name: CI
on:
pull_request:
schedule:
- cron: "0 6 * * 1"
permissions:
contents: read
jobs:
quality:
name: Quality
if: github.event_name != 'schedule'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/setup-rust-toolchain
with:
components: rustfmt, clippy
- uses: Swatinem/rust-cache@v2
with:
shared-key: check
save-if: false
- name: Format
run: cargo fmt --all -- --check
- name: Lint
run: cargo clippy --workspace --all-targets --all-features -- -D warnings
test-default:
name: Test (default)
if: github.event_name != 'schedule'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/setup-rust-toolchain
- uses: Swatinem/rust-cache@v2
with:
shared-key: check
save-if: false
- name: Test
run: cargo test --workspace
- name: Doc tests
run: cargo test --workspace --doc
test-tls:
name: Test (TLS)
if: github.event_name != 'schedule'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/setup-rust-toolchain
- uses: Swatinem/rust-cache@v2
with:
shared-key: check
save-if: false
- name: Test (TLS)
run: cargo test --features tls
targets:
name: Targets
if: github.event_name != 'schedule'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/setup-rust-toolchain
with:
targets: wasm32-unknown-unknown, wasm32-wasip2
- uses: Swatinem/rust-cache@v2
with:
shared-key: check
save-if: false
- name: Core (no_std)
run: cargo build -p ferrokinesis-core --no-default-features
- name: Core (wasm32)
run: cargo build -p ferrokinesis-core --no-default-features --target wasm32-unknown-unknown
- name: Ferrokinesis (native no-default-features lib)
run: cargo test --no-default-features --lib
- name: Ferrokinesis (wasm32 library)
run: cargo check --target wasm32-unknown-unknown --no-default-features --features wasm
- name: Ferrokinesis WASI binary
run: cargo build --target wasm32-wasip2 --no-default-features --features wasi --bin ferrokinesis-wasi
wasm:
name: WASM
if: github.event_name != 'schedule'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/setup-rust-toolchain
with:
targets: wasm32-unknown-unknown
- uses: Swatinem/rust-cache@v2
with:
shared-key: check
save-if: false
- name: Install wasm-pack
run: cargo install wasm-pack
- name: Ferrokinesis WASM wrapper
run: cargo check -p ferrokinesis-wasm --target wasm32-unknown-unknown
- name: WASM tests
run: wasm-pack test --node crates/ferrokinesis-wasm
check:
name: Check
if: ${{ github.event_name != 'schedule' && always() }}
runs-on: ubuntu-latest
needs:
- quality
- test-default
- test-tls
- targets
- wasm
steps:
- name: Verify required jobs passed
env:
QUALITY_RESULT: ${{ needs.quality.result }}
TEST_DEFAULT_RESULT: ${{ needs.test-default.result }}
TEST_TLS_RESULT: ${{ needs.test-tls.result }}
TARGETS_RESULT: ${{ needs.targets.result }}
WASM_RESULT: ${{ needs.wasm.result }}
run: |
for result in \
"$QUALITY_RESULT" \
"$TEST_DEFAULT_RESULT" \
"$TEST_TLS_RESULT" \
"$TARGETS_RESULT" \
"$WASM_RESULT"; do
if [ "$result" != "success" ]; then
echo "::error::A required Check shard finished with result: $result"
exit 1
fi
done
browser-demo:
name: Browser Demo
if: github.event_name != 'schedule'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/setup-rust-toolchain
with:
targets: wasm32-unknown-unknown
- uses: Swatinem/rust-cache@v2
with:
save-if: false
- uses: actions/setup-node@v4
with:
node-version: 22
cache: npm
cache-dependency-path: demo/package-lock.json
- name: Install wasm-pack
run: cargo install wasm-pack --version 0.14.0 --locked
- name: Install demo dependencies
run: npm ci --prefix demo
- name: Install Playwright browser
run: |
cd demo
npx playwright install --with-deps chromium
- name: Browser demo smoke test
run: npm --prefix demo run test:smoke
- name: Upload Playwright report
if: failure()
uses: actions/upload-artifact@v4
with:
name: playwright-report
path: |
demo/playwright-report/
demo/test-results/
coverage:
name: Coverage
if: github.event_name != 'schedule'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/setup-rust-toolchain
with:
components: llvm-tools-preview
- uses: Swatinem/rust-cache@v2
with:
shared-key: check
save-if: false
- name: Install cargo-llvm-cov
uses: taiki-e/install-action@cargo-llvm-cov
- name: Generate coverage
run: cargo llvm-cov --lcov --output-path lcov.info
- name: Upload to Codecov
uses: codecov/codecov-action@v5
with:
files: lcov.info
fail_ci_if_error: false
benchmark:
name: Benchmark
if: github.event_name == 'pull_request'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: ./.github/actions/setup-rust-toolchain
- uses: Swatinem/rust-cache@v2
with:
shared-key: check
- name: Install critcmp
uses: taiki-e/install-action@v2
with:
tool: critcmp
- name: Benchmark base branch
id: bench_base
continue-on-error: true
run: |
git checkout ${{ github.event.pull_request.base.sha }}
cargo bench --bench kinesis_api -- --save-baseline base
- name: Benchmark PR branch
run: |
git checkout ${{ github.event.pull_request.head.sha }}
cargo bench --bench kinesis_api -- --save-baseline pr
- name: Compare and gate on >10% regression
if: steps.bench_base.outcome == 'success'
run: |
critcmp base pr --threshold 10 | tee bench-comparison.txt
if critcmp base pr --threshold 10 2>&1 | grep -qiE 'regressed'; then
echo "::error::Benchmark regression >10% detected"
exit 1
fi
- name: Upload benchmark artifacts
if: always()
uses: actions/upload-artifact@v4
with:
name: benchmark-results
path: |
target/criterion/
bench-comparison.txt
retention-days: 90
audit:
name: Security Audit
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: EmbarkStudios/cargo-deny-action@v2
with:
command: check advisories bans licenses sources