deps(deps): bump the rust-minor-patch group across 1 directory with 5 updates #115
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # yaml-language-server: $schema=https://www.schemastore.org/github-workflow.json | |
| name: CI | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| schedule: | |
| # Nightly at midnight UTC (for coverage) | |
| - cron: "0 0 * * *" | |
| # Cancel in-progress runs when new commits are pushed | |
| # We only care about the latest commit on any branch/PR | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| # Default to read-only permissions | |
| permissions: | |
| contents: read | |
| env: | |
| CARGO_TERM_COLOR: always | |
| RUST_BACKTRACE: 1 | |
| MSRV: "1.92" | |
| jobs: | |
| # Detect if this is a workflow-only change (for skipping builds on Dependabot workflow PRs) | |
| changes: | |
| name: Detect Changes | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| pull-requests: read | |
| outputs: | |
| code: ${{ steps.filter.outputs.code }} | |
| steps: | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 | |
| with: | |
| egress-policy: audit | |
| - name: Checkout code | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| - name: Check for code changes | |
| id: filter | |
| uses: step-security/paths-filter@6eee183b0d2fd101d3f8ee2935c127bca14c5625 # v3.0.5 | |
| with: | |
| filters: | | |
| code: | |
| - '**/*.rs' | |
| - '**/Cargo.toml' | |
| - '**/Cargo.lock' | |
| - 'rust-toolchain.toml' | |
| # Check code formatting | |
| fmt: | |
| name: Formatting | |
| runs-on: ubuntu-latest | |
| if: github.actor != 'dependabot[bot]' | |
| steps: | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 | |
| with: | |
| egress-policy: audit | |
| - name: Checkout code | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| submodules: recursive | |
| - name: Install Rust nightly toolchain | |
| uses: dtolnay/rust-toolchain@881ba7bf39a41cda34ac9e123fb41b44ed08232f # nightly | |
| with: | |
| components: rustfmt | |
| - name: Check formatting | |
| run: cargo +nightly fmt --all -- --check | |
| # Run Clippy for linting (multiple variants) | |
| clippy: | |
| name: Linting | |
| runs-on: ubuntu-latest | |
| if: github.actor != 'dependabot[bot]' | |
| env: | |
| CARGO_INCREMENTAL: 0 | |
| RUSTFLAGS: "-C codegen-units=16 -C link-arg=-fuse-ld=mold" | |
| steps: | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 | |
| with: | |
| egress-policy: audit | |
| - name: Checkout code | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| submodules: recursive | |
| - name: Install Rust toolchain | |
| uses: dtolnay/rust-toolchain@881ba7bf39a41cda34ac9e123fb41b44ed08232f # stable | |
| with: | |
| components: clippy | |
| - name: Install mold linker | |
| run: | | |
| sudo apt-get update -qq | |
| sudo apt-get install -y -qq mold | |
| - name: Install development tools via Mise | |
| uses: step-security/mise-action@2fa1b2b4fa1577588d8ac75f4dfa0f67c266d2a0 # v3.4.1 | |
| with: | |
| install_args: protobuf | |
| cache: true | |
| - name: Cache Rust dependencies | |
| uses: step-security/rust-cache@f8fba7098297c8c53a7c9a30575ec2ad4ad85056 # v2.8.2 | |
| with: | |
| shared-key: clippy | |
| save-if: false | |
| - name: Run clippy | |
| # all-features includes default features, so single run is sufficient | |
| run: cargo clippy --workspace --all-targets --all-features -- -D warnings | |
| # Check MSRV (Minimum Supported Rust Version) | |
| msrv: | |
| name: MSRV Check | |
| runs-on: ubuntu-latest | |
| needs: changes | |
| if: needs.changes.outputs.code == 'true' || github.actor != 'dependabot[bot]' | |
| env: | |
| RUST_VERSION: "1.92" | |
| steps: | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 | |
| with: | |
| egress-policy: audit | |
| - name: Checkout code | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| submodules: recursive | |
| - name: Install Rust toolchain | |
| uses: dtolnay/rust-toolchain@881ba7bf39a41cda34ac9e123fb41b44ed08232f # master | |
| with: | |
| toolchain: "1.92" | |
| - name: Install development tools via Mise | |
| uses: step-security/mise-action@2fa1b2b4fa1577588d8ac75f4dfa0f67c266d2a0 # v3.4.1 | |
| with: | |
| install_args: protobuf | |
| cache: true | |
| - name: Cache Rust dependencies | |
| uses: step-security/rust-cache@f8fba7098297c8c53a7c9a30575ec2ad4ad85056 # v2.8.2 | |
| with: | |
| shared-key: msrv | |
| - name: Check compilation with MSRV | |
| run: cargo check --workspace --all-features | |
| # Run tests on multiple platforms | |
| test: | |
| name: Tests (${{ matrix.os }}) | |
| needs: changes | |
| if: needs.changes.outputs.code == 'true' || github.actor != 'dependabot[bot]' | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| # PRs: Linux only (fast feedback). Main: all platforms (thorough validation) | |
| os: ${{ github.event_name == 'pull_request' && fromJSON('["ubuntu-latest"]') || fromJSON('["ubuntu-latest", "macos-latest", "windows-latest"]') }} | |
| permissions: | |
| contents: read | |
| checks: write | |
| steps: | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 | |
| with: | |
| egress-policy: audit | |
| - name: Checkout code | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| submodules: recursive | |
| - name: Install Rust toolchain | |
| uses: dtolnay/rust-toolchain@881ba7bf39a41cda34ac9e123fb41b44ed08232f # stable | |
| - name: Install mold linker (Linux) | |
| if: runner.os == 'Linux' | |
| run: | | |
| sudo apt-get update -qq | |
| sudo apt-get install -y -qq mold | |
| - name: Install development tools via Mise | |
| uses: step-security/mise-action@2fa1b2b4fa1577588d8ac75f4dfa0f67c266d2a0 # v3.4.1 | |
| with: | |
| install_args: protobuf cargo:cargo-nextest | |
| cache: true | |
| - name: Cache Rust dependencies | |
| uses: step-security/rust-cache@f8fba7098297c8c53a7c9a30575ec2ad4ad85056 # v2.8.2 | |
| with: | |
| shared-key: test-${{ matrix.os }} | |
| save-if: ${{ github.ref == 'refs/heads/main' }} | |
| - name: Run unit tests | |
| run: cargo nextest run --workspace --lib --no-fail-fast | |
| - name: Run integration tests | |
| run: cargo nextest run --workspace --test '*' --no-fail-fast | |
| - name: Run doc tests | |
| run: cargo test --workspace --doc | |
| # Build documentation | |
| docs: | |
| name: Documentation | |
| needs: changes | |
| runs-on: ubuntu-latest | |
| if: needs.changes.outputs.code == 'true' && github.actor != 'dependabot[bot]' | |
| steps: | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 | |
| with: | |
| egress-policy: audit | |
| - name: Checkout code | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| submodules: recursive | |
| - name: Install Rust nightly toolchain | |
| uses: dtolnay/rust-toolchain@881ba7bf39a41cda34ac9e123fb41b44ed08232f # nightly | |
| - name: Install development tools via Mise | |
| uses: step-security/mise-action@2fa1b2b4fa1577588d8ac75f4dfa0f67c266d2a0 # v3.4.1 | |
| with: | |
| install_args: protobuf | |
| cache: true | |
| - name: Cache Rust dependencies | |
| uses: step-security/rust-cache@f8fba7098297c8c53a7c9a30575ec2ad4ad85056 # v2.8.2 | |
| with: | |
| shared-key: docs | |
| - name: Build documentation | |
| env: | |
| RUSTDOCFLAGS: -D warnings --cfg docsrs | |
| run: cargo +nightly doc --workspace --no-deps --all-features | |
| # Code coverage (nightly only to reduce CI costs) | |
| coverage: | |
| name: Code Coverage | |
| needs: changes | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'schedule' | |
| continue-on-error: true | |
| env: | |
| CARGO_INCREMENTAL: 0 | |
| RUSTFLAGS: "-C codegen-units=16 -C link-arg=-fuse-ld=mold" | |
| steps: | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 | |
| with: | |
| egress-policy: audit | |
| - name: Checkout code | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| submodules: recursive | |
| - name: Install Rust toolchain | |
| uses: dtolnay/rust-toolchain@881ba7bf39a41cda34ac9e123fb41b44ed08232f # stable | |
| with: | |
| components: llvm-tools-preview | |
| - name: Install mold linker | |
| run: | | |
| sudo apt-get update -qq | |
| sudo apt-get install -y -qq mold | |
| - name: Install development tools via Mise | |
| uses: step-security/mise-action@2fa1b2b4fa1577588d8ac75f4dfa0f67c266d2a0 # v3.4.1 | |
| with: | |
| install_args: protobuf cargo:cargo-llvm-cov | |
| cache: true | |
| - name: Cache Rust dependencies | |
| uses: step-security/rust-cache@f8fba7098297c8c53a7c9a30575ec2ad4ad85056 # v2.8.2 | |
| with: | |
| shared-key: coverage | |
| save-if: ${{ github.ref == 'refs/heads/main' }} | |
| - name: Generate coverage | |
| run: cargo llvm-cov --workspace --lcov --output-path lcov.info | |
| - name: Upload coverage to Codecov | |
| uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2 | |
| with: | |
| files: lcov.info | |
| fail_ci_if_error: false | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| # Check dependencies for outdated versions and duplicates | |
| # Only runs on main branch pushes (informational, not blocking) | |
| dependencies: | |
| name: Dependencies | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| steps: | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 | |
| with: | |
| egress-policy: audit | |
| - name: Checkout code | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| - name: Install Rust toolchain | |
| uses: dtolnay/rust-toolchain@881ba7bf39a41cda34ac9e123fb41b44ed08232f # stable | |
| - name: Install development tools via Mise | |
| uses: step-security/mise-action@2fa1b2b4fa1577588d8ac75f4dfa0f67c266d2a0 # v3.4.1 | |
| with: | |
| install_args: cargo:cargo-outdated | |
| cache: true | |
| - name: Cache Rust dependencies | |
| uses: step-security/rust-cache@f8fba7098297c8c53a7c9a30575ec2ad4ad85056 # v2.8.2 | |
| with: | |
| shared-key: dependencies | |
| - name: Check outdated dependencies | |
| run: cargo outdated --exit-code 1 || echo "::warning::Some dependencies are outdated" | |
| - name: Check for duplicate dependencies | |
| run: cargo tree --duplicates | |
| # Check for unused dependencies | |
| # Only runs on main branch pushes (informational, not blocking) | |
| unused-deps: | |
| name: Unused Dependencies | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| steps: | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 | |
| with: | |
| egress-policy: audit | |
| - name: Checkout code | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| submodules: recursive | |
| - name: Install Rust nightly toolchain | |
| uses: dtolnay/rust-toolchain@881ba7bf39a41cda34ac9e123fb41b44ed08232f # nightly | |
| - name: Install development tools via Mise | |
| uses: step-security/mise-action@2fa1b2b4fa1577588d8ac75f4dfa0f67c266d2a0 # v3.4.1 | |
| with: | |
| install_args: protobuf cargo:cargo-udeps | |
| cache: true | |
| - name: Cache Rust dependencies | |
| uses: step-security/rust-cache@f8fba7098297c8c53a7c9a30575ec2ad4ad85056 # v2.8.2 | |
| with: | |
| shared-key: unused-deps | |
| - name: Check for unused dependencies | |
| run: cargo +nightly udeps --all-targets || echo "::warning::Some dependencies may be unused" | |
| # Overall status check | |
| ci-success: | |
| name: CI Success | |
| needs: [changes, fmt, clippy, msrv, test, docs, coverage, dependencies, unused-deps] | |
| runs-on: ubuntu-latest | |
| if: always() | |
| steps: | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 | |
| with: | |
| egress-policy: audit | |
| - name: Check all jobs | |
| env: | |
| FMT_RESULT: ${{ needs.fmt.result }} | |
| CLIPPY_RESULT: ${{ needs.clippy.result }} | |
| MSRV_RESULT: ${{ needs.msrv.result }} | |
| TEST_RESULT: ${{ needs.test.result }} | |
| DOCS_RESULT: ${{ needs.docs.result }} | |
| COVERAGE_RESULT: ${{ needs.coverage.result }} | |
| DEPENDENCIES_RESULT: ${{ needs.dependencies.result }} | |
| UNUSED_DEPS_RESULT: ${{ needs.unused-deps.result }} | |
| run: | | |
| echo "Job Results:" | |
| echo " Format: $FMT_RESULT" | |
| echo " Clippy: $CLIPPY_RESULT" | |
| echo " MSRV: $MSRV_RESULT" | |
| echo " Test: $TEST_RESULT" | |
| echo " Docs: $DOCS_RESULT" | |
| echo " Coverage: $COVERAGE_RESULT" | |
| echo " Dependencies: $DEPENDENCIES_RESULT" | |
| echo " Unused Deps: $UNUSED_DEPS_RESULT" | |
| # Required checks (must pass) | |
| for result in $FMT_RESULT $CLIPPY_RESULT $TEST_RESULT $DOCS_RESULT; do | |
| if [[ "$result" != "success" && "$result" != "skipped" ]]; then | |
| echo "One or more required jobs failed" | |
| exit 1 | |
| fi | |
| done | |
| # MSRV can be skipped for Dependabot workflow-only PRs | |
| if [[ "$MSRV_RESULT" != "success" && "$MSRV_RESULT" != "skipped" ]]; then | |
| echo "MSRV check failed" | |
| exit 1 | |
| fi | |
| # Coverage, dependencies, and unused-deps are non-blocking but we log warnings | |
| if [[ "$COVERAGE_RESULT" == "failure" ]]; then | |
| echo "::warning::Coverage check failed (non-blocking)" | |
| fi | |
| if [[ "$DEPENDENCIES_RESULT" == "failure" ]]; then | |
| echo "::warning::Dependencies check failed (non-blocking)" | |
| fi | |
| if [[ "$UNUSED_DEPS_RESULT" == "failure" ]]; then | |
| echo "::warning::Unused dependencies check failed (non-blocking)" | |
| fi | |
| echo "All required checks passed!" |