pre-commit:
parallel: true
commands:
rustfmt-check:
glob: "*.rs"
run: cargo fmt --all -- --check
clippy:
glob: "*.rs"
run: cargo clippy --all-targets --features full -- -D warnings
cargo-deny:
run: cargo deny check 2>/dev/null || true
no-private-key:
run: "! git diff --cached --name-only | xargs -r grep -IlE 'BEGIN (RSA|OPENSSH|PGP|EC|PRIVATE) PRIVATE KEY|sk-[A-Za-z0-9]{20,}'"
commit-msg:
commands:
conventional:
run: 'grep -qE "^(feat|fix|refactor|docs|test|chore|perf|ci|build|revert|style)(\(.+\))?!?: .+" {1}'
pre-push:
commands:
cargo-audit:
run: cargo audit 2>/dev/null || true
coverage-95:
name: coverage ≥95% lines
run: cargo llvm-cov --features full --fail-under-lines 95 2>/dev/null || echo "coverage check skipped (llvm-cov not installed)"