name: CI
on:
push:
branches: [main]
pull_request:
branches: [main]
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
permissions:
contents: read
env:
CARGO_TERM_COLOR: always
CARGO_INCREMENTAL: 0
RUST_BACKTRACE: 1
jobs:
commit-check:
name: Verificar trailers de commit (anti-bot-coauthor)
runs-on: ubuntu-latest
if: github.event_name == 'pull_request'
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Bloquear Co-authored-by de bots
shell: bash
run: |
BOTS="dependabot\[bot\]|renovate\[bot\]|github-actions\[bot\]"
COMMITS=$(git log origin/${{ github.base_ref }}..HEAD --format="%H %s")
FOUND=0
while IFS= read -r line; do
SHA=${line%% *}
MSG=$(git log -1 --format="%B" "$SHA")
if echo "$MSG" | rg -qi "Co-authored-by:.*($BOTS)"; then
echo "ERRO: commit $SHA contém Co-authored-by de bot:"
echo "$MSG" | rg -i "Co-authored-by:"
FOUND=1
fi
done <<< "$COMMITS"
if [ "$FOUND" -eq 1 ]; then
echo ""
echo "Use 'Squash and merge' com 'Use pull request title and description'"
echo "para evitar trailers Co-authored-by de bots na branch main."
exit 1
fi
echo "OK: nenhum trailer Co-authored-by de bot encontrado."
check:
name: Check (${{ matrix.os }})
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os:
- ubuntu-latest
- macos-latest
- windows-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Instalar toolchain Rust estável
uses: dtolnay/rust-toolchain@stable
with:
components: rustfmt, clippy
- name: Cache de dependências Rust
uses: Swatinem/rust-cache@v2
with:
shared-key: ${{ matrix.os }}-stable
- name: Verificar formatação (cargo fmt)
run: cargo fmt --all --check
- name: Análise estática (cargo clippy)
run: cargo clippy --all-targets --all-features -- -D warnings
- name: Compilação (cargo check)
run: cargo check --all-targets
- name: Testes (cargo test)
run: cargo test --all-features
env:
RUST_LOG: debug
- name: Documentação (cargo doc)
run: cargo doc --no-deps --all-features
env:
RUSTDOCFLAGS: -D warnings
msrv:
name: MSRV (verificacao estatica rust-version 1.75)
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Instalar ripgrep
run: sudo apt-get update && sudo apt-get install -y ripgrep
- name: Verificar declaracao MSRV no Cargo.toml
shell: bash
run: |
if ! rg -q '^rust-version\s*=\s*"1\.75"' Cargo.toml; then
echo "ERRO: Cargo.toml nao declara rust-version = \"1.75\"" >&2
echo "Canonico Sessao 09: rust-version = 1.75 e INVIOLAVEL" >&2
rg '^rust-version' Cargo.toml || echo "(rust-version nao encontrado)"
exit 1
fi
echo "OK: Cargo.toml declara rust-version = \"1.75\""
echo "NOTA: Verificacao ativa de build em Rust 1.75 foi simplificada em v0.2.7"
echo "devido a migracao do ecosystem Rust para edition2024."
echo "Veja CHANGELOG.md [0.2.7] para justificativa completa."
security-audit:
name: Auditoria de segurança (cargo audit)
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Instalar toolchain Rust estável
uses: dtolnay/rust-toolchain@stable
- name: Cache de dependências Rust
uses: Swatinem/rust-cache@v2
with:
shared-key: ubuntu-stable-audit
- name: Instalar cargo-audit
run: cargo install cargo-audit --locked
- name: Auditar vulnerabilidades conhecidas
run: cargo audit
supply-chain:
name: Supply chain (cargo deny)
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Instalar toolchain Rust estável
uses: dtolnay/rust-toolchain@stable
- name: Cache de dependências Rust
uses: Swatinem/rust-cache@v2
with:
shared-key: ubuntu-stable-deny
- name: Instalar cargo-deny
run: cargo install cargo-deny --locked
- name: Verificar advisories, licenças, banimentos e fontes
run: cargo deny check advisories licenses bans sources
coverage:
name: Cobertura de testes (cargo llvm-cov)
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Instalar toolchain Rust estável com llvm-tools-preview
uses: dtolnay/rust-toolchain@stable
with:
components: llvm-tools-preview
- name: Cache de dependências Rust
uses: Swatinem/rust-cache@v2
with:
shared-key: ubuntu-stable-coverage
- name: Instalar cargo-llvm-cov
run: cargo install cargo-llvm-cov --locked
- name: Medir cobertura (mínimo 80% de linhas — ignorando dispatchers estruturais)
run: cargo llvm-cov --all-features --ignore-filename-regex '(src/cli\.rs|src/lib\.rs|src/main\.rs)$' --fail-under-lines 80 --text --summary-only
check-alpine-musl:
name: Verificar compilação Alpine musl (x86_64-unknown-linux-musl)
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Instalar musl-tools e toolchain Rust estável
run: |
sudo apt-get update
sudo apt-get install -y musl-tools musl-dev
- name: Instalar toolchain Rust estável com target musl
uses: dtolnay/rust-toolchain@stable
with:
targets: x86_64-unknown-linux-musl
- name: Cache de dependências Rust (musl)
uses: Swatinem/rust-cache@v2
with:
shared-key: ubuntu-musl-check
- name: Verificar compilação para Alpine musl
run: cargo check --target x86_64-unknown-linux-musl --all-targets
env:
CARGO_TARGET_X86_64_UNKNOWN_LINUX_MUSL_LINKER: musl-gcc