1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
name: CI
on:
push:
branches:
- master
- phase-1-safety-guardrails
pull_request:
permissions:
contents: read
jobs:
rust:
name: Rust checks (${{ matrix.os }})
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os:
- ubuntu-latest
- macos-latest
- windows-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Install Linux audio build dependencies
if: runner.os == 'Linux'
run: |
sudo apt-get update
sudo apt-get install -y libasound2-dev pkg-config
- name: Install Rust stable
run: |
rustup toolchain install stable --profile minimal --component rustfmt,clippy
rustup default stable
- name: Show tool versions
run: |
rustc --version
cargo --version
- name: Format check
run: cargo fmt --check
- name: Security regression check
shell: bash
run: |
if grep -R "danger_accept_invalid_certs(true)" -n src; then
echo "Refusing insecure TLS bypass"
exit 1
fi
- name: Clippy
run: cargo clippy --all-targets --all-features -- -D warnings
- name: Tests
run: cargo test --all-targets --all-features
- name: Release build
run: cargo build --release
audit:
name: RustSec audit
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Install Rust stable
run: |
rustup toolchain install stable --profile minimal
rustup default stable
- name: Install cargo-audit
run: cargo install cargo-audit --locked
- name: Audit dependencies
run: cargo audit