1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
name: CI
on:
push:
branches:
pull_request:
branches:
env:
CARGO_TERM_COLOR: always
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
# @stable intentionally tracks the current stable channel for CI.
- uses: dtolnay/rust-toolchain@stable
with:
components: clippy, rustfmt
- uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32 # v2
- name: Format check
run: cargo fmt --check
- name: Clippy
run: cargo clippy --all-targets -- -D warnings
- name: Tests
run: cargo test
wasm:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- uses: dtolnay/rust-toolchain@stable
with:
targets: wasm32-unknown-unknown
- uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32 # v2
- name: Check WASM target
run: cargo check --target wasm32-unknown-unknown
# Build the browser verification + monitor SDK exactly as the release pipeline
# does, so a packaging regression (e.g. a wasm-bindgen export that fails to
# generate bindings) is caught on every PR rather than only at tag time.
wasm-build:
runs-on: ubuntu-latest
env:
WASM_PACK_VERSION: "0.14.0"
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- uses: dtolnay/rust-toolchain@stable
with:
targets: wasm32-unknown-unknown
- uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32 # v2
- name: Install wasm-pack
run: cargo install wasm-pack --version "${WASM_PACK_VERSION}" --locked
- name: Build WASM SDK (--target web)
run: wasm-pack build --target web --release
# Cross-language byte-parity KAT (#335): drive the wasm-bindgen exports under
# Node and assert the WASM personality reproduces the native KAT vectors
# byte-for-byte. Node 22 supports the ESM test runner wasm-bindgen-test emits.
cross-language-kat:
runs-on: ubuntu-latest
env:
WASM_PACK_VERSION: "0.14.0"
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- uses: dtolnay/rust-toolchain@stable
with:
targets: wasm32-unknown-unknown
- uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32 # v2
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
with:
node-version: "22"
- name: Install wasm-pack
run: cargo install wasm-pack --version "${WASM_PACK_VERSION}" --locked
- name: Run cross-language byte-parity KAT (Rust core <-> WASM)
run: wasm-pack test --node --test cross_language
audit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- uses: rustsec/audit-check@69366f33c96575abad1ee0dba8212993eecbe998 # v2.0.0
with:
token: ${{ secrets.GITHUB_TOKEN }}
# Slice 7 (#337): the deterministic ingestion primitives. The `test` job above
# already runs the whole suite, but this dedicated job keeps the ingestion
# conformance (sequencer monotonicity, idempotent-append dedup KAT, tile flush
# geometry vs the audited tlog-tiles substrate, and the read-path trait bridge)
# individually visible and required.
ingestion:
name: Ingestion primitives (Slice 7)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- uses: dtolnay/rust-toolchain@stable
- uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32 # v2
- name: Ingestion conformance (lib + integration + doctests)
run: |
cargo test --lib ingest::
cargo test --test ingestion
cargo test --doc ingest
# Slice 7 (#337): throughput benchmark for the ingestion primitives. This is a
# dependency-free `harness = false` bench (no criterion). It is NOT an
# end-to-end ingest claim (that depends on the operator pipeline + storage
# backend, out of scope here); it asserts deliberately conservative floors so a
# catastrophic primitive regression fails CI without flaking on a loaded runner.
throughput-benchmark:
name: Ingestion throughput benchmark (Slice 7)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- uses: dtolnay/rust-toolchain@stable
- uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32 # v2
- name: Run ingestion throughput benchmark
run: cargo bench --bench ingestion
msrv:
# Verify the crate still builds on its declared MSRV (rust-version in
# Cargo.toml), so the "1.85" promise to downstream users stays honest.
# The release pipeline builds with a newer toolchain; this guards the floor.
name: MSRV (1.85)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # v1
with:
toolchain: "1.85"
targets: wasm32-unknown-unknown
- uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32 # v2
- name: Build on MSRV
run: cargo build --locked
- name: Build WASM target on MSRV
run: cargo check --locked --target wasm32-unknown-unknown