Potential fix for code scanning alert no. 11: Workflow does not conta… #33
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: "Copilot Setup Steps" | |
| permissions: | |
| contents: read | |
| on: | |
| workflow_dispatch: | |
| push: | |
| paths: | |
| - .github/workflows/copilot-setup-steps.yml | |
| pull_request: | |
| paths: | |
| - .github/workflows/copilot-setup-steps.yml | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.head_ref || github.ref }}-copilot-setup-steps | |
| cancel-in-progress: true | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| CARGO_TERM_COLOR: always | |
| RUST_BACKTRACE: 1 | |
| RUST_LOG: debug | |
| jobs: | |
| setup-and-validate: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| actions: write | |
| packages: write | |
| pull-requests: write | |
| issues: write | |
| checks: write | |
| deployments: write | |
| security-events: write | |
| outputs: | |
| cache-key: ${{ steps.cache-keys.outputs.cache-key }} | |
| rust-version: ${{ steps.rust-info.outputs.rust-version }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v5 | |
| with: | |
| fetch-depth: 0 # Full history for better analysis | |
| # Multi-level caching strategy for faster builds | |
| - name: Generate cache keys | |
| id: cache-keys | |
| run: | | |
| echo "cache-key=rust-$(date +'%Y-%m')-${{ hashFiles('**/Cargo.lock', '**/Cargo.toml', 'rust-toolchain.toml') }}" >> $GITHUB_OUTPUT | |
| echo "tools-key=tools-$(date +'%Y-%m')-${{ runner.os }}" >> $GITHUB_OUTPUT | |
| - name: Cache Rust dependencies and build artifacts | |
| uses: Swatinem/rust-cache@v2 | |
| with: | |
| cache-on-failure: true | |
| cache-all-crates: true | |
| save-if: ${{ github.ref == 'refs/heads/main' }} | |
| key: ${{ steps.cache-keys.outputs.cache-key }} | |
| - name: Cache system packages and tools | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cargo/bin | |
| /usr/local/bin | |
| ~/.local/bin | |
| /var/cache/apt | |
| key: ${{ steps.cache-keys.outputs.tools-key }} | |
| restore-keys: | | |
| tools-${{ runner.os }}- | |
| # Enhanced Rust toolchain setup with better error reporting | |
| - name: Setup Rust nightly toolchain with components | |
| uses: dtolnay/rust-toolchain@nightly | |
| with: | |
| components: rustfmt, clippy, rust-src, rust-analyzer | |
| - name: Get Rust version info | |
| id: rust-info | |
| run: | | |
| echo "rust-version=$(rustc --version)" >> $GITHUB_OUTPUT | |
| echo "cargo-version=$(cargo --version)" >> $GITHUB_OUTPUT | |
| echo "Rust toolchain information:" | |
| rustup show | |
| rustc --version --verbose | |
| # Install essential development tools for agents | |
| - name: Install development tools | |
| run: | | |
| echo "Installing essential development tools..." | |
| # Cargo tools for development and analysis | |
| cargo_tools=( | |
| "cargo-audit" # Security vulnerability scanner | |
| "cargo-outdated" # Check for outdated dependencies | |
| "cargo-tree" # Dependency tree visualization | |
| "cargo-watch" # File watcher for development | |
| "cargo-expand" # Macro expansion for debugging | |
| "cargo-llvm-cov" # Code coverage | |
| "sccache" # Compilation cache | |
| "just" # Task runner (if not already installed) | |
| ) | |
| for tool in "${cargo_tools[@]}"; do | |
| if ! cargo install --list | grep -q "^$tool "; then | |
| echo "Installing $tool..." | |
| cargo install "$tool" --locked || echo "Failed to install $tool, continuing..." | |
| else | |
| echo "$tool already installed" | |
| fi | |
| done | |
| # System tools for comprehensive development environment | |
| - name: Install system development tools | |
| run: | | |
| sudo apt-get update -qq | |
| sudo apt-get install -y --no-install-recommends \ | |
| fish \ | |
| jq \ | |
| tree \ | |
| htop \ | |
| curl \ | |
| wget \ | |
| git \ | |
| build-essential \ | |
| pkg-config \ | |
| libssl-dev \ | |
| strace \ | |
| lsof \ | |
| netcat-openbsd | |
| build-and-test: | |
| needs: setup-and-validate | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| profile: [debug, release] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v5 | |
| - name: Restore Rust cache | |
| uses: Swatinem/rust-cache@v2 | |
| with: | |
| cache-on-failure: true | |
| key: ${{ needs.setup-and-validate.outputs.cache-key }} | |
| - name: Setup Rust nightly toolchain | |
| uses: dtolnay/rust-toolchain@nightly | |
| with: | |
| components: rustfmt, clippy | |
| - name: Build git-ai (${{ matrix.profile }}) | |
| run: | | |
| echo "Building git-ai in ${{ matrix.profile }} mode..." | |
| if [ "${{ matrix.profile }}" = "debug" ]; then | |
| cargo build --verbose | |
| else | |
| cargo build --release --verbose | |
| fi | |
| # Verify binaries exist | |
| ls -la target/${{ matrix.profile }}/git-ai* || echo "No git-ai binaries found" | |
| - name: Run comprehensive tests | |
| run: | | |
| echo "Running test suite..." | |
| cargo test --all --verbose -- --nocapture | |
| # Run clippy for code quality | |
| cargo clippy --all-targets --all-features -- -D warnings | |
| # Check formatting | |
| cargo fmt -- --check | |
| - name: Install and configure git-ai (${{ matrix.profile }}) | |
| run: | | |
| echo "Installing git-ai from ${{ matrix.profile }} build..." | |
| if [ "${{ matrix.profile }}" = "debug" ]; then | |
| cargo install --path . --debug --force | |
| else | |
| cargo install --path . --force | |
| fi | |
| # Verify installation | |
| which git-ai || echo "git-ai not found in PATH" | |
| which git-ai-hook || echo "git-ai-hook not found in PATH" | |
| git-ai --version || echo "Failed to get git-ai version" | |
| - name: Configure git-ai for testing | |
| run: | | |
| echo "Configuring git-ai..." | |
| git-ai hook install || echo "Hook installation failed" | |
| # Test configuration (without API key for security) | |
| git-ai config set model gpt-4o-mini || echo "Failed to set model" | |
| git-ai config set max-tokens 512 || echo "Failed to set max-tokens" | |
| git-ai config set max-commit-length 72 || echo "Failed to set max-commit-length" | |
| # Show current configuration | |
| git-ai config || echo "Failed to show config" | |
| - name: Upload build artifacts | |
| uses: actions/upload-artifact@v4 | |
| if: matrix.profile == 'release' | |
| with: | |
| name: git-ai-${{ matrix.profile }}-${{ runner.os }} | |
| path: | | |
| target/${{ matrix.profile }}/git-ai* | |
| !target/${{ matrix.profile }}/**/*.d | |
| !target/${{ matrix.profile }}/**/*.rlib | |
| security-and-quality: | |
| needs: setup-and-validate | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v5 | |
| - name: Restore caches | |
| uses: Swatinem/rust-cache@v2 | |
| with: | |
| cache-on-failure: true | |
| key: ${{ needs.setup-and-validate.outputs.cache-key }} | |
| - name: Setup Rust nightly toolchain | |
| uses: dtolnay/rust-toolchain@nightly | |
| - name: Security audit | |
| run: | | |
| echo "Running security audit..." | |
| cargo audit || echo "Security audit found issues" | |
| - name: Check for outdated dependencies | |
| run: | | |
| echo "Checking for outdated dependencies..." | |
| cargo outdated || echo "Some dependencies are outdated" | |
| - name: Dependency tree analysis | |
| run: | | |
| echo "Analyzing dependency tree..." | |
| cargo tree --duplicates || echo "No duplicate dependencies found" | |
| integration-testing: | |
| needs: [setup-and-validate, build-and-test] | |
| runs-on: ubuntu-latest | |
| if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v5 | |
| - name: Setup Rust and install git-ai | |
| run: | | |
| curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y | |
| source ~/.cargo/env | |
| rustup toolchain install nightly | |
| rustup default nightly | |
| cargo install --path . --debug | |
| - name: Install fish shell for integration tests | |
| run: | | |
| sudo apt-get update -qq | |
| sudo apt-get install -y fish | |
| - name: Run integration tests (dry-run) | |
| run: | | |
| echo "Running integration tests in dry-run mode..." | |
| # Set up a test environment without API key | |
| export OPENAI_API_KEY="test-key-for-dry-run" | |
| # Create a simple test that doesn't require API calls | |
| mkdir -p /tmp/git-ai-integration-test | |
| cd /tmp/git-ai-integration-test | |
| git init | |
| git config user.name "Test User" | |
| git config user.email "test@example.com" | |
| # Test hook installation | |
| git-ai hook install || echo "Hook installation test completed" | |
| git-ai hook uninstall || echo "Hook uninstallation test completed" | |
| # Test basic configuration | |
| git-ai config set model gpt-4o-mini || echo "Model configuration test completed" | |
| echo "Integration tests completed" | |
| performance-benchmarks: | |
| needs: setup-and-validate | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v5 | |
| - name: Restore caches | |
| uses: Swatinem/rust-cache@v2 | |
| with: | |
| key: ${{ needs.setup-and-validate.outputs.cache-key }} | |
| - name: Setup Rust nightly toolchain | |
| uses: dtolnay/rust-toolchain@nightly | |
| - name: Build optimized release | |
| run: | | |
| cargo build --release --verbose | |
| - name: Run performance benchmarks | |
| run: | | |
| echo "Running performance benchmarks..." | |
| # Test build time performance | |
| time cargo clean | |
| time cargo build --release | |
| # Test binary size | |
| ls -lh target/release/git-ai* | |
| echo "Performance benchmark completed" | |
| - name: Generate performance report | |
| run: | | |
| echo "# Performance Report" > performance-report.md | |
| echo "- Build time: $(date)" >> performance-report.md | |
| echo "- Rust version: ${{ needs.setup-and-validate.outputs.rust-version }}" >> performance-report.md | |
| echo "- Binary sizes:" >> performance-report.md | |
| ls -lh target/release/git-ai* >> performance-report.md | |
| - name: Upload performance report | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: performance-report | |
| path: performance-report.md | |
| summary: | |
| needs: [setup-and-validate, build-and-test, security-and-quality, integration-testing, performance-benchmarks] | |
| runs-on: ubuntu-latest | |
| if: always() | |
| steps: | |
| - name: Generate workflow summary | |
| run: | | |
| echo "# Git AI Copilot Setup Workflow Summary" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| echo "## Job Status" >> $GITHUB_STEP_SUMMARY | |
| echo "- Setup & Validation: ${{ needs.setup-and-validate.result }}" >> $GITHUB_STEP_SUMMARY | |
| echo "- Build & Test: ${{ needs.build-and-test.result }}" >> $GITHUB_STEP_SUMMARY | |
| echo "- Security & Quality: ${{ needs.security-and-quality.result }}" >> $GITHUB_STEP_SUMMARY | |
| echo "- Integration Testing: ${{ needs.integration-testing.result }}" >> $GITHUB_STEP_SUMMARY | |
| echo "- Performance Benchmarks: ${{ needs.performance-benchmarks.result }}" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| echo "## Environment Info" >> $GITHUB_STEP_SUMMARY | |
| echo "- Rust Version: ${{ needs.setup-and-validate.outputs.rust-version }}" >> $GITHUB_STEP_SUMMARY | |
| echo "- Cache Key: ${{ needs.setup-and-validate.outputs.cache-key }}" >> $GITHUB_STEP_SUMMARY | |
| echo "- Runner OS: ${{ runner.os }}" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| echo "## Available Tools for Agents" >> $GITHUB_STEP_SUMMARY | |
| echo "- ✅ git-ai (debug and release builds)" >> $GITHUB_STEP_SUMMARY | |
| echo "- ✅ Rust toolchain (nightly with components)" >> $GITHUB_STEP_SUMMARY | |
| echo "- ✅ Development tools (cargo-audit, cargo-outdated, etc.)" >> $GITHUB_STEP_SUMMARY | |
| echo "- ✅ System tools (fish, jq, tree, htop, etc.)" >> $GITHUB_STEP_SUMMARY | |
| echo "- ✅ Security scanning and quality checks" >> $GITHUB_STEP_SUMMARY | |
| echo "- ✅ Performance benchmarking" >> $GITHUB_STEP_SUMMARY |