1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
name: CI
on:
push:
branches:
pull_request:
branches:
workflow_dispatch:
# Cancel in-flight runs for the same branch on new pushes.
concurrency:
group: ci-${{ github.ref }}
cancel-in-progress: true
jobs:
fmt-and-build:
name: fmt, build, test, observability
runs-on: ubuntu-latest
timeout-minutes: 30
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@stable
with:
toolchain: stable
- name: Cache cargo registry and target
uses: actions/cache@v4
with:
path: |
~/.cargo/registry
~/.cargo/git
target
key: ${{ runner.os }}-cargo-${{ hashFiles('Cargo.lock') }}
restore-keys: |
${{ runner.os }}-cargo-
- name: cargo fmt --check
run: cargo fmt --check
- name: cargo build --offline
# The first build populates the offline cache; subsequent
# runs use --offline. We accept that the first run is online
# because CI runners don't have the offline cache yet.
run: cargo build --offline || cargo build
- name: cargo test --offline
# Same: first run is online, subsequent are offline.
run: cargo test --offline || cargo test
- name: Verify claim-status report
run: |
cargo run --offline --example claim_status_report
# 7 of 8 flags are blocked. The report must report 7
# 'claim_allowed=false' and 1 'claim_allowed=true'.
false_count=$(cargo run --offline --example claim_status_report 2>/dev/null | grep -c 'claim_allowed=false')
true_count=$(cargo run --offline --example claim_status_report 2>/dev/null | grep -c 'claim_allowed=true')
if [ "$false_count" != "7" ]; then
echo "expected 7 claim_allowed=false lines, got $false_count"
exit 1
fi
if [ "$true_count" != "1" ]; then
echo "expected 1 claim_allowed=true line, got $true_count"
exit 1
fi
- name: Verify submission-readiness verdict
run: |
cargo run --offline --example submission_readiness
# The verdict must be 'submission_readiness: NO' because
# 7 claim flags are still false. The 9 artifact checks
# must all PASS.
output=$(cargo run --offline --example submission_readiness 2>/dev/null)
if ! echo "$output" | grep -q 'submission_readiness: NO'; then
echo "expected 'submission_readiness: NO' line"
echo "$output"
exit 1
fi
fail_count=$(echo "$output" | grep -c '\[FAIL\]')
if [ "$fail_count" != "0" ]; then
echo "expected 0 [FAIL] lines, got $fail_count"
echo "$output"
exit 1
fi
- name: Verify regenerate_paper_artifacts.sh syntax
run: bash -n scripts/regenerate_paper_artifacts.sh
- name: Verify dev doc files exist (P413)
# scripts/check_dev_docs.sh asserts that tests/README.md,
# scripts/README.md, docs/development/local_dev_setup.md,
# and docs/development/ci_debugging.md all exist and are
# non-empty. A new contributor deleting any of these
# fails the build before the human review step.
run: bash scripts/check_dev_docs.sh
- name: Verify CHANGELOG.md structure (P415)
# scripts/check_changelog_sections.sh asserts that
# CHANGELOG.md has the expected Keep-a-Changelog structure:
# an "## [Unreleased]" section with the three required
# subsections (### Added, ### Changed, ### Non-Claims).
run: bash scripts/check_changelog_sections.sh
- name: Verify doc-vs-reality consistency (P419)
# scripts/check_doc_consistency.sh asserts that the counts
# cited in the top-level README / index files match the
# actual filesystem state. The 4 checks:
# 1. tests/README.md "N test files" matches `ls tests/*.rs | wc -l` (132)
# 2. examples/README.md "17 standalone examples" matches
# `ls examples/*.rs | wc -l` (17)
# 3. scripts/README.md "8 shell scripts" matches
# `ls scripts/*.sh | wc -l` (8)
# 4. CLAIMS.md has exactly 8 `*_claim_allowed` lines
# A drift in any of these fails the build before the
# human review step.
run: bash scripts/check_doc_consistency.sh