Merge pull request #7 from raylsnetwork/dependabot/cargo/lz4_flex-0.11.6 #16
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| pull_request: | |
| branches: [main, develop] | |
| push: | |
| branches: [main] | |
| workflow_dispatch: | |
| inputs: | |
| skip_tests: | |
| description: 'Skip test suite' | |
| required: false | |
| default: false | |
| type: boolean | |
| skip_quality_checks: | |
| description: 'Skip code quality checks' | |
| required: false | |
| default: false | |
| type: boolean | |
| # Cancel in-progress runs when a new run is triggered on the same branch | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.head_ref || github.ref_name }} | |
| cancel-in-progress: true | |
| # Permissions required for security scanning and SARIF upload | |
| permissions: | |
| contents: read | |
| security-events: write | |
| actions: read | |
| env: | |
| CARGO_TERM_COLOR: always | |
| jobs: | |
| # ============================================================ | |
| # Code Quality and Testing | |
| # ============================================================ | |
| quality-checks: | |
| name: Code Quality & Testing | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 25 | |
| if: >- | |
| ${{ github.event_name != 'workflow_dispatch' || | |
| (!inputs.skip_tests && !inputs.skip_quality_checks) }} | |
| outputs: | |
| cache-key: ${{ steps.cache-key.outputs.key }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Generate cache key | |
| id: cache-key | |
| run: | | |
| CARGO_LOCK_HASH=$(sha256sum Cargo.lock | cut -d' ' -f1 | head -c 16) | |
| echo "cargo-lock-hash=$CARGO_LOCK_HASH" >> $GITHUB_OUTPUT | |
| echo "composite-key=${{ runner.os }}-cargo-$CARGO_LOCK_HASH" >> $GITHUB_OUTPUT | |
| - name: Install Rust toolchain | |
| uses: dtolnay/rust-toolchain@1.93.0 | |
| with: | |
| components: clippy, rustfmt | |
| - name: Install nightly rustfmt | |
| run: rustup toolchain install nightly --profile minimal --component rustfmt | |
| # OPTIMIZATION: Use sccache for Rust compilation caching (optional, continues if unavailable) | |
| - name: Setup sccache | |
| id: sccache | |
| uses: mozilla-actions/sccache-action@v0.0.6 | |
| continue-on-error: true | |
| - name: Configure sccache environment | |
| run: | | |
| if [ "${{ steps.sccache.outcome }}" = "success" ]; then | |
| # Test if sccache actually works before enabling it | |
| export SCCACHE_GHA_ENABLED=true | |
| if sccache --start-server 2>/dev/null && sccache --show-stats 2>/dev/null; then | |
| echo "SCCACHE_GHA_ENABLED=true" >> $GITHUB_ENV | |
| echo "RUSTC_WRAPPER=sccache" >> $GITHUB_ENV | |
| echo "✅ sccache enabled and working" | |
| else | |
| sccache --stop-server 2>/dev/null || true | |
| echo "⚠️ sccache installed but not functional, using standard rustc" | |
| fi | |
| else | |
| echo "⚠️ sccache unavailable, using standard rustc" | |
| fi | |
| - name: Install system dependencies | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y --no-install-recommends \ | |
| build-essential pkg-config libssl-dev clang cmake protobuf-compiler | |
| # OPTIMIZATION: Single cache restore for all cargo data | |
| - name: Cache cargo registry | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cargo/registry/index/ | |
| ~/.cargo/registry/cache/ | |
| ~/.cargo/git/db/ | |
| key: ${{ steps.cache-key.outputs.composite-key }}-registry | |
| restore-keys: | | |
| ${{ runner.os }}-cargo- | |
| - name: Check code formatting | |
| run: cargo +nightly fmt --all --check | |
| - name: Enforce line length | |
| run: python3 scripts/check_line_length.py | |
| # OPTIMIZATION: Run clippy and tests in parallel using cargo nextest | |
| - name: Run clippy linting | |
| run: cargo clippy --all-targets --all-features -- -W warnings | |
| - name: Run test suite | |
| run: | | |
| cargo test --all --jobs $(nproc) | |
| cargo test --doc --all --jobs $(nproc) | |
| - name: Check for security vulnerabilities (cargo-audit) | |
| run: | | |
| cargo install cargo-audit --version 0.22.1 --locked --quiet | |
| cargo audit --ignore RUSTSEC-2025-0073 --ignore RUSTSEC-2025-0055 | |
| - name: Summary | |
| if: always() | |
| run: | | |
| { | |
| echo "## RBFT CI" | |
| echo | |
| echo "**Branch:** ${{ github.ref_name }}" | |
| echo "**Commit:** \`${{ github.sha }}\`" | |
| } | tee -a "$GITHUB_STEP_SUMMARY" |