtolnay/rust-toolchain github action recent commits pinned version

💡 Result:

  • Most recent commits on master

    • 2025-12-16: Merge PR #177 “Permit cross-device copy” (latest master commit f7ccc83f9ed1e5b9c81d8a67d7ad1a747e22a561) [3]
    • 2025-11-20: “Update actions/checkout@v5 -> v6” [2]
    • 2025-11-10: “Add 1.91.1 patch release” [2]

  • Pinned version (recommended stable pin for the Action code)

    • Use the major tag: dtolnay/rust-toolchain@v1 — currently points to commit e97e2d8 (dated 2025-08-23) [4].
    • If you want a fully immutable pin, use a full commit SHA (must be in master history) as noted in the README [1].

  • Toolchain selection (separate from pinning the Action code)

    • The README documents that the @rev you use (e.g., @stable, @nightly, @1.89.0) determines which Rust toolchain is installed [1].

Pin the rust-toolchain action to improve supply-chain security.

@master is mutable and weakens supply-chain guarantees. Pin the action to a stable reference such as @v1 or a specific commit (e.g., f7ccc83f9ed1e5b9c81d8a67d7ad1a747e22a561).

Additionally, Rust 1.90.0 is now outdated (released Sep 2025; current stable is 1.93.0 as of Jan 2026). Consider updating to a more recent toolchain version when pinning.

🔒 Suggested fix (apply to both jobs) 
-      - uses: dtolnay/rust-toolchain@master
+      - uses: dtolnay/rust-toolchain@v1
         with:
-          toolchain: 1.90.0
+          toolchain: 1.93.0

Also applies to: 43-46

🤖 Prompt for AI Agents 
In @.github/workflows/rust.yml around lines 18 - 22, Replace the mutable action
reference dtolnay/rust-toolchain@master with a pinned stable tag or commit
(e.g., dtolnay/rust-toolchain@v1 or a specific commit hash) in both job blocks
that currently use dtolnay/rust-toolchain@master, and update the toolchain field
(currently toolchain: 1.90.0) to a recent stable version such as 1.93.0; ensure
both occurrences (the two jobs referenced) are changed so the workflow uses a
fixed action ref and an up-to-date Rust toolchain.

- uses: actions/cache@v4
with:
path: |
~/.cargo/bin
~/.cargo/registry
~/.cargo/git
target
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}

- name: Install just
run: command -v just || cargo install just

- name: Run checks
run: just check
coverage:
runs-on: ubuntu-latest
needs: check # optional but recommended
Comment thread
coderabbitai[bot] marked this conversation as resolved.
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@master
with:
toolchain: 1.90.0
components: rustfmt, clippy
- name: Cache cargo
uses: actions/cache@v4
with:
path: |
~/.cargo/bin
~/.cargo/registry
~/.cargo/git
target
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
${{ runner.os }}-cargo-

- name: Install just
run: command -v just || cargo install just

- name: Run check
run: just check
- uses: actions/checkout@v4

- uses: dtolnay/rust-toolchain@master
with:
toolchain: 1.90.0

- uses: actions/cache@v4
with:
path: |
~/.cargo/bin
~/.cargo/registry
~/.cargo/git
target
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}

- name: Install tarpaulin
run: cargo install cargo-tarpaulin
Comment on lines +56 to +57
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Jan 31, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🌐 Web query:

latest stable release cargo-tarpaulin recommended install flags

💡 Result:

  • Latest stable release (cargo-tarpaulin): 0.35.1 (released 2026-01-16). [1]
  • Recommended install (reproducible): 
    cargo install cargo-tarpaulin --locked
    --locked forces Cargo to use the crate’s packaged Cargo.lock (if present) for more reproducible installs. [2]
  • Recommended upgrade/reinstall (if already installed): 
    cargo install cargo-tarpaulin --locked --force
    (--force overwrites the existing install.) [3]
  • Fast alternative (prebuilt binaries, when available): 
    cargo binstall cargo-tarpaulin
    [4]

Sources: [1] (docs.rs), [2] (cargo-book.irust.net), [3] (dev-doc.rust-lang.org), [4] (docs.rs)

Citations:

Use --locked for reproducible installs.

Unpinned installs can change behavior across CI runs. The --locked flag ensures reproducible builds by using the crate's packaged Cargo.lock file.

🔧 Suggested change 
      - name: Install tarpaulin
-       run: cargo install cargo-tarpaulin
+       run: cargo install cargo-tarpaulin --locked
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- name: Install tarpaulin
run: cargo install cargo-tarpaulin
- name: Install tarpaulin
run: cargo install cargo-tarpaulin --locked
🤖 Prompt for AI Agents 
In @.github/workflows/rust.yml around lines 56 - 57, Update the CI step that
installs tarpaulin so the cargo install invocation is reproducible: modify the
"Install tarpaulin" step's run command that currently executes `cargo install
cargo-tarpaulin` to include the `--locked` flag (i.e., `cargo install --locked
cargo-tarpaulin`) so the installation uses the crate's Cargo.lock for
deterministic installs.


- name: Run coverage
run: cargo tarpaulin --out Xml -- --test-threads 1

- name: Upload to Codecov
uses: codecov/codecov-action@v4
with:
token: ${{ secrets.CODECOV_TOKEN }}
3 changes: 3 additions & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,3 +2,6 @@
.tiles_dev
dist/
stack_export_prod/
*.profraw
tilekit/target
tiles/target