1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
name: CI
on:
push:
branches:
pull_request:
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
ci:
# Pinned to a SHA (immutable) rather than @main (mutable). Bump
# deliberately when upstream rust-ci.yml changes are worth absorbing.
uses: sebastienrousseau/pipelines/.github/workflows/rust-ci.yml@3b0c5ce38f72e1b765265a172ac7407daad7f244 # tracks main 2026-06-28
with:
rust-version: 'stable'
run-coverage: true
# Local cargo-audit + cargo-deny jobs supersede the reusable audit.
run-audit: false
# Validate the README's "Linux, macOS, Windows" claim. Matrix is
# macos-latest + windows-latest; needs the linux check to pass.
run-cross-platform: true
# `coverage-exclude: 'crates/*'` removed — no `crates/` directory
# exists in the repo since the v0.0.3 noyalib migration.
secrets:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
security:
uses: sebastienrousseau/pipelines/.github/workflows/security.yml@3b0c5ce38f72e1b765265a172ac7407daad7f244 # tracks main 2026-06-28
with:
language: rust
fail-on-vulnerability: true
deny:
name: cargo-deny
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: EmbarkStudios/cargo-deny-action@v2
with:
command: check all
arguments: --all-features
audit:
name: cargo-audit
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
- uses: Swatinem/rust-cache@v2
- run: cargo install --locked cargo-audit
- run: cargo audit --deny warnings
# Docs are built and deployed by .github/workflows/docs.yml on push to main.
# The previous external `pipelines/docs.yml` reusable workflow wrote to a
# gh-pages branch; the new local workflow uses the Pages-from-Actions deploy.