name: CI
on:
push:
branches: [master]
pull_request:
branches: [master]
env:
CARGO_TERM_COLOR: always
RUST_BACKTRACE: 1
FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
jobs:
check:
name: Rust Check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@stable
with:
components: rustfmt, clippy
- name: Cache cargo artifacts
uses: Swatinem/rust-cache@v2
with:
cache-on-failure: true
- name: Comment out private atheneum dependency for CI
run: |
sed -i 's/^default = \["atheneum"\]/default = []/' Cargo.toml
sed -i 's/atheneum = \["dep:atheneum"\]/atheneum = []/' Cargo.toml
sed -i '/^atheneum = { path = "\.\.\//s/^/# /' Cargo.toml
- name: cargo fmt
run: cargo fmt --all -- --check
- name: cargo clippy
run: cargo clippy --all-targets -- -D warnings
- name: cargo check
run: cargo check --all-targets
- name: Install cargo-audit
uses: taiki-e/install-action@cargo-audit
- name: cargo audit
run: cargo audit
test:
name: Tests
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@stable
- name: Cache cargo artifacts
uses: Swatinem/rust-cache@v2
with:
cache-on-failure: true
- name: Comment out private atheneum dependency for CI
run: |
sed -i 's/^default = \["atheneum"\]/default = []/' Cargo.toml
sed -i 's/atheneum = \["dep:atheneum"\]/atheneum = []/' Cargo.toml
sed -i '/^atheneum = { path = "\.\.\//s/^/# /' Cargo.toml
- name: cargo test
run: cargo test --all
e2e:
name: E2E Test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@stable
- name: Cache cargo artifacts
uses: Swatinem/rust-cache@v2
with:
cache-on-failure: true
- name: Comment out private atheneum dependency for CI
run: |
sed -i 's/^default = \["atheneum"\]/default = []/' Cargo.toml
sed -i 's/atheneum = \["dep:atheneum"\]/atheneum = []/' Cargo.toml
sed -i '/^atheneum = { path = "\.\.\//s/^/# /' Cargo.toml
- name: Build release binary
run: cargo build --release
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: "22"
- name: Run E2E test
run: node tests/e2e-message-delivery.js ./target/release/envoy
lint:
name: Semgrep + Docs
runs-on: ubuntu-latest
container:
image: semgrep/semgrep:latest
steps:
- uses: actions/checkout@v4
- name: Semgrep OSS scan
run: semgrep ci --oss-only --config p/rust --config .semgrep/rules/
- name: Check public docs for AI/LLM terminology
run: |
if grep -riE "\bLLM\b|\bAI assistant\b|production-ready" README.md MANUAL.md CHANGELOG.md Cargo.toml 2>/dev/null; then
echo "FAIL: AI/LLM terminology found in public documentation"
exit 1
fi
- name: Check license is GPL-3.0 only
run: |
if grep -q "GPL-3.0-or-later" Cargo.toml; then
echo "FAIL: License must be GPL-3.0 only, not GPL-3.0-or-later"
exit 1
fi
- name: Check public docs for exaggerated claims
run: |
if grep -ri "production-ready" README.md MANUAL.md CHANGELOG.md 2>/dev/null; then
echo "FAIL: No software is production-ready"
exit 1
fi
gitleaks:
name: Gitleaks Secret Scan
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Install and run Gitleaks
run: |
curl -sL https://github.com/zricethezav/gitleaks/releases/download/v8.24.3/gitleaks_8.24.3_linux_x64.tar.gz | tar -xz -C /usr/local/bin gitleaks
gitleaks detect --verbose --config .gitleaks.toml