securegit 0.7.3

Zero-trust git replacement with 12 built-in security scanners, universal undo, durable backups, and a 42-tool MCP server
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87

stages:
  - check
  - test
  - build
  - publish

variables:
  CARGO_TERM_COLOR: always
  CARGO_HOME: /tmp/cargo
  GIT_CLEAN_FLAGS: -ffdx -e target/

# Cache Cargo registry and build artifacts across jobs
.cargo-cache: &cargo-cache
  cache:
    key: ${CI_COMMIT_REF_SLUG}
    paths:
      - target/
  before_script:
    - mkdir -p $CARGO_HOME

# ---------------------------------------------------------------------------
# Stage 1: check (parallel — fast-fail on lint or format issues)
# ---------------------------------------------------------------------------

clippy:
  stage: check
  image: rust:latest
  <<: *cargo-cache
  script:
    - rustup component add clippy
    - cargo clippy -- -D warnings

fmt:
  stage: check
  image: rust:latest
  script:
    - rustup component add rustfmt
    - cargo fmt -- --check

# ---------------------------------------------------------------------------
# Stage 2: test
# ---------------------------------------------------------------------------

test:
  stage: test
  image: rust:latest
  <<: *cargo-cache
  script:
    - cargo test --verbose

# ---------------------------------------------------------------------------
# Stage 3: build (main branch only)
# ---------------------------------------------------------------------------

build-release:
  stage: build
  image: rust:latest
  <<: *cargo-cache
  script:
    - cargo build --release --verbose
    - strip target/release/securegit
    - strip target/release/securegit-mcp
    - echo "securegit $(target/release/securegit --version)"
    - echo "securegit-mcp built successfully"
  artifacts:
    name: securegit-${CI_COMMIT_SHORT_SHA}
    paths:
      - target/release/securegit
      - target/release/securegit-mcp
    expire_in: 30 days
  only:
    - main

# ---------------------------------------------------------------------------
# Stage 4: publish to crates.io (main branch, manual trigger)
# ---------------------------------------------------------------------------

publish-crates:
  stage: publish
  image: rust:latest
  <<: *cargo-cache
  script:
    - cargo publish --allow-dirty --token $CARGO_REGISTRY_TOKEN
  only:
    - main
  when: manual
  allow_failure: false