chore(release): sqlite-forensic forensicnomicon 1.0 #70
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| env: | |
| CARGO_TERM_COLOR: always | |
| RUSTFLAGS: -D warnings | |
| jobs: | |
| fmt: | |
| name: Format | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - uses: dtolnay/rust-toolchain@stable | |
| with: | |
| components: rustfmt | |
| - run: cargo fmt --check | |
| clippy: | |
| name: Clippy | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - uses: dtolnay/rust-toolchain@stable | |
| with: | |
| components: clippy | |
| - uses: Swatinem/rust-cache@9bdad043e88c75890e36ad3bbc8d27f0090dd609 # v2.7.8 | |
| - run: cargo clippy --all-targets --all-features -- -D warnings | |
| test: | |
| name: Test (${{ matrix.os }}) | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| matrix: | |
| os: [ubuntu-latest, macos-latest, windows-latest] | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - uses: dtolnay/rust-toolchain@stable | |
| - uses: Swatinem/rust-cache@9bdad043e88c75890e36ad3bbc8d27f0090dd609 # v2.7.8 | |
| - run: cargo test # default features | |
| - run: cargo test --all-features # serde JSON output | |
| coverage: | |
| name: Coverage | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - uses: dtolnay/rust-toolchain@stable | |
| with: | |
| components: llvm-tools-preview | |
| - uses: Swatinem/rust-cache@9bdad043e88c75890e36ad3bbc8d27f0090dd609 # v2.7.8 | |
| - uses: taiki-e/install-action@v2 # renovate: pin digest | |
| with: | |
| tool: cargo-llvm-cov | |
| # Every function across the libraries AND the CLI binary must be covered. | |
| # Line % reads below 100 where generic code is monomorphized per type — | |
| # the function gate is the meaningful invariant. | |
| - run: cargo llvm-cov --all-features --fail-under-functions 100 --show-missing-lines | |
| msrv: | |
| name: MSRV (1.96) | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - uses: dtolnay/rust-toolchain@1.96.0 | |
| - uses: Swatinem/rust-cache@9bdad043e88c75890e36ad3bbc8d27f0090dd609 # v2.7.8 | |
| - run: cargo test --all-features | |
| # The published libraries promise a LOW MSRV (a crates.io compatibility signal), | |
| # distinct from the dev toolchain pin and the app's MSRV above. Build ONLY the | |
| # libs against the floor; the CLI app legitimately requires the newer toolchain. | |
| msrv-libs: | |
| name: Library MSRV (1.80) | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - uses: dtolnay/rust-toolchain@1.80.0 | |
| - uses: Swatinem/rust-cache@9bdad043e88c75890e36ad3bbc8d27f0090dd609 # v2.7.8 | |
| - run: cargo build -p sqlite-core -p sqlite-forensic --all-features | |
| deny: | |
| name: cargo-deny | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - uses: EmbarkStudios/cargo-deny-action@v2 # renovate: pin digest | |
| with: | |
| command: check | |
| # crates.io only gates description + license fields, not the README/LICENSE | |
| # files — assert every publishable crate actually packages both. | |
| package: | |
| name: Package completeness | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - uses: dtolnay/rust-toolchain@stable | |
| - name: README + LICENSE packaged in every published crate | |
| run: | | |
| set -euo pipefail | |
| pkgs=$(cargo metadata --no-deps --format-version 1 \ | |
| | python3 -c "import sys,json;[print(p['name']) for p in json.load(sys.stdin)['packages'] if p.get('publish') != []]") | |
| for p in $pkgs; do | |
| list=$(cargo package -p "$p" --list) | |
| echo "$list" | grep -qx 'README.md' || { echo "::error::$p does not package README.md"; exit 1; } | |
| echo "$list" | grep -q '^LICENSE' || { echo "::error::$p does not package a LICENSE file"; exit 1; } | |
| echo "✓ $p packages README.md + LICENSE" | |
| done | |
| fuzz-check: | |
| name: Fuzz targets compile (nightly) | |
| runs-on: ubuntu-latest | |
| # cargo-fuzz builds with the host nightly; warnings in its own deps must not | |
| # fail the install, so this job does not deny warnings. | |
| env: | |
| RUSTFLAGS: "" | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - uses: dtolnay/rust-toolchain@nightly | |
| - uses: Swatinem/rust-cache@9bdad043e88c75890e36ad3bbc8d27f0090dd609 # v2.7.8 | |
| - run: cargo install cargo-fuzz | |
| - run: cargo +nightly fuzz check | |
| secrets: | |
| name: Secret Scan (gitleaks) | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| fetch-depth: 0 | |
| - name: Install gitleaks | |
| run: | | |
| VERSION=$(curl -s https://api.github.com/repos/gitleaks/gitleaks/releases/latest | jq -r '.tag_name[1:]') | |
| curl -sSfL "https://github.com/gitleaks/gitleaks/releases/download/v${VERSION}/gitleaks_${VERSION}_linux_x64.tar.gz" \ | |
| | tar xz -C /tmp gitleaks | |
| - name: Run gitleaks | |
| run: /tmp/gitleaks detect --source . | |
| geiger: | |
| name: Unsafe Audit (cargo-geiger) | |
| runs-on: ubuntu-latest | |
| continue-on-error: true | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable | |
| - uses: Swatinem/rust-cache@9bdad043e88c75890e36ad3bbc8d27f0090dd609 # v2.7.8 | |
| - run: cargo install cargo-geiger --locked | |
| - run: cargo geiger 2>&1 || true | |
| docs: | |
| name: Docs | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - uses: dtolnay/rust-toolchain@stable | |
| - uses: Swatinem/rust-cache@9bdad043e88c75890e36ad3bbc8d27f0090dd609 # v2.7.8 | |
| - run: RUSTDOCFLAGS="-D warnings" cargo doc --no-deps --all-features |