Feature/static collections 118 #296
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Rust CI | |
| on: | |
| push: | |
| branches: [ main ] | |
| pull_request: | |
| branches: [ main ] | |
| workflow_dispatch: # Allows manual triggering | |
| inputs: | |
| run_extended_analysis: # Input to specifically trigger Kani/Miri | |
| description: 'Run Kani and Miri extended static analysis?' | |
| required: false | |
| default: false # Boolean false, not string | |
| type: boolean | |
| permissions: | |
| contents: read | |
| issues: write | |
| pull-requests: write | |
| actions: read | |
| checks: write | |
| env: | |
| CARGO_TERM_COLOR: always | |
| # RUST_LOG: "info,cargo_wrt=debug,dagger_sdk=debug" # Optional: for more detailed Dagger logs | |
| jobs: | |
| ci_checks_and_docs: | |
| name: CI Checks & Docs | |
| runs-on: ubuntu-latest | |
| # This job runs on push, PR, and all manual triggers (regardless of input) | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - name: Cargo Cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cargo/bin/ | |
| ~/.cargo/registry/index/ | |
| ~/.cargo/registry/cache/ | |
| ~/.cargo/git/db/ | |
| target/ | |
| key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} | |
| - name: Dagger Engine Cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.cache/dagger | |
| key: ${{ runner.os }}-dagger-engine | |
| - uses: actions-rs/toolchain@v1 | |
| with: | |
| profile: minimal | |
| toolchain: stable # Or match your rust-toolchain.toml for building cargo-wrt | |
| override: true | |
| - name: Install and setup cargo-wrt with all tools | |
| run: | | |
| cargo build --package cargo-wrt # Ensures cargo-wrt and its direct deps are built/cached | |
| cargo install --path cargo-wrt # Install cargo-wrt for use in subsequent steps | |
| cargo-wrt setup --all # Setup all development tools automatically | |
| - name: Run CI Integrity Checks (lint, fmt, deny, spell, headers, etc.) | |
| run: cargo-wrt verify --detailed | |
| - name: Setup Java for PlantUML (if CheckDocsStrict Dagger pipeline needs it from host - unlikely) | |
| uses: actions/setup-java@v4 | |
| if: false # Assuming Dagger pipeline for docs is self-contained | |
| with: | |
| distribution: 'temurin' | |
| java-version: '17' | |
| - name: Install Python & PlantUML (if CheckDocsStrict Dagger pipeline needs them - unlikely) | |
| if: false # Assuming Dagger pipeline for docs is self-contained | |
| run: | | |
| sudo apt-get update && sudo apt-get install -y python3-pip plantuml | |
| pip3 install -r docs/source/requirements.txt | |
| - name: Run Strict Documentation Check | |
| run: cargo-wrt docs --private | |
| - name: Initialize Requirements File (if missing) | |
| run: cargo-wrt verify --asil c # Requirements initialization is handled automatically | |
| - name: Run Requirements Verification | |
| run: cargo-wrt verify --asil c --detailed | |
| - name: Generate Safety Summary for Documentation | |
| run: cargo-wrt verify --asil c --detailed # Safety summary is generated automatically | |
| code_quality: | |
| name: Code Quality Checks | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - uses: actions-rs/toolchain@v1 | |
| with: | |
| profile: minimal | |
| toolchain: stable | |
| override: true | |
| components: rustfmt, clippy | |
| - name: Install and setup cargo-wrt | |
| run: | | |
| cargo build --package cargo-wrt | |
| cargo install --path cargo-wrt | |
| cargo-wrt setup --check # Verify tools are available | |
| - name: Check for test files in src/ | |
| run: cargo-wrt validate --check-test-files | |
| - name: Check module documentation coverage | |
| run: cargo-wrt validate --check-docs | |
| - name: Check code formatting | |
| run: cargo fmt --all -- --check | |
| - name: Run clippy checks | |
| run: cargo clippy --workspace --all-targets -- -D warnings | |
| core_tests_and_analysis: | |
| name: Core Tests, Analysis & Coverage | |
| runs-on: ubuntu-latest | |
| # This job runs on push, PR, and all manual triggers (regardless of input) | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - name: Cargo Cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cargo/bin/ | |
| ~/.cargo/registry/index/ | |
| ~/.cargo/registry/cache/ | |
| ~/.cargo/git/db/ | |
| target/ | |
| key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} | |
| - name: Dagger Engine Cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.cache/dagger | |
| key: ${{ runner.os }}-dagger-engine | |
| - uses: actions-rs/toolchain@v1 | |
| with: | |
| profile: minimal | |
| toolchain: stable # For cargo-wrt. Nightly for UDeps should be handled internally. | |
| override: true | |
| components: llvm-tools-preview # For coverage | |
| - name: Install and setup cargo-wrt with tools | |
| run: | | |
| cargo build --package cargo-wrt | |
| cargo install --path cargo-wrt | |
| cargo-wrt setup --all # Setup all required tools for testing and analysis | |
| - name: Run Tests | |
| run: cargo-wrt test | |
| - name: Run Code Validation Checks | |
| run: cargo-wrt validate --all | |
| - name: Check Unused Dependencies | |
| run: cargo-wrt check --strict | |
| - name: Run Security Audit | |
| run: cargo-wrt verify --asil c | |
| - name: Run Coverage Tests | |
| run: cargo-wrt coverage --html # This should produce lcov.info and junit.xml | |
| - name: Run Basic Safety Checks | |
| run: | | |
| cargo test -p wrt-foundation asil_testing -- --nocapture || true | |
| cargo-wrt verify --asil c || true | |
| - name: Upload coverage reports to Codecov | |
| uses: codecov/codecov-action@v5 | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| files: | | |
| ./target/coverage/lcov.info | |
| ./target/coverage/cobertura.xml | |
| fail_ci_if_error: true | |
| - name: Upload test results to Codecov (JUnit) | |
| if: ${{ !cancelled() }} | |
| uses: codecov/test-results-action@v1 | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| files: ./target/coverage/junit.xml # Ensure this path is correct | |
| safety_verification: | |
| name: SCORE-Inspired Safety Verification | |
| runs-on: ubuntu-latest | |
| # Run safety verification on all pushes and PRs | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - name: Cargo Cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cargo/bin/ | |
| ~/.cargo/registry/index/ | |
| ~/.cargo/registry/cache/ | |
| ~/.cargo/git/db/ | |
| target/ | |
| key: ${{ runner.os }}-cargo-safety-${{ hashFiles('**/Cargo.lock') }} | |
| - uses: actions-rs/toolchain@v1 | |
| with: | |
| profile: minimal | |
| toolchain: stable | |
| override: true | |
| - name: Install and setup cargo-wrt for safety verification | |
| run: | | |
| cargo build --package cargo-wrt | |
| cargo install --path cargo-wrt | |
| cargo-wrt setup --check # Verify required tools for safety verification | |
| - name: Check Requirements File | |
| run: cargo-wrt verify --asil c | |
| continue-on-error: true | |
| - name: Initialize Requirements if Missing | |
| run: cargo-wrt verify --asil c # Requirements are initialized automatically | |
| if: failure() # Only run if check-requirements failed | |
| - name: Run ASIL Test Suite | |
| run: cargo test -p wrt-foundation asil_testing -- --nocapture | |
| continue-on-error: true | |
| - name: Generate Comprehensive Safety Report (JSON) | |
| run: cargo-wrt verify --asil d --detailed > safety-verification-full.json | |
| - name: Generate Comprehensive Safety Report (HTML) | |
| run: cargo-wrt verify --asil d --detailed # HTML report generated automatically | |
| - name: Generate Safety Dashboard | |
| run: cargo-wrt verify --asil d --detailed # Dashboard included in detailed verification | |
| - name: Upload Safety Artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: safety-verification-artifacts | |
| path: | | |
| safety-verification-full.json | |
| safety-verification-report.html | |
| docs/source/_generated_safety_summary.rst | |
| retention-days: 90 | |
| - name: Safety Verification Gate | |
| run: cargo-wrt verify --asil d | |
| extended_static_analysis: | |
| name: Extended Static Analysis (Miri, Kani) | |
| runs-on: ubuntu-latest | |
| # Only run this job if the workflow was manually dispatched AND the input was true | |
| if: github.event_name == 'workflow_dispatch' && github.event.inputs.run_extended_analysis == true # Compare to boolean true | |
| needs: [ci_checks_and_docs, core_tests_and_analysis, safety_verification] # Optional: wait for other jobs | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - name: Cargo Cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cargo/bin/ | |
| ~/.cargo/registry/index/ | |
| ~/.cargo/registry/cache/ | |
| ~/.cargo/git/db/ | |
| target/ | |
| key: ${{ runner.os }}-cargo-extended-${{ hashFiles('**/Cargo.lock') }} | |
| - name: Dagger Engine Cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.cache/dagger | |
| key: ${{ runner.os }}-dagger-engine-extended | |
| - uses: actions-rs/toolchain@v1 | |
| with: | |
| profile: minimal | |
| # Kani/Miri might need nightly or specific stable. Adjust as needed. | |
| # The cargo-wrt should ideally manage this internally. | |
| toolchain: stable # Or nightly if Kani/Miri need it directly for cargo-wrt compilation | |
| override: true | |
| # Add components if they can be installed via rustup and cargo-wrt doesn't handle it | |
| # components: miri, kani # (kani might need manual install steps) | |
| - name: Install and setup cargo-wrt for extended analysis | |
| run: | | |
| cargo build --package cargo-wrt | |
| cargo install --path cargo-wrt | |
| cargo-wrt setup --all # Setup all tools including Kani and Miri | |
| # Run advanced static analysis | |
| - name: Run Miri Checks | |
| run: cargo-wrt verify --asil d --no-kani | |
| - name: Run Kani Checks | |
| run: cargo-wrt kani-verify --asil-profile d --verbose | |
| # Coverage job is still Linux-only as tarpaulin only supports Linux | |
| coverage: | |
| name: Code Coverage | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cargo/bin/ | |
| ~/.cargo/registry/index/ | |
| ~/.cargo/registry/cache/ | |
| ~/.cargo/git/db/ | |
| target/ | |
| key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} | |
| - uses: dtolnay/rust-toolchain@stable | |
| with: | |
| components: llvm-tools-preview | |
| - name: Setup Rust targets | |
| run: rustup target add wasm32-unknown-unknown wasm32-wasip1 wasm32-wasip2 || true | |
| - name: Run coverage tests | |
| run: cargo-wrt coverage --html | |
| - name: Upload coverage reports to Codecov | |
| uses: codecov/codecov-action@v5 | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| file: target/llvm-cov/lcov.info | |
| fail_ci_if_error: false | |
| audit: | |
| name: Security Audit (${{ matrix.os }}) | |
| strategy: | |
| fail-fast: false # Don't stop all jobs if one fails | |
| matrix: | |
| os: [ubuntu-latest, macos-latest, windows-latest] | |
| include: | |
| - os: windows-latest | |
| continue-on-error: true # Allow Windows to fail without stopping the workflow | |
| runs-on: ${{ matrix.os }} | |
| continue-on-error: ${{ matrix.continue-on-error || false }} | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - uses: actions-rs/audit-check@v1 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} |