This directory contains the CI/CD pipeline configuration for the OPNsense Config Faker project.
The main CI pipeline runs on all pushes and pull requests to main and develop branches. It includes:
-
Semantic PR Title Check (
semantic-pr)- Validates that PR titles follow Conventional Commits specification
- Supported types:
feat,fix,docs,style,refactor,perf,test,build,ci,chore - Only runs on pull requests
-
Lint (
lint)- Checks code formatting with
cargo fmt --all -- --check - Runs Clippy linter with
cargo clippy --all-targets --all-features -- -D warnings - Uses strict linting settings to enforce code quality
- Checks code formatting with
-
Test and Coverage (
test-and-coverage)- Runs all tests with coverage collection using
cargo-llvm-cov - Enforces minimum 80% code coverage with
--fail-under-lines 80 - Generates both LCOV and HTML coverage reports
- Uploads coverage artifacts for 30 days
- Optionally uploads coverage to Codecov (requires
CODECOV_TOKENsecret)
- Runs all tests with coverage collection using
-
Benchmarks (
benches)- Runs performance benchmarks using Criterion
- Compares benchmark results against base branch for PRs
- Tracks benchmark performance over time on main/develop branches
- Uploads HTML benchmark reports as artifacts
- Comments on PRs with benchmark results and artifact links
CARGO_TERM_COLOR=never: Disables colored output for consistent CI logsTERM=dumb: Ensures terminal compatibility in CI environment
Each job uses optimized Rust caching with Swatinem/rust-cache@v2 to speed up builds:
- Separate cache keys for different job types (
lint-,test-,bench-) - Caches Cargo registry, Git dependencies, and build artifacts
- Automatically handles cache invalidation based on
Cargo.tomlchanges
- All files are owned by
@UncleSp1d3r - Configured to prefer CodeRabbit over GitHub Copilot for code reviews
- Covers source code, tests, CI/CD files, and documentation
- Automatically updates Rust dependencies weekly (Mondays at 06:00)
- Also updates GitHub Actions weekly
- Creates PRs with conventional commit messages
- Assigns PRs to
@UncleSp1d3rfor review - Limits concurrent PRs to prevent notification spam
The CI pipeline generates several useful artifacts:
-
Coverage Reports (30-day retention):
lcov-report: LCOV coverage datahtml-coverage-report: Human-readable HTML coverage report
-
Benchmark Reports (30-day retention):
criterion-html-reports-{sha}: Detailed Criterion benchmark reports- Access via Actions tab → Select workflow run → Download artifacts
To enable all features, configure these repository secrets:
CODECOV_TOKEN: Optional token for Codecov integrationGITHUB_TOKEN: Automatically provided by GitHub Actions
- The pipeline runs automatically on pushes and PRs
- Coverage must be ≥80% or the build fails
- Clippy warnings are treated as errors (
-D warnings) - All formatting must pass
cargo fmtchecks - PR titles must follow conventional commits format
- Benchmark results are tracked over time
- PRs show performance comparisons against the base branch
- Significant performance regressions (>150%) trigger alerts
- HTML reports provide detailed performance analysis
For optimal CodeRabbit integration:
-
Branch Protection Rules:
- Require status checks to pass before merging
- Require up-to-date branches before merging
- Include administrators in restrictions
-
Code Review Settings:
- Disable GitHub Copilot auto-reviews if configured
- Enable CodeRabbit integration via marketplace
-
Notifications:
- Configure appropriate notification settings for CI failures
- Set up Slack/email integration if needed
- Coverage Below 80%: Add more tests or exclude non-testable code with
#[cfg(not(test))] - Clippy Failures: Fix warnings or use
#[allow(clippy::lint_name)]for justified cases - Format Failures: Run
cargo fmtlocally before pushing - Benchmark Failures: Check for significant performance regressions
Before pushing, run these commands locally:
# Check formatting
cargo fmt --all -- --check
# Run linting
cargo clippy --all-targets --all-features -- -D warnings
# Run tests with coverage
cargo llvm-cov --all-features --workspace --lcov --fail-under-lines 80
# Run benchmarks
cargo bench