1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
# GitLab CI/CD Configuration for num-valid
# This configuration runs tests with all feature and build mode combinations,
# verifies test coverage and updates badges
# Defines Docker images and pipeline stages
stages:
- build
- test
- coverage
- badges
- security
# Global variables
variables:
CARGO_HOME: $CI_PROJECT_DIR/.cargo
CARGO_TARGET_DIR: $CI_PROJECT_DIR/target
RUST_BACKTRACE: "1"
SECRET_DETECTION_ENABLED: 'true'
# Cache to speed up builds
cache:
key:
files:
- Cargo.lock
- Cargo.toml
paths:
- .cargo/
- target/
- $HOME/.cargo/bin/cargo-llvm-cov
# Base template for Rust jobs
.rust_template:
image: rustlang/rust:nightly
tags:
- gentoo # Uses the local runner with tag "gentoo"
before_script:
- apt-get update && apt-get install -y libgmp-dev libmpfr-dev libmpc-dev
- rustc --version
- cargo --version
- cargo fetch
# ================================
# BUILD PHASE - Verify compilation
# ================================
build_without_rug:
<<: *rust_template
stage: build
script:
- echo "Building without rug feature..."
- cargo check --all-targets
- cargo check --all-targets --release
artifacts:
reports:
junit: test-results.xml
expire_in: 1 hour
rules:
- if: $CI_COMMIT_BRANCH == "master"
build_with_rug:
<<: *rust_template
stage: build
script:
- echo "Building with rug feature..."
- cargo check --all-targets --features rug
- cargo check --all-targets --features rug --release
artifacts:
reports:
junit: test-results.xml
expire_in: 1 hour
rules:
- if: $CI_COMMIT_BRANCH == "master"
# ================================
# TEST PHASE - All combinations
# ================================
# Tests without "rug" feature in Debug
test_debug_no_rug:
<<: *rust_template
stage: test
needs:
script:
- echo "Running tests in Debug mode without rug feature..."
- cargo test --all-targets --verbose
artifacts:
reports:
junit: test-results.xml
expire_in: 1 week
rules:
- if: $CI_COMMIT_BRANCH == "master"
# Tests without "rug" feature in Release
test_release_no_rug:
<<: *rust_template
stage: test
needs:
script:
- echo "Running tests in Release mode without rug feature..."
- cargo test --all-targets --release --verbose
artifacts:
reports:
junit: test-results.xml
expire_in: 1 week
rules:
- if: $CI_COMMIT_BRANCH == "master"
# Tests with "rug" feature in Debug
test_debug_with_rug:
<<: *rust_template
stage: test
needs:
script:
- echo "Running tests in Debug mode with rug feature..."
- cargo test --all-targets --features rug --verbose
artifacts:
reports:
junit: test-results.xml
expire_in: 1 week
rules:
- if: $CI_COMMIT_BRANCH == "master"
# Tests with "rug" feature in Release
test_release_with_rug:
<<: *rust_template
stage: test
needs:
script:
- echo "Running tests in Release mode with rug feature..."
- cargo test --all-targets --features rug --release --verbose
artifacts:
reports:
junit: test-results.xml
expire_in: 1 week
rules:
- if: $CI_COMMIT_BRANCH == "master"
# Benchmark tests (without running them, only verify compilation)
test_benchmarks:
<<: *rust_template
stage: test
script:
- echo "Checking benchmarks compilation..."
- cargo check --benches
- cargo check --benches --features rug
allow_failure: true
rules:
- if: $CI_COMMIT_BRANCH == "master"
# ================================
# COVERAGE PHASE - Test coverage
# ================================
coverage:
<<: *rust_template
stage: coverage
needs:
- test_debug_no_rug
- test_release_no_rug
- test_debug_with_rug
- test_release_with_rug
script:
- rustup component add llvm-tools-preview
- command -v cargo-llvm-cov || cargo install cargo-llvm-cov
- echo "Running combined coverage analysis..."
- cargo llvm-cov clean --workspace
# Run the tests for all configurations accumulating data
- cargo llvm-cov --no-report --workspace
- cargo llvm-cov --no-report --release --workspace
- cargo llvm-cov --no-report --features rug --workspace
- cargo llvm-cov --no-report --release --features rug --workspace
# Generate combined reports
- cargo llvm-cov report --html --output-dir coverage
- cargo llvm-cov report --cobertura --output-path coverage/cobertura.xml
- COVERAGE=$(cargo llvm-cov report --summary-only | grep -oP 'TOTAL\s+\d+\s+\d+\s+\K[\d.]+')
- 'echo "Total Coverage: $COVERAGE%"'
- echo "COVERAGE=$COVERAGE" > coverage/coverage.env
artifacts:
reports:
coverage_report:
coverage_format: cobertura
path: coverage/cobertura.xml
paths:
- coverage/
expire_in: 1 week
coverage: '/Total Coverage: ([\d.]+)%/'
rules:
- if: $CI_COMMIT_BRANCH == "master"
# ================================
# BADGES PHASE - Update badges
# ================================
# Job to generate pipeline badges
update_badges:
stage: badges
image: alpine:latest
tags:
- gentoo
needs:
- coverage
before_script:
- apk add --no-cache curl jq bc
script:
- source coverage/coverage.env || true
- echo "Updating badges..."
- 'if [ "$CI_PIPELINE_STATUS" = "success" ]; then PIPELINE_BADGE_COLOR="brightgreen"; PIPELINE_BADGE_MESSAGE="passing"; else PIPELINE_BADGE_COLOR="red"; PIPELINE_BADGE_MESSAGE="failing"; fi'
- 'if [ -n "$COVERAGE" ]; then if (( $(echo "$COVERAGE >= 90" | bc -l) )); then COVERAGE_BADGE_COLOR="brightgreen"; elif (( $(echo "$COVERAGE >= 75" | bc -l) )); then COVERAGE_BADGE_COLOR="yellow"; else COVERAGE_BADGE_COLOR="red"; fi; COVERAGE_BADGE_MESSAGE="${COVERAGE}%"; else COVERAGE_BADGE_COLOR="lightgrey"; COVERAGE_BADGE_MESSAGE="unknown"; fi'
- echo "Pipeline Status Badge URL:"
- echo "https://img.shields.io/badge/pipeline-${PIPELINE_BADGE_MESSAGE}-${PIPELINE_BADGE_COLOR}.svg"
- echo ""
- echo "Coverage Badge URL:"
- echo "https://img.shields.io/badge/coverage-${COVERAGE_BADGE_MESSAGE}-${COVERAGE_BADGE_COLOR}.svg"
- echo ""
- echo "GitLab Pipeline Badge URL:"
- echo "${CI_PROJECT_URL}/badges/${CI_DEFAULT_BRANCH}/pipeline.svg"
- echo ""
- echo "GitLab Coverage Badge URL (if coverage reporting is enabled):"
- echo "${CI_PROJECT_URL}/badges/${CI_DEFAULT_BRANCH}/coverage.svg"
artifacts:
expire_in: 1 week
rules:
- if: $CI_COMMIT_BRANCH == "master"
# ================================
# ADDITIONAL JOBS
# ================================
# Code formatting verification
fmt_check:
<<: *rust_template
stage: test
script:
- rustup component add rustfmt
- echo "Checking code formatting..."
- cargo fmt --all -- --check
allow_failure: true
# Clippy verification
clippy_check:
<<: *rust_template
stage: test
script:
- rustup component add clippy
- echo "Running clippy lints..."
- cargo clippy --all-targets -- -D warnings
- cargo clippy --all-targets --features rug -- -D warnings
allow_failure: true
# Documentation verification
doc_check:
<<: *rust_template
stage: test
script:
- echo "Checking documentation..."
- cargo doc --no-deps --document-private-items
- cargo doc --no-deps --document-private-items --features rug
artifacts:
paths:
- target/doc/
expire_in: 1 week
allow_failure: true
# Job for documentation deployment
pages:
stage: badges
image: alpine:latest
tags:
- gentoo
needs:
script:
- mkdir -p public
- cp -r target/doc/* public/
artifacts:
paths:
- public
rules:
- if: $CI_COMMIT_BRANCH == "master"
# ================================
# SPECIAL CONFIGURATIONS
# ================================
# Job that runs only on schedules (for comprehensive nightly tests)
nightly_full_test:
<<: *rust_template
stage: test
script:
- echo "Running comprehensive nightly tests..."
- cargo test --all-targets --verbose
- cargo test --all-targets --features rug --verbose --release
- timeout 300 cargo bench --features rug || echo "Benchmarks completed or timed out"
rules:
- if: $CI_PIPELINE_SOURCE == "schedule"
allow_failure: true
# ================================
# SECURITY
# ================================
# Job to verify security dependencies
security_audit:
<<: *rust_template
stage: security
before_script:
- cargo install cargo-audit
script:
- echo "Running security audit..."
- cargo audit
allow_failure: true
rules:
- if: $CI_PIPELINE_SOURCE == "schedule"
- if: $CI_COMMIT_BRANCH == "master"
# Secret detection (kept from original file)
secret_detection:
stage: security
# Include security templates
include:
- template: Security/Secret-Detection.gitlab-ci.yml