vectordotdev
diff --git a/‎.github/actions/setup/action.yml‎
Lines changed: 8 additions & 1 deletion b/‎.github/actions/setup/action.yml‎
Lines changed: 8 additions & 1 deletion
diff --git a/‎.github/actions/spelling/allow.txt‎
Lines changed: 5 additions & 0 deletions b/‎.github/actions/spelling/allow.txt‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎.github/actions/spelling/expect.txt‎
Lines changed: 3 additions & 0 deletions b/‎.github/actions/spelling/expect.txt‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎.github/workflows/coverage.yml‎
Lines changed: 39 additions & 0 deletions b/‎.github/workflows/coverage.yml‎
Lines changed: 39 additions & 0 deletions
diff --git a/‎.github/workflows/environment.yml‎
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/environment.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎.github/workflows/regression.yml‎
Lines changed: 8 additions & 8 deletions b/‎.github/workflows/regression.yml‎
Lines changed: 8 additions & 8 deletions
diff --git a/‎.github/workflows/semantic.yml‎
Lines changed: 4 additions & 2 deletions b/‎.github/workflows/semantic.yml‎
Lines changed: 4 additions & 2 deletions
diff --git a/‎.github/workflows/static-analysis.yml‎
Lines changed: 26 additions & 0 deletions b/‎.github/workflows/static-analysis.yml‎
Lines changed: 26 additions & 0 deletions
diff --git a/‎AGENTS.md‎
Lines changed: 4 additions & 0 deletions b/‎AGENTS.md‎
Lines changed: 4 additions & 0 deletions
@@ -58,6 +58,10 @@ inputs:
     required: false
     default: false
     description: "Install cargo-hack for feature compilation checks."
+  cargo-llvm-cov:
+    required: false
+    default: false
+    description: "Install cargo-llvm-cov for code coverage."
   dd-rust-license-tool:
     required: false
     default: false
@@ -111,6 +115,7 @@ runs:
                    "${{ inputs.cargo-deny }}" \
                    "${{ inputs.cargo-msrv }}" \
                    "${{ inputs.cargo-hack }}" \
+                   "${{ inputs.cargo-llvm-cov }}" \
                    "${{ inputs.dd-rust-license-tool }}" \
                    "${{ inputs.wasm-pack }}"; do
           if [[ "$val" == "true" ]]; then
@@ -182,7 +187,7 @@ runs:
         # We explicitly put `mold-wrapper.so` right beside `mold` itself because it's hard-coded to look in the same directory
         # first when trying to load the shared object, so we can dodge having to care about the "right" lib folder to put it in.
         TEMP=$(mktemp -d)
-        MOLD_VERSION=1.2.1
+        MOLD_VERSION=2.40.4
         MOLD_TARGET=mold-${MOLD_VERSION}-$(uname -m)-linux
         curl -fsSL "https://github.com/rui314/mold/releases/download/v${MOLD_VERSION}/${MOLD_TARGET}.tar.gz" \
         --output "$TEMP/${MOLD_TARGET}.tar.gz"
@@ -259,6 +264,7 @@ runs:
           ~/.cargo/bin/cargo-deny
           ~/.cargo/bin/cargo-msrv
           ~/.cargo/bin/cargo-hack
+          ~/.cargo/bin/cargo-llvm-cov
           ~/.cargo/bin/dd-rust-license-tool
           ~/.cargo/bin/wasm-pack
           /usr/local/bin/markdownlint
@@ -278,6 +284,7 @@ runs:
         [[ "${{ inputs.cargo-deny }}" == "true" ]] && mods+=("cargo-deny")
         [[ "${{ inputs.cargo-msrv }}" == "true" ]] && mods+=("cargo-msrv")
         [[ "${{ inputs.cargo-hack }}" == "true" ]] && mods+=("cargo-hack")
+        [[ "${{ inputs.cargo-llvm-cov }}" == "true" ]] && mods+=("cargo-llvm-cov")
         [[ "${{ inputs.dd-rust-license-tool }}" == "true" ]] && mods+=("dd-rust-license-tool")
         [[ "${{ inputs.wasm-pack }}" == "true" ]] && mods+=("wasm-pack")
         [[ "${{ inputs.markdownlint }}" == "true" ]] && mods+=("markdownlint")
 
@@ -60,6 +60,7 @@ Bedove
 Benss
 bigendian
 bindir
+binstall
 binfmt
 bitcast
 bitcode
@@ -561,6 +562,10 @@ zstandard
 ZTE
 Zync
 sighup
+CPPFLAGS
+LDFLAGS
+libsasl
+pkgconfig
 CLAUDE
 linting
 lexers
@@ -170,11 +170,13 @@ duser
 dynamicwireless
 dyno
 ebfcee
+ector
 edenhill
 edns
 eeyun
 efgh
 Elhage
+elopment
 emerg
 endianess
 endler
@@ -646,6 +648,7 @@ wayfor
 wday
 webgraphviz
 websites
+websockets
 wensite
 whostheboss
 willreturn
 
@@ -0,0 +1,39 @@
+name: Code Coverage
+
+on:
+  push:
+    branches:
+      - master
+  workflow_dispatch:  # Allow manual trigger from GitHub UI
+
+permissions:
+  contents: read
+
+env:
+  CI: true
+  CARGO_INCREMENTAL: '0'  # Disable incremental compilation for coverage
+
+jobs:
+  coverage:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+
+      - uses: ./.github/actions/setup
+        with:
+          rust: true
+          libsasl2: true
+          protoc: true
+          cargo-llvm-cov: true
+          cargo-nextest: true
+          datadog-ci: true
+
+      - name: "Generate code coverage"
+        run: cargo llvm-cov nextest --workspace --lcov --output-path lcov.info
+
+      - name: "Upload coverage to Datadog"
+        env:
+          DD_API_KEY: ${{ secrets.DD_API_KEY }}
+          DD_SITE: datadoghq.com
+          DD_ENV: ci
+        run: datadog-ci coverage upload lcov.info
@@ -69,7 +69,7 @@ jobs:
         run: sudo -E bash scripts/ci-free-disk-space.sh
 
       - name: Build image (no push)
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2
         with:
           context: .
           file: ./scripts/environment/Dockerfile
@@ -89,7 +89,7 @@ jobs:
 
       - name: Push image
         if: env.SHOULD_PUBLISH == 'true'
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2
         with:
           context: .
           file: ./scripts/environment/Dockerfile
 
@@ -212,7 +212,7 @@ jobs:
         uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
 
       - name: Build 'vector' target image
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2
         with:
           context: baseline-vector/
           cache-from: type=gha
@@ -255,7 +255,7 @@ jobs:
         uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
 
       - name: Build 'vector' target image
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2
         with:
           context: comparison-vector/
           cache-from: type=gha
@@ -281,7 +281,7 @@ jobs:
       - resolve-inputs
     steps:
       - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1
+        uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6.0.0
         with:
           aws-access-key-id: ${{ secrets.SINGLE_MACHINE_PERFORMANCE_BOT_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.SINGLE_MACHINE_PERFORMANCE_BOT_SECRET_ACCESS_KEY }}
@@ -315,7 +315,7 @@ jobs:
           docker load --input baseline-image.tar
 
       - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1
+        uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6.0.0
         with:
           aws-access-key-id: ${{ secrets.SINGLE_MACHINE_PERFORMANCE_BOT_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.SINGLE_MACHINE_PERFORMANCE_BOT_SECRET_ACCESS_KEY }}
@@ -355,7 +355,7 @@ jobs:
           docker load --input comparison-image.tar
 
       - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1
+        uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6.0.0
         with:
           aws-access-key-id: ${{ secrets.SINGLE_MACHINE_PERFORMANCE_BOT_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.SINGLE_MACHINE_PERFORMANCE_BOT_SECRET_ACCESS_KEY }}
@@ -394,7 +394,7 @@ jobs:
           ref: ${{ needs.resolve-inputs.outputs.comparison-sha }}
 
       - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1
+        uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6.0.0
         with:
           aws-access-key-id: ${{ secrets.SINGLE_MACHINE_PERFORMANCE_BOT_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.SINGLE_MACHINE_PERFORMANCE_BOT_SECRET_ACCESS_KEY }}
@@ -467,7 +467,7 @@ jobs:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
       - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1
+        uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6.0.0
         with:
           aws-access-key-id: ${{ secrets.SINGLE_MACHINE_PERFORMANCE_BOT_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.SINGLE_MACHINE_PERFORMANCE_BOT_SECRET_ACCESS_KEY }}
@@ -510,7 +510,7 @@ jobs:
           ref: ${{ needs.resolve-inputs.outputs.comparison-sha }}
 
       - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1
+        uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6.0.0
         with:
           aws-access-key-id: ${{ secrets.SINGLE_MACHINE_PERFORMANCE_BOT_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.SINGLE_MACHINE_PERFORMANCE_BOT_SECRET_ACCESS_KEY }}
 
@@ -15,8 +15,8 @@ permissions:
 jobs:
   main:
     permissions:
-      pull-requests: read  # for amannn/action-semantic-pull-request to analyze PRs
-      statuses: write  # for amannn/action-semantic-pull-request to mark status of analyzed PR
+      pull-requests: read # for amannn/action-semantic-pull-request to analyze PRs
+      statuses: write # for amannn/action-semantic-pull-request to mark status of analyzed PR
     name: Check Semantic PR
     runs-on: ubuntu-24.04
     steps:
@@ -36,6 +36,8 @@ jobs:
           scopes: |
             administration
             api
+            api top
+            api tap
             ARC
             architecture
             auth
 
@@ -0,0 +1,26 @@
+name: Static Analysis
+
+on:
+  push:
+    branches:
+      - master
+      - "**"  # Run on all branches (includes PR branches)
+  workflow_dispatch:  # Allow manual trigger from GitHub UI
+
+permissions:
+  contents: read
+
+jobs:
+  static-analysis:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+
+      - name: Datadog Static Analyzer
+        if: ${{ secrets.DD_API_KEY != '' }}
+        uses: DataDog/datadog-static-analyzer-github-action@8340f18875fcefca86844b5f947ce2431387e552 # v3.0.0
+        with:
+          dd_api_key: ${{ secrets.DD_API_KEY }}
+          dd_app_key: ${{ secrets.DD_APP_KEY }}
+          dd_site: datadoghq.com
+          secrets_enabled: true
@@ -254,6 +254,10 @@ cargo install dd-rust-license-tool --locked
 make build-licenses
 ```
 
+## Creating Pull Requests
+
+Before opening a PR, read [`.github/PULL_REQUEST_TEMPLATE.md`](.github/PULL_REQUEST_TEMPLATE.md) and use it as the reference for the PR body structure and title.
+
 ## Reference Documentation
 
 These documents provide context that AI agents and developers need when working on Vector code.