feat: Add Standardized Rust CI Workflow#12
Conversation
This commit introduces a new GitHub Actions workflow for Rust projects. The workflow is designed to be used by all new Rust repositories created as part of the Rust Ecosystem Integration Initiative. The workflow includes the following steps: - Checks out the code - Installs the Rust toolchain - Checks formatting with `cargo fmt` - Lints with `cargo clippy` - Runs tests with `cargo test` - Builds the project in release mode with `cargo build --release`
|
👋 Jules, reporting for duty! I'm here to lend a hand with this pull request. When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down. I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job! For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with For security, I will only act on instructions from the user who triggered this task. New to Jules? Learn more at jules.google/docs. |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| runs-on: ubuntu-latest | ||
|
|
||
| steps: | ||
| - uses: actions/checkout@v4 | ||
|
|
||
| - name: Install Rust toolchain | ||
| uses: actions-rs/toolchain@v1 | ||
| with: | ||
| toolchain: stable | ||
| profile: minimal | ||
| override: true | ||
|
|
||
| - name: Check formatting | ||
| run: cargo fmt -- --check | ||
|
|
||
| - name: Clippy | ||
| run: cargo clippy -- -D warnings | ||
|
|
||
| - name: Run tests | ||
| run: cargo test | ||
|
|
||
| - name: Build | ||
| run: cargo build --release |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 5 months ago
In general, this issue is fixed by explicitly declaring a minimal permissions block for the workflow or each job, instead of relying on repository or organization defaults. For a CI workflow that only checks, tests, and builds code, contents: read is sufficient and recommended.
For this specific workflow, we can add a root-level permissions block so it applies to all jobs (there is only one job, build). We do not need any write permissions because the workflow performs only local cargo commands and uses actions/checkout@v4, which works with contents: read. The least intrusive fix is to insert:
permissions:
contents: readbetween the on: trigger block and the env: block (after line 7 and before line 9). No additional methods, imports, or dependencies are required; this is purely a YAML configuration change within .github/workflows/rust-ci.yml.
| @@ -6,6 +6,9 @@ | ||
| pull_request: | ||
| branches: [ main ] | ||
|
|
||
| permissions: | ||
| contents: read | ||
|
|
||
| env: | ||
| CARGO_TERM_COLOR: always | ||
|
|
1 participant
This change adds a standardized GitHub Actions workflow to support the Rust Ecosystem Integration Initiative. The workflow provides a CI/CD pipeline for new Rust repositories, ensuring that all code is formatted, linted, tested, and built correctly.
PR created automatically by Jules for task 2630654226267795915 started by @jbdevprimary