Release v0.2.1 #82
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Enhanced CI/CD Pipeline - Optimized Version | |
| # Reduced cache duplication and improved performance | |
| name: Enhanced CI/CD | |
| on: | |
| push: | |
| branches: [main, develop, feature/*] | |
| pull_request: | |
| branches: [main, develop] | |
| schedule: | |
| # Weekly on Sunday at 2 AM UTC for security scans | |
| - cron: '0 2 * * 0' | |
| # Weekly on Monday at 2 AM UTC for performance benchmarks | |
| - cron: '0 2 * * 1' | |
| workflow_dispatch: | |
| # Concurrency controls to prevent overlapping runs | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: ${{ github.event_name == 'pull_request' }} | |
| # Least privilege permissions with security focus | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| checks: write | |
| actions: read | |
| security-events: write | |
| packages: read | |
| env: | |
| CARGO_TERM_COLOR: always | |
| RUST_BACKTRACE: 1 | |
| SCCACHE_GHA_ENABLED: "true" | |
| RUSTC_WRAPPER: "sccache" | |
| CARGO_INCREMENTAL: 0 | |
| jobs: | |
| # Pre-flight checks and change detection | |
| preflight: | |
| name: Preflight Checks | |
| runs-on: ubuntu-latest | |
| outputs: | |
| cli: ${{ steps.changes.outputs.cli }} | |
| core: ${{ steps.changes.outputs.core }} | |
| output: ${{ steps.changes.outputs.output }} | |
| storage: ${{ steps.changes.outputs.storage }} | |
| ci: ${{ steps.changes.outputs.ci }} | |
| docs: ${{ steps.changes.outputs.docs }} | |
| scripts: ${{ steps.changes.outputs.scripts }} | |
| has_changes: ${{ steps.changes.outputs.has_changes }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Setup sccache | |
| uses: mozilla-actions/[email protected] | |
| - uses: dorny/paths-filter@v3 | |
| id: changes | |
| with: | |
| filters: | | |
| cli: | |
| - 'crates/cli/**' | |
| core: | |
| - 'crates/core/**' | |
| output: | |
| - 'crates/output/**' | |
| storage: | |
| - 'crates/storage/**' | |
| ci: | |
| - '.github/workflows/**' | |
| - 'Cargo.toml' | |
| - 'Cargo.lock' | |
| - 'deny.toml' | |
| docs: | |
| - 'docs/**' | |
| - 'README.md' | |
| scripts: | |
| - 'scripts/**' | |
| token: ${{ github.token }} | |
| - name: Determine if changes exist | |
| id: has_changes | |
| run: | | |
| if [[ "${{ steps.changes.outputs.cli }}" == "true" || \ | |
| "${{ steps.changes.outputs.core }}" == "true" || \ | |
| "${{ steps.changes.outputs.output }}" == "true" || \ | |
| "${{ steps.changes.outputs.storage }}" == "true" || \ | |
| "${{ steps.changes.outputs.ci }}" == "true" ]]; then | |
| echo "has_changes=true" >> $GITHUB_OUTPUT | |
| else | |
| echo "has_changes=false" >> $GITHUB_OUTPUT | |
| fi | |
| # Quality gate with auto-fix capabilities | |
| quality-gate: | |
| name: Quality Gate | |
| runs-on: ubuntu-latest | |
| needs: preflight | |
| if: needs.preflight.outputs.has_changes == 'true' | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup sccache | |
| uses: mozilla-actions/[email protected] | |
| - name: Install Rust | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| components: rustfmt, clippy | |
| - name: Setup Rust Cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cargo/registry/index/ | |
| ~/.cargo/registry/cache/ | |
| ~/.cargo/git/db/ | |
| target/ | |
| key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}-${{ github.run_id }} | |
| restore-keys: | | |
| ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}- | |
| ${{ runner.os }}-cargo- | |
| - name: Check and auto-fix formatting | |
| id: format-check | |
| run: | | |
| echo "🔧 Checking formatting..." | |
| if ! cargo fmt --all -- --check; then | |
| echo "Formatting issues found, applying fixes..." | |
| cargo fmt --all | |
| echo "needs_commit=true" >> $GITHUB_OUTPUT | |
| else | |
| echo "✅ Code formatting is correct" | |
| echo "needs_commit=false" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Run Clippy with auto-fix | |
| id: clippy-check | |
| run: | | |
| echo "🔍 Running Clippy..." | |
| if ! cargo clippy --all-targets --all-features -- -D warnings; then | |
| echo "Clippy issues found, attempting auto-fixes..." | |
| cargo clippy --all-targets --all-features --fix --allow-dirty -- -D warnings || true | |
| echo "needs_commit=true" >> $GITHUB_OUTPUT | |
| else | |
| echo "✅ No Clippy issues found" | |
| echo "needs_commit=false" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Commit auto-fixes | |
| if: steps.format-check.outputs.needs_commit == 'true' || steps.clippy-check.outputs.needs_commit == 'true' | |
| run: | | |
| git config --local user.email "[email protected]" | |
| git config --local user.name "GitHub Action" | |
| git add . | |
| git diff --staged --quiet || git commit -m "🤖 Auto-fix: formatting and clippy issues | |
| - Applied cargo fmt fixes | |
| - Applied clippy --fix suggestions | |
| Generated by GitHub Actions" | |
| - name: Push auto-fixes | |
| if: steps.format-check.outputs.needs_commit == 'true' || steps.clippy-check.outputs.needs_commit == 'true' | |
| uses: ad-m/github-push-action@master | |
| with: | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| branch: ${{ github.ref }} | |
| # Build matrix with optimized caching | |
| build: | |
| name: Build (${{ matrix.crate }}) | |
| runs-on: ubuntu-latest | |
| needs: [preflight, quality-gate] | |
| if: needs.preflight.outputs.has_changes == 'true' | |
| strategy: | |
| matrix: | |
| crate: [cli, core, output, storage] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup sccache | |
| uses: mozilla-actions/[email protected] | |
| - name: Install Rust | |
| uses: dtolnay/rust-toolchain@stable | |
| - name: Setup Rust Cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cargo/registry/index/ | |
| ~/.cargo/registry/cache/ | |
| ~/.cargo/git/db/ | |
| target/ | |
| key: ${{ runner.os }}-cargo-${{ matrix.crate }}-${{ hashFiles('**/Cargo.lock') }}-${{ github.run_id }} | |
| restore-keys: | | |
| ${{ runner.os }}-cargo-${{ matrix.crate }}-${{ hashFiles('**/Cargo.lock') }}- | |
| ${{ runner.os }}-cargo-${{ matrix.crate }}- | |
| ${{ runner.os }}-cargo- | |
| - name: Build ${{ matrix.crate }} | |
| run: cargo build --package ${{ matrix.crate == 'cli' && 'code_guardian_cli' || format('code-guardian-{0}', matrix.crate) }} --verbose | |
| - name: Run tests for ${{ matrix.crate }} | |
| run: cargo test --package ${{ matrix.crate == 'cli' && 'code_guardian_cli' || format('code-guardian-{0}', matrix.crate) }} --verbose | |
| # Performance benchmarks (reduced frequency) | |
| performance: | |
| name: Performance Benchmarks | |
| runs-on: ubuntu-latest | |
| needs: [preflight, build] | |
| if: needs.preflight.outputs.has_changes == 'true' && (github.event_name == 'schedule' || contains(github.event.head_commit.message, '[bench]')) | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup sccache | |
| uses: mozilla-actions/[email protected] | |
| - name: Install Rust | |
| uses: dtolnay/rust-toolchain@stable | |
| - name: Setup Rust Cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cargo/registry/index/ | |
| ~/.cargo/registry/cache/ | |
| ~/.cargo/git/db/ | |
| target/ | |
| key: ${{ runner.os }}-cargo-bench-${{ hashFiles('**/Cargo.lock') }}-${{ github.run_id }} | |
| restore-keys: | | |
| ${{ runner.os }}-cargo-bench-${{ hashFiles('**/Cargo.lock') }}- | |
| ${{ runner.os }}-cargo-bench- | |
| - name: Run performance benchmarks | |
| run: | | |
| cd crates/core | |
| cargo bench --bench scanner_benchmark | |
| cargo bench --bench performance_comparison | |
| - name: Upload benchmark results | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: benchmark-results | |
| path: crates/core/target/criterion/ |