name: CI
on:
push:
branches: [main]
pull_request:
branches: [main]
workflow_call:
permissions:
contents: read
actions: read
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
env:
CARGO_TERM_COLOR: always
RUST_BACKTRACE: 1
jobs:
check:
name: Check & Lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
with:
components: rustfmt, clippy
- uses: Swatinem/rust-cache@v2
- name: Format check
run: cargo fmt --all -- --check
- name: Clippy
run: cargo clippy --all-features --all-targets -- -D warnings
- name: Type check
run: cargo check
security:
name: Security Audit
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
- name: Install cargo-audit
run: cargo install cargo-audit
- name: Audit
run: cargo audit
deny:
name: Supply Chain (cargo-deny)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: EmbarkStudios/cargo-deny-action@v2
vet:
name: Supply Chain (cargo-vet)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
- name: Install cargo-vet
run: cargo install cargo-vet
- name: Vet
run: cargo vet --locked
semver:
name: Semver Check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
- name: Install cargo-semver-checks
run: cargo install cargo-semver-checks
- name: Check semver
run: cargo semver-checks check-release || true
test:
name: Test (${{ matrix.os }})
needs: [check]
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
- os: macos-latest
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
- uses: Swatinem/rust-cache@v2
- name: Run tests
run: cargo test
- name: Run doc tests
run: cargo test --doc
msrv:
name: MSRV (1.89)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@master
with:
toolchain: "1.89"
- uses: Swatinem/rust-cache@v2
- name: Check with MSRV
run: cargo check
- name: Test with MSRV
run: cargo test
coverage:
name: Coverage
runs-on: ubuntu-latest
needs: [check]
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
with:
components: llvm-tools-preview
- uses: Swatinem/rust-cache@v2
- name: Install cargo-llvm-cov
run: cargo install cargo-llvm-cov
- name: Generate coverage
run: cargo llvm-cov --lcov --output-path lcov.info
- name: Upload coverage
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
uses: codecov/codecov-action@v4
with:
files: lcov.info
fail_ci_if_error: false
bench:
name: Benchmarks
runs-on: ubuntu-latest
needs: [check]
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
- uses: Swatinem/rust-cache@v2
- name: Run benchmarks
run: cargo bench --no-fail-fast
fuzz:
name: Fuzz (5 min)
runs-on: ubuntu-latest
needs: [check]
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@nightly
- uses: Swatinem/rust-cache@v2
- name: Install cargo-fuzz
run: cargo install cargo-fuzz
- name: Fuzz step deserialization
run: cargo +nightly fuzz run fuzz_step_deser -- -max_total_time=30 || true
- name: Fuzz flow deserialization
run: cargo +nightly fuzz run fuzz_flow_deser -- -max_total_time=30 || true
- name: Fuzz flow validation
run: cargo +nightly fuzz run fuzz_flow_validate -- -max_total_time=30 || true
- name: Fuzz state transitions
run: cargo +nightly fuzz run fuzz_state_transitions -- -max_total_time=30 || true