1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
# Build, test, and lint on every push and pull request.
#
# The release workflows only build; this is what actually guards main —
# dotprot's whole value is its safety guarantees, and those are enforced by
# the test suite (verify-then-delete ordering, restore-path hardening, vault
# scoping).
name: CI
on:
push:
branches:
pull_request:
permissions:
contents: read
env:
CARGO_TERM_COLOR: always
jobs:
test:
name: test (${{ matrix.os }})
strategy:
fail-fast: false
# Windows is in the matrix because the permission hardening is
# cfg(unix)-gated; the suite must pass on both sides of that gate.
matrix:
os:
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v6
- uses: dtolnay/rust-toolchain@stable
- run: cargo build --locked
- run: cargo test --locked
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- uses: dtolnay/rust-toolchain@stable
with:
components: clippy, rustfmt
- run: cargo fmt --all --check
- run: cargo clippy --all-targets --locked -- -D warnings