CI reform, round 2

.github/actionlint.yaml

@@ -5,4 +5,4 @@ self-hosted-runner:
     - large_ubuntu_16_arm
     - large_ubuntu_32
     - runs-on=github.run_id/runner=16cpu-linux-x64/spot=false
-    - runs-on=github.run_id/runner=16cpu-linux-x64/spot=true
+    - runs-on=github.run_id/runner=16cpu-linux-x64/spot=true

.github/workflows/common-testing-big-instance.yml

@@ -29,7 +29,7 @@ on:
         type: string
         required: false
         default: "-F wasm_tests"
-      package-name:
+      crate-names:
         type: string
         required: true
       test-coverage:
@@ -48,9 +48,6 @@ on:
         type: string
         required: false
         default: "big-instance"
-      app-cache-dir:
-        type: string
-        required: true
       nextest-profile:
         type: string
         required: false
@@ -141,11 +138,10 @@ jobs:
       run-minio: ${{ inputs.run-minio }}
       run-redis: ${{ inputs.run-redis }}
       run-wasm: ${{ inputs.run-wasm }}
-      package-name: ${{ inputs.package-name }}
+      crate-names: ${{ inputs.crate-names }}
       wasm-test-feature: ${{ inputs.wasm-test-feature }}
       test-coverage: ${{ inputs.test-coverage }}
       npm-release: ${{ inputs.npm-release }}
-      app-cache-dir: ${{ inputs.app-cache-dir }}
       nextest-profile: ${{ inputs.nextest-profile }}
       nextest-test-threads: ${{ inputs.nextest-test-threads }}
 

.github/workflows/common-testing.yml

@@ -5,7 +5,8 @@ on:
     inputs:
       working-directory:
         type: string
-        required: true
+        required: false
+        default: '.'
       build-publish-docs:
         type: boolean
         required: false
@@ -42,9 +43,19 @@ on:
         type: string
         required: false
         default: '-F wasm_tests'
-      package-name:
+      crate-names:
+        # A list of packages forwarded to cargo, e.g. `-p abc -p def -p ghi`.
+        # Injected verbatim into `cargo clippy` (and effectively into nextest
+        # via `args-tests`). (Formerly named `package-name`.)
         type: string
         required: true
+      skip-test-material:
+        # When true, skip LFS pull, test-material generation, and the
+        # kms-custodian build. Useful for light unit-test-only jobs on
+        # crates that don't need integration test fixtures.
+        type: boolean
+        required: false
+        default: false
       test-coverage:
         type: boolean
         required: false
@@ -57,9 +68,6 @@ on:
         type: boolean
         required: false
         default: false
-      app-cache-dir:
-        type: string
-        required: true
       nextest-profile:
         type: string
         required: false
@@ -158,6 +166,7 @@ jobs:
       # Install git LFS before checkout does not seem possible on our self-hosted runners, so we
       # need to do it right after and then manually pull LFS files
       - name: setup gitlfs from binary
+        if: ${{ ! inputs.skip-test-material }}
         env:
           GIT_LFS_VERSION: '3.6.1'
         run: |
@@ -181,23 +190,14 @@ jobs:
           username: ${{ secrets.CGR_USERNAME }}
           password: ${{ secrets.CGR_PASSWORD }}
 
-      ############################################################################
-      # Initialize Docker Buildx for multi-platform builds.
-      - name: Set up Docker Buildx
-        if: inputs.package-name == 'simulator'
-        uses: ./.github/actions/docker-setup-buildx
-        with:
-          platforms: linux/amd64,linux/arm64
-          buildkitd-flags: --debug
-
       ############################################################################
       # Rust toolchain setup
       #
       - name: Set up Rust and Protoc
         uses: ./.github/actions/setup-rust-and-protoc
         with:
           rust-toolchain: ${{ env.RUST_IMAGE_VERSION }}
-          rust-components: rustfmt, clippy, llvm-tools-preview, llvm-tools
+          rust-components: llvm-tools-preview, llvm-tools
           rust-cache: "false"
           protoc-version: '26.1'
           protoc-repo-token: ${{ secrets.GITHUB_TOKEN }}
@@ -252,30 +252,6 @@ jobs:
           mc mb "${MINIO_ALIAS}"/"${MINIO_BUCKET}"
           mc anonymous set public "${MINIO_ALIAS}"/"${MINIO_BUCKET}"
 
-      - name: Setup cargo dylint
-        run: |
-          cargo install cargo-dylint dylint-link --force
-
-      - name: clippy and rustfmt versions
-        run: |
-          cargo clippy -V && cargo fmt --version
-
-      - name: Formatting
-        run: cargo fmt --all -- --check
-
-      # - name: Linting default features
-      #   env:
-      #     PACKAGE_NAME: ${{inputs.package-name}}
-      #   run: cargo clippy --all-targets --package "${PACKAGE_NAME}" -- -D warnings
-
-      - name: Linting All features
-        env:
-          PACKAGE_NAME: ${{inputs.package-name}}
-        run: cargo clippy --all-targets --all-features --package "${PACKAGE_NAME}" -- -D warnings
-
-      - name: Linting dylint
-        run: cargo dylint --all
-
       # Download pre-generated default test material if available (for slow_tests jobs)
       - name: Download Test Material (Default)
         if: ${{ inputs.use-pregenerated-material }}
@@ -297,23 +273,29 @@ jobs:
       # Generate testing material (always needed, small and fast to generate)
       # Must run from workspace root, not working-directory
       - name: Generate Test Material (Testing)
+        if: ${{ ! inputs.skip-test-material }}
         working-directory: .
         run: |
           echo "Generating testing material..."
+          echo "EXECUTING: cargo run -p generate-test-material -- --output ./test-material --verbose testing"
           cargo run -p generate-test-material -- --output ./test-material --verbose testing
 
       # Generate default material when explicitly requested or for slow_tests,
       # and only when not using pre-generated artifacts.
       - name: Generate Test Material (Default)
-        if: ${{ ! inputs.use-pregenerated-material && (inputs.generate-default-material || contains(inputs.args-tests, 'slow_tests')) }}
+        if: ${{ ! inputs.skip-test-material && ! inputs.use-pregenerated-material && (inputs.generate-default-material || contains(inputs.args-tests, 'slow_tests')) }}
         working-directory: .
         run: |
           echo "Generating default test material..."
+          echo "EXECUTING: cargo run -p generate-test-material --features slow_tests -- --output ./test-material --verbose default"
           cargo run -p generate-test-material --features slow_tests -- --output ./test-material --verbose default
 
       # Build kms-custodian binary required by integration tests
       - name: Build kms-custodian binary
-        run: cargo build --package kms --bin kms-custodian
+        if: ${{ ! inputs.skip-test-material }}
+        run: |
+          echo "EXECUTING: cargo build --package kms --bin kms-custodian"
+          cargo build --package kms --bin kms-custodian
 
       # Test execution
       # Integration tests use pre-generated test material and native KMS servers (no Docker)
@@ -349,19 +331,23 @@ jobs:
           RUNNER_TEMP: ${{ runner.temp }}
           RUST_LOG: ${{ inputs.rust-log-level }}
         run: |
-          # Set NEXTEST_TEST_THREADS only if a value was provided
+          # Build the env-var prefix for the nextest invocation so the printed
+          # `EXECUTING:` line below is exactly what gets run (no implicit
+          # exported state). Copy-paste the echoed command and it reproduces CI.
+          CMD_ENV="RUST_BACKTRACE=full"
+
           if [ -n "${NEXTEST_TEST_THREADS_INPUT}" ]; then
-            export NEXTEST_TEST_THREADS="${NEXTEST_TEST_THREADS_INPUT}"
-            echo "NEXTEST_TEST_THREADS set to: ${NEXTEST_TEST_THREADS}"
+            CMD_ENV="${CMD_ENV} NEXTEST_TEST_THREADS=${NEXTEST_TEST_THREADS_INPUT}"
+            echo "NEXTEST_TEST_THREADS set to: ${NEXTEST_TEST_THREADS_INPUT}"
           else
             echo "NEXTEST_TEST_THREADS not set (using nextest default)"
           fi
 
-          # Enable shared test material mode if requested to save disk space
-          # IMPORTANT: Only use with sequential execution (NEXTEST_TEST_THREADS=1)
-          # Shared mode uses material in-place without copying to temp directories
+          # Enable shared test material mode if requested to save disk space.
+          # IMPORTANT: Only use with sequential execution (NEXTEST_TEST_THREADS=1).
+          # Shared mode uses material in-place without copying to temp directories.
           if [[ "${ENABLE_SHARED_MATERIAL}" == "true" ]]; then
-            export KMS_TEST_SHARED_MATERIAL=1
+            CMD_ENV="${CMD_ENV} KMS_TEST_SHARED_MATERIAL=1"
             echo "KMS_TEST_SHARED_MATERIAL=1 (using shared material in-place, no copying)"
             echo "This saves ~80GB+ disk space by avoiding material duplication"
           else
@@ -377,8 +363,12 @@ jobs:
           echo "output=json" >> ~/.aws/config &&
           echo "region=${AWS_DEFAULT_REGION}" >> ~/.aws/config &&
           echo "endpoint_url=${AWS_ENDPOINT}" >> ~/.aws/config &&
-          cat ~/.aws/config &&
-          RUST_BACKTRACE=full cargo nextest --profile "${NEXTEST_PROFILE}" run --no-fail-fast ${ARGS_TESTS:+$ARGS_TESTS}
+          cat ~/.aws/config
+          # Intentional word-splitting on CMD_ENV and ARGS_TESTS.
+          # shellcheck disable=SC2086
+          echo "EXECUTING: env ${CMD_ENV} cargo nextest --profile ${NEXTEST_PROFILE} run --no-fail-fast ${ARGS_TESTS:+$ARGS_TESTS}"
+          # shellcheck disable=SC2086
+          env ${CMD_ENV} cargo nextest --profile "${NEXTEST_PROFILE}" run --no-fail-fast ${ARGS_TESTS:+$ARGS_TESTS}
 
       - name: Copy Test Results
         if: (!cancelled() || !failure() && github.event_name == 'pull_request')
@@ -445,11 +435,22 @@ jobs:
         run: echo "id=$(date "+%s%N" | md5sum | head -c 8)" >> "$GITHUB_OUTPUT"
         shell: bash
 
+      # `package-name` holds cargo flags like `-p kms` or `-p a -p b -p c`.
+      # Strip the `-p` tokens and join remaining crate names with `_` so the
+      # artifact label stays readable (e.g. `kms`, `a_b_c`).
+      - name: Compute logs label
+        if: always()
+        id: logs-label
+        env:
+          CRATE_NAMES: ${{ inputs.crate-names }}
+        shell: bash
+        run: echo "value=$(echo "${CRATE_NAMES}" | sed -E 's/-p +//g' | tr ' ' '_')" >> "$GITHUB_OUTPUT"
+
       - name: Archive integration test trace logs
         if: always()
         uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
         with:
-          name: logs-${{ inputs.package-name }}-${{ github.workflow }}-${{ github.run_number }}-${{ github.job }}-${{ steps.unique-id.outputs.id }}
+          name: logs-${{ steps.logs-label.outputs.value }}-${{ github.workflow }}-${{ github.run_number }}-${{ github.job }}-${{ steps.unique-id.outputs.id }}
           path: '**/*.log'
           retention-days: 30
           if-no-files-found: ignore