name: CI
on:
pull_request:
push:
branches:
- main
- master
permissions:
contents: read
env:
CARGO_TERM_COLOR: always
jobs:
quality:
name: Format, Lint, and Workspace Tests
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@1.86.0
with:
components: rustfmt, clippy
- name: Cache cargo artifacts
uses: Swatinem/rust-cache@v2
- name: Check formatting
run: cargo fmt --all -- --check
- name: Run clippy
run: cargo clippy --workspace --all-targets -- -D warnings
- name: Run workspace tests
run: cargo test --workspace
runner-hardening:
name: Runner Hardening (${{ matrix.slice.name }})
runs-on: ubuntu-latest
needs: quality
strategy:
fail-fast: false
matrix:
slice:
- name: raw-pid-fallback
command: cargo test -p yarli --lib process_handle_raw_pid_variant_send_signal_zero -- --nocapture
- name: read-only-cgroup
command: cargo test -p yarli --lib local_cgroup_manager_reports_read_only_fallback -- --nocapture
- name: budget-properties
command: cargo test -p yarli --lib scheduler_budget_cpu_tick_conversion_is_ -- --nocapture
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@1.86.0
- name: Cache cargo artifacts
uses: Swatinem/rust-cache@v2
- name: Assert non-root execution
run: test "$(id -u)" != "0"
- name: Run runner hardening slice
run: ${{ matrix.slice.command }}
postgres-integration:
name: Postgres Integration Tests
runs-on: ubuntu-latest
needs: [quality, runner-hardening]
services:
postgres:
image: postgres:16
env:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
POSTGRES_DB: postgres
ports:
- 5432:5432
options: >-
--health-cmd "pg_isready -U postgres -d postgres"
--health-interval 5s
--health-timeout 5s
--health-retries 10
env:
YARLI_TEST_DATABASE_URL: postgres://postgres:postgres@localhost:5432/postgres
YARLI_REQUIRE_POSTGRES_TESTS: "1"
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@1.86.0
- name: Cache cargo artifacts
uses: Swatinem/rust-cache@v2
- name: Store Postgres integration tests
run: |
set -euo pipefail
cargo test -p yarli --test yarli_store_postgres_integration -- --nocapture | tee /tmp/yarli-store-postgres-integration.log
if grep -q "skipping postgres integration test" /tmp/yarli-store-postgres-integration.log; then
echo "skip-path detected in yarli-store postgres integration tests"
exit 1
fi
- name: Queue Postgres integration tests
run: |
set -euo pipefail
cargo test -p yarli --test yarli_queue_postgres_integration -- --nocapture | tee /tmp/yarli-queue-postgres-integration.log
if grep -q "skipping postgres integration test" /tmp/yarli-queue-postgres-integration.log; then
echo "skip-path detected in yarli-queue postgres integration tests"
exit 1
fi
- name: CLI Postgres integration tests
run: |
set -euo pipefail
cargo test -p yarli --test yarli_cli_postgres_integration -- --nocapture | tee /tmp/yarli-cli-postgres-integration.log
if grep -q "skipping postgres integration test" /tmp/yarli-cli-postgres-integration.log; then
echo "skip-path detected in yarli-cli postgres integration tests"
exit 1
fi