Update STPA artifacts: SC-002, CC-002 implemented #20
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| jobs: | |
| verify-rules: | |
| name: Verify rules load | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: bazelbuild/setup-bazelisk@v3 | |
| - uses: actions/cache@v4 | |
| with: | |
| path: ~/.cache/bazel | |
| key: bazel-verify-${{ runner.os }}-${{ hashFiles('MODULE.bazel') }} | |
| restore-keys: bazel-verify-${{ runner.os }}- | |
| - name: Query lean rules | |
| run: bazel query '//lean/...' | |
| - name: Query aeneas rules | |
| run: bazel query '//aeneas/...' | |
| build: | |
| name: Build hello (${{ matrix.os }}) | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ubuntu-latest, macos-latest] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: bazelbuild/setup-bazelisk@v3 | |
| - uses: actions/cache@v4 | |
| with: | |
| path: ~/.cache/bazel | |
| key: bazel-build-${{ runner.os }}-${{ hashFiles('MODULE.bazel') }} | |
| restore-keys: bazel-build-${{ runner.os }}- | |
| - name: Clean build cache | |
| run: bazel clean --expunge_async || true | |
| - name: Build hello_lean | |
| run: bazel build //examples/hello_lean:hello | |
| - name: Test hello_lean | |
| run: bazel test //examples/hello_lean:hello_test | |
| test-hash-enforcement: | |
| name: Test SHA-256 enforcement | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: bazelbuild/setup-bazelisk@v3 | |
| - name: Verify missing hash fails | |
| run: | | |
| cd tests/missing_hash | |
| if bazel query '//...' 2>&1; then | |
| echo "ERROR: should have failed with missing hash" | |
| exit 1 | |
| else | |
| bazel query '//...' 2>&1 | grep -q "SHA-256 hash missing" | |
| echo "PASS: missing hash correctly rejected" | |
| fi | |
| - name: Verify dev mode opt-out works | |
| run: | | |
| cd tests/dev_mode | |
| bazel query '//...' 2>&1 | |
| echo "PASS: dev mode opt-out accepted" | |
| build-mathlib: | |
| name: Build mathlib proofs (Linux) | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: bazelbuild/setup-bazelisk@v3 | |
| - uses: actions/cache@v4 | |
| with: | |
| path: ~/.cache/bazel | |
| key: bazel-mathlib-${{ runner.os }}-${{ hashFiles('MODULE.bazel') }} | |
| restore-keys: bazel-mathlib-${{ runner.os }}- | |
| - name: Build mathlib proofs | |
| run: bazel build //examples/mathlib_proof:nat_proofs | |
| timeout-minutes: 30 | |
| - name: Test mathlib proofs | |
| run: bazel test //examples/mathlib_proof:nat_proofs_test | |
| timeout-minutes: 10 |