name: CI on: push: branches: - "**" pull_request: branches: - main env: CARGO_TERM_COLOR: always RUSTFLAGS: "-D warnings" # sccache caches compilation artifacts within a job so that compiling # both --features server and --features web shares common crate work. RUSTC_WRAPPER: /usr/local/bin/sccache SCCACHE_DIR: /tmp/sccache # Cancel in-progress runs for the same branch/PR concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true jobs: # --------------------------------------------------------------------------- # Stage 1: Code quality checks (run in parallel) # --------------------------------------------------------------------------- fmt: name: Format runs-on: docker container: image: rust:1.89-bookworm steps: - name: Checkout run: | git init git remote add origin "${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git" git fetch --depth=1 origin "${GITHUB_SHA}" git checkout FETCH_HEAD - run: rustup component add rustfmt # Format check does not compile, so sccache is not needed here. - run: cargo fmt --all --check env: RUSTC_WRAPPER: "" clippy: name: Clippy runs-on: docker container: image: rust:1.89-bookworm steps: - name: Checkout run: | git init git remote add origin "${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git" git fetch --depth=1 origin "${GITHUB_SHA}" git checkout FETCH_HEAD - name: Install sccache run: | curl -fsSL https://github.com/mozilla/sccache/releases/download/v0.9.1/sccache-v0.9.1-x86_64-unknown-linux-musl.tar.gz \ | tar xz --strip-components=1 -C /usr/local/bin/ sccache-v0.9.1-x86_64-unknown-linux-musl/sccache chmod +x /usr/local/bin/sccache - run: rustup component add clippy # Lint the agent (native only). - name: Clippy (agent) run: cargo clippy -p compliance-agent -- -D warnings # Lint the dashboard for both feature sets independently. # sccache deduplicates shared crates between the two compilations. - name: Clippy (dashboard server) run: cargo clippy -p compliance-dashboard --features server --no-default-features -- -D warnings - name: Clippy (dashboard web) run: cargo clippy -p compliance-dashboard --features web --no-default-features -- -D warnings - name: Show sccache stats run: sccache --show-stats if: always() audit: name: Security Audit runs-on: docker if: github.ref == 'refs/heads/main' container: image: rust:1.89-bookworm steps: - name: Checkout run: | git init git remote add origin "${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git" git fetch --depth=1 origin "${GITHUB_SHA}" git checkout FETCH_HEAD - run: cargo install cargo-audit env: RUSTC_WRAPPER: "" - run: cargo audit env: RUSTC_WRAPPER: "" # --------------------------------------------------------------------------- # Stage 2: Tests (only after all quality checks pass) # --------------------------------------------------------------------------- test: name: Tests runs-on: docker needs: [fmt, clippy, audit] container: image: rust:1.89-bookworm steps: - name: Checkout run: | git init git remote add origin "${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git" git fetch --depth=1 origin "${GITHUB_SHA}" git checkout FETCH_HEAD - name: Install sccache run: | curl -fsSL https://github.com/mozilla/sccache/releases/download/v0.9.1/sccache-v0.9.1-x86_64-unknown-linux-musl.tar.gz \ | tar xz --strip-components=1 -C /usr/local/bin/ sccache-v0.9.1-x86_64-unknown-linux-musl/sccache chmod +x /usr/local/bin/sccache - name: Run tests (core + agent) run: cargo test -p compliance-core -p compliance-agent - name: Run tests (dashboard server) run: cargo test -p compliance-dashboard --features server --no-default-features - name: Run tests (dashboard web) run: cargo test -p compliance-dashboard --features web --no-default-features - name: Show sccache stats run: sccache --show-stats if: always()