Create ci.yml

csd113 · web-flow · commit 4ea7c1c3163f · 2026-03-10T21:17:19.000-07:00
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -0,0 +1,316 @@
+# .github/workflows/ci.yml
+name: CI
+
+on:
+  push:
+    branches: [main, master, develop]
+  pull_request:
+    branches: [main, master, develop]
+  workflow_dispatch:
+
+# Cancel in-progress runs for the same branch/PR
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+env:
+  CARGO_TERM_COLOR: always
+  CARGO_INCREMENTAL: 0
+  CARGO_NET_RETRY: 10
+  RUSTUP_MAX_RETRIES: 10
+  RUST_BACKTRACE: short
+  # Faster compilation via sccache
+  SCCACHE_GHA_ENABLED: "true"
+  RUSTC_WRAPPER: "sccache"
+
+jobs:
+  # ──────────────────────────────────────────────
+  # 1. Code Quality (runs once, fast feedback)
+  # ──────────────────────────────────────────────
+  fmt:
+    name: Rustfmt
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: dtolnay/rust-toolchain@nightly
+        with:
+          components: rustfmt
+      - run: cargo fmt --all -- --check
+
+  clippy:
+    name: Clippy
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: dtolnay/rust-toolchain@stable
+        with:
+          components: clippy
+      - uses: mozilla-actions/sccache-action@v0.0.6
+      - uses: taiki-e/install-action@cargo-hack
+      - name: Clippy (all feature combinations)
+        run: cargo hack clippy --feature-powerset --no-dev-deps -- -D warnings
+      - name: Clippy (tests)
+        run: cargo clippy --all-targets -- -D warnings
+
+  docs:
+    name: Documentation
+    runs-on: ubuntu-latest
+    env:
+      RUSTDOCFLAGS: -D warnings
+    steps:
+      - uses: actions/checkout@v4
+      - uses: dtolnay/rust-toolchain@stable
+      - uses: mozilla-actions/sccache-action@v0.0.6
+      - run: cargo doc --no-deps --all-features
+
+  # ──────────────────────────────────────────────
+  # 2. Security & Dependency Audit
+  # ──────────────────────────────────────────────
+  audit:
+    name: Security Audit
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: taiki-e/install-action@cargo-deny
+      - run: cargo deny check
+
+  # ──────────────────────────────────────────────
+  # 3. Tests — Native (all target platforms)
+  # ──────────────────────────────────────────────
+  test:
+    name: Test (${{ matrix.name }})
+    needs: [fmt, clippy]
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          # ── Linux x86_64 ──
+          - name: Linux x86_64
+            os: ubuntu-latest
+            target: x86_64-unknown-linux-gnu
+            cross: false
+
+          # ── Linux ARM64 ──
+          - name: Linux ARM64
+            os: ubuntu-latest
+            target: aarch64-unknown-linux-gnu
+            cross: true
+
+          # ── macOS ARM64 (Apple Silicon) ──
+          - name: macOS ARM64
+            os: macos-14
+            target: aarch64-apple-darwin
+            cross: false
+
+          # ── macOS x86_64 ──
+          - name: macOS x86_64
+            os: macos-13
+            target: x86_64-apple-darwin
+            cross: false
+
+          # ── Windows x86_64 ──
+          - name: Windows x86_64
+            os: windows-latest
+            target: x86_64-pc-windows-msvc
+            cross: false
+
+    runs-on: ${{ matrix.os }}
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: dtolnay/rust-toolchain@stable
+        with:
+          targets: ${{ matrix.target }}
+
+      - uses: mozilla-actions/sccache-action@v0.0.6
+
+      - name: Install cross
+        if: matrix.cross
+        uses: taiki-e/install-action@cross
+
+      - name: Run tests (native)
+        if: "!matrix.cross"
+        run: cargo test --all-features --target ${{ matrix.target }}
+
+      - name: Run tests (cross)
+        if: matrix.cross
+        run: cross test --all-features --target ${{ matrix.target }}
+
+  # ──────────────────────────────────────────────
+  # 4. Build Release Binaries (all platforms)
+  # ──────────────────────────────────────────────
+  build:
+    name: Build (${{ matrix.name }})
+    needs: [fmt, clippy]
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - name: Linux x86_64
+            os: ubuntu-latest
+            target: x86_64-unknown-linux-gnu
+            cross: false
+            artifact: target/x86_64-unknown-linux-gnu/release
+
+          - name: Linux ARM64
+            os: ubuntu-latest
+            target: aarch64-unknown-linux-gnu
+            cross: true
+            artifact: target/aarch64-unknown-linux-gnu/release
+
+          - name: macOS ARM64
+            os: macos-14
+            target: aarch64-apple-darwin
+            cross: false
+            artifact: target/aarch64-apple-darwin/release
+
+          - name: macOS x86_64
+            os: macos-13
+            target: x86_64-apple-darwin
+            cross: false
+            artifact: target/x86_64-apple-darwin/release
+
+          - name: Windows x86_64
+            os: windows-latest
+            target: x86_64-pc-windows-msvc
+            cross: false
+            artifact: target/x86_64-pc-windows-msvc/release
+
+    runs-on: ${{ matrix.os }}
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: dtolnay/rust-toolchain@stable
+        with:
+          targets: ${{ matrix.target }}
+
+      - uses: mozilla-actions/sccache-action@v0.0.6
+
+      - name: Install cross
+        if: matrix.cross
+        uses: taiki-e/install-action@cross
+
+      - name: Build release (native)
+        if: "!matrix.cross"
+        run: cargo build --release --all-features --target ${{ matrix.target }}
+
+      - name: Build release (cross)
+        if: matrix.cross
+        run: cross build --release --all-features --target ${{ matrix.target }}
+
+      - name: Upload artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: build-${{ matrix.target }}
+          path: |
+            ${{ matrix.artifact }}/*
+            !${{ matrix.artifact }}/.fingerprint
+            !${{ matrix.artifact }}/build
+            !${{ matrix.artifact }}/deps
+            !${{ matrix.artifact }}/examples
+            !${{ matrix.artifact }}/incremental
+            !${{ matrix.artifact }}/.cargo-lock
+          if-no-files-found: error
+          retention-days: 7
+
+  # ──────────────────────────────────────────────
+  # 5. Code Coverage
+  # ──────────────────────────────────────────────
+  coverage:
+    name: Code Coverage
+    needs: [fmt, clippy]
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: dtolnay/rust-toolchain@stable
+      - uses: mozilla-actions/sccache-action@v0.0.6
+      - uses: taiki-e/install-action@cargo-llvm-cov
+
+      - name: Generate coverage
+        run: cargo llvm-cov --all-features --workspace --lcov --output-path lcov.info
+
+      - name: Upload to Codecov
+        uses: codecov/codecov-action@v4
+        with:
+          files: lcov.info
+          fail_ci_if_error: false
+        env:
+          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
+
+  # ──────────────────────────────────────────────
+  # 6. MSRV (Minimum Supported Rust Version)
+  # ──────────────────────────────────────────────
+  msrv:
+    name: MSRV Check
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: taiki-e/install-action@cargo-hack
+      - name: Check MSRV
+        run: cargo hack check --rust-version --workspace --all-targets --ignore-private
+
+  # ──────────────────────────────────────────────
+  # 7. Miri (Undefined Behavior Detection)
+  # ──────────────────────────────────────────────
+  miri:
+    name: Miri
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: dtolnay/rust-toolchain@nightly
+        with:
+          components: miri
+      - name: Run Miri
+        run: cargo miri test --all-features
+        env:
+          MIRIFLAGS: -Zmiri-strict-provenance
+
+  # ──────────────────────────────────────────────
+  # 8. Gate — all checks must pass
+  # ──────────────────────────────────────────────
+  ci-pass:
+    name: CI Pass ✅
+    if: always()
+    needs: [fmt, clippy, docs, audit, test, build, coverage, msrv, miri]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Evaluate results
+        run: |
+          echo "Results:"
+          echo "  fmt:      ${{ needs.fmt.result }}"
+          echo "  clippy:   ${{ needs.clippy.result }}"
+          echo "  docs:     ${{ needs.docs.result }}"
+          echo "  audit:    ${{ needs.audit.result }}"
+          echo "  test:     ${{ needs.test.result }}"
+          echo "  build:    ${{ needs.build.result }}"
+          echo "  coverage: ${{ needs.coverage.result }}"
+          echo "  msrv:     ${{ needs.msrv.result }}"
+          echo "  miri:     ${{ needs.miri.result }}"
+
+      - name: All checks passed
+        if: >-
+          needs.fmt.result      == 'success' &&
+          needs.clippy.result   == 'success' &&
+          needs.docs.result     == 'success' &&
+          needs.audit.result    == 'success' &&
+          needs.test.result     == 'success' &&
+          needs.build.result    == 'success' &&
+          needs.coverage.result == 'success' &&
+          needs.msrv.result     == 'success' &&
+          needs.miri.result     == 'success'
+        run: echo "🎉 All CI checks passed!"
+
+      - name: Some checks failed
+        if: >-
+          needs.fmt.result      != 'success' ||
+          needs.clippy.result   != 'success' ||
+          needs.docs.result     != 'success' ||
+          needs.audit.result    != 'success' ||
+          needs.test.result     != 'success' ||
+          needs.build.result    != 'success' ||
+          needs.coverage.result != 'success' ||
+          needs.msrv.result     != 'success' ||
+          needs.miri.result     != 'success'
+        run: |
+          echo "❌ Some CI checks failed!"
+          exit 1
