1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
name: CI
on:
push:
branches:
pull_request:
env:
CARGO_TERM_COLOR: always
jobs:
check:
# macOS matches release.yml — rquest/boring-sys links cleanly here, unlike
# Linux CI. Keeps the gate on the same platform we ship.
runs-on: macos-latest
steps:
- uses: actions/checkout@v4
- name: Install Rust
uses: dtolnay/rust-toolchain@stable
with:
components: rustfmt, clippy
- uses: Swatinem/rust-cache@v2
- name: Format
run: cargo fmt --all --check
- name: Clippy
run: cargo clippy --all-targets --locked -- -D warnings
- name: Test
run: cargo test --locked
# Linux build without the stealth feature (wreq/BoringSSL doesn't link on
# Linux runners) — proves the container/agent-fleet build stays green.
linux:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install Rust
uses: dtolnay/rust-toolchain@stable
- uses: Swatinem/rust-cache@v2
- name: Test (no stealth)
run: cargo test --locked --no-default-features
# Advisory + license + source gate. wreq is a pre-release pin inherited
# from the yanked rquest crate — exactly the dependency class to watch.
deny:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: EmbarkStudios/cargo-deny-action@v2
with:
command: check advisories licenses sources