Skip to content

chore(release): sqlite-forensic forensicnomicon 1.0 #70

chore(release): sqlite-forensic forensicnomicon 1.0

chore(release): sqlite-forensic forensicnomicon 1.0 #70

Workflow file for this run

name: CI
on:
push:
branches: [main]
pull_request:
branches: [main]
env:
CARGO_TERM_COLOR: always
RUSTFLAGS: -D warnings
jobs:
fmt:
name: Format
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: dtolnay/rust-toolchain@stable
with:
components: rustfmt
- run: cargo fmt --check
clippy:
name: Clippy
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: dtolnay/rust-toolchain@stable
with:
components: clippy
- uses: Swatinem/rust-cache@9bdad043e88c75890e36ad3bbc8d27f0090dd609 # v2.7.8
- run: cargo clippy --all-targets --all-features -- -D warnings
test:
name: Test (${{ matrix.os }})
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-latest, macos-latest, windows-latest]
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: dtolnay/rust-toolchain@stable
- uses: Swatinem/rust-cache@9bdad043e88c75890e36ad3bbc8d27f0090dd609 # v2.7.8
- run: cargo test # default features
- run: cargo test --all-features # serde JSON output
coverage:
name: Coverage
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: dtolnay/rust-toolchain@stable
with:
components: llvm-tools-preview
- uses: Swatinem/rust-cache@9bdad043e88c75890e36ad3bbc8d27f0090dd609 # v2.7.8
- uses: taiki-e/install-action@v2 # renovate: pin digest
with:
tool: cargo-llvm-cov
# Every function across the libraries AND the CLI binary must be covered.
# Line % reads below 100 where generic code is monomorphized per type —
# the function gate is the meaningful invariant.
- run: cargo llvm-cov --all-features --fail-under-functions 100 --show-missing-lines
msrv:
name: MSRV (1.96)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: dtolnay/rust-toolchain@1.96.0
- uses: Swatinem/rust-cache@9bdad043e88c75890e36ad3bbc8d27f0090dd609 # v2.7.8
- run: cargo test --all-features
# The published libraries promise a LOW MSRV (a crates.io compatibility signal),
# distinct from the dev toolchain pin and the app's MSRV above. Build ONLY the
# libs against the floor; the CLI app legitimately requires the newer toolchain.
msrv-libs:
name: Library MSRV (1.80)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: dtolnay/rust-toolchain@1.80.0
- uses: Swatinem/rust-cache@9bdad043e88c75890e36ad3bbc8d27f0090dd609 # v2.7.8
- run: cargo build -p sqlite-core -p sqlite-forensic --all-features
deny:
name: cargo-deny
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: EmbarkStudios/cargo-deny-action@v2 # renovate: pin digest
with:
command: check
# crates.io only gates description + license fields, not the README/LICENSE
# files — assert every publishable crate actually packages both.
package:
name: Package completeness
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: dtolnay/rust-toolchain@stable
- name: README + LICENSE packaged in every published crate
run: |
set -euo pipefail
pkgs=$(cargo metadata --no-deps --format-version 1 \
| python3 -c "import sys,json;[print(p['name']) for p in json.load(sys.stdin)['packages'] if p.get('publish') != []]")
for p in $pkgs; do
list=$(cargo package -p "$p" --list)
echo "$list" | grep -qx 'README.md' || { echo "::error::$p does not package README.md"; exit 1; }
echo "$list" | grep -q '^LICENSE' || { echo "::error::$p does not package a LICENSE file"; exit 1; }
echo "✓ $p packages README.md + LICENSE"
done
fuzz-check:
name: Fuzz targets compile (nightly)
runs-on: ubuntu-latest
# cargo-fuzz builds with the host nightly; warnings in its own deps must not
# fail the install, so this job does not deny warnings.
env:
RUSTFLAGS: ""
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: dtolnay/rust-toolchain@nightly
- uses: Swatinem/rust-cache@9bdad043e88c75890e36ad3bbc8d27f0090dd609 # v2.7.8
- run: cargo install cargo-fuzz
- run: cargo +nightly fuzz check
secrets:
name: Secret Scan (gitleaks)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
- name: Install gitleaks
run: |
VERSION=$(curl -s https://api.github.com/repos/gitleaks/gitleaks/releases/latest | jq -r '.tag_name[1:]')
curl -sSfL "https://github.com/gitleaks/gitleaks/releases/download/v${VERSION}/gitleaks_${VERSION}_linux_x64.tar.gz" \
| tar xz -C /tmp gitleaks
- name: Run gitleaks
run: /tmp/gitleaks detect --source .
geiger:
name: Unsafe Audit (cargo-geiger)
runs-on: ubuntu-latest
continue-on-error: true
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable
- uses: Swatinem/rust-cache@9bdad043e88c75890e36ad3bbc8d27f0090dd609 # v2.7.8
- run: cargo install cargo-geiger --locked
- run: cargo geiger 2>&1 || true
docs:
name: Docs
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: dtolnay/rust-toolchain@stable
- uses: Swatinem/rust-cache@9bdad043e88c75890e36ad3bbc8d27f0090dd609 # v2.7.8
- run: RUSTDOCFLAGS="-D warnings" cargo doc --no-deps --all-features