Skip to content

Pull Request Pipeline #5

Pull Request Pipeline

Pull Request Pipeline #5

Workflow file for this run

name: Pull Request Pipeline
on:
pull_request:
branches: [ main ]
types: [ opened, synchronize, reopened, ready_for_review ]
workflow_dispatch:
inputs:
run_tests:
description: 'Run all tests'
required: true
default: true
type: boolean
run_security:
description: 'Run security checks'
required: true
default: true
type: boolean
run_validation:
description: 'Run Rhema validation'
required: true
default: true
type: boolean
env:
CARGO_TERM_COLOR: always
RUST_BACKTRACE: 1
RUST_LOG: info
# Local execution variables
ACT_LOCAL: ${{ vars.ACT_LOCAL || 'false' }}
SKIP_CODECOV: ${{ vars.SKIP_CODECOV || 'false' }}
SKIP_SECURITY_SCAN: ${{ vars.SKIP_SECURITY_SCAN || 'false' }}
jobs:
setup:
uses: ./.github/workflows/setup.yml
with:
rust-version: '1.88'
rust-components: 'rustfmt,clippy'
fetch-depth: '0'
test:
name: Test Suite
runs-on: ubuntu-latest
needs: setup
strategy:
matrix:
rust: [1.88]
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Setup pnpm
uses: pnpm/action-setup@v4
with:
version: 10.14.0
- name: Setup Node.js
uses: actions/setup-node@v4
with:
cache: 'pnpm'
cache-dependency-path: pnpm-lock.yaml
- name: Install dependencies
run: pnpm install --frozen-lockfile
- name: Install Rust ${{ matrix.rust }}
uses: dtolnay/rust-toolchain@stable
with:
toolchain: ${{ matrix.rust }}
components: rustfmt, clippy
- name: Cache dependencies
uses: actions/cache@v4
with:
path: |
~/.cargo/registry
~/.cargo/git
target
.nx/cache
key: ${{ runner.os }}-cargo-${{ matrix.rust }}-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
${{ runner.os }}-cargo-${{ matrix.rust }}-
- name: Install system dependencies
run: |
if [ "$ACT_LOCAL" = "true" ]; then
echo "Running in local mode, skipping system dependencies"
else
sudo apt-get update
sudo apt-get install -y git curl build-essential
fi
- name: Check formatting
run: npx nx run-many --target=fmt:check --projects=rhema-*
- name: Run clippy
run: npx nx run-many --target=clippy --projects=rhema-*
- name: Run unit tests
run: npx nx run-many --target=test --projects=rhema-*
- name: Run integration tests
env:
RHEMA_RUN_INTEGRATION_TESTS: 1
run: cargo test --test integration --verbose
- name: Run comprehensive test suite
env:
RHEMA_RUN_INTEGRATION_TESTS: 1
run: cargo test --test comprehensive_test_suite --verbose
- name: Build release
run: npx nx run-many --target=build:release --projects=rhema-*
- name: Upload artifacts
uses: actions/upload-artifact@v4
with:
name: rhema-${{ matrix.rust }}
path: target/release/rhema
retention-days: 7
validation:
name: Rhema Validation
runs-on: ubuntu-latest
needs: [setup, test]
if: ${{ github.event_name == 'pull_request' || github.event.inputs.run_validation == 'true' }}
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup pnpm
uses: pnpm/action-setup@v4
with:
version: 10.14.0
- name: Setup Node.js
uses: actions/setup-node@v4
with:
cache: 'pnpm'
cache-dependency-path: pnpm-lock.yaml
- name: Install dependencies
run: pnpm install --frozen-lockfile
- name: Install Rust stable
uses: dtolnay/rust-toolchain@stable
with:
toolchain: stable
- name: Cache dependencies
uses: actions/cache@v4
with:
path: |
~/.cargo/registry
~/.cargo/git
target
.nx/cache
key: ${{ runner.os }}-cargo-stable-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
${{ runner.os }}-cargo-stable-
- name: Build Rhema CLI
run: npx nx run rhema-app:build:release
- name: Install Rhema CLI
run: cargo install --path crates/rhema
- name: Validate Rhema files
run: rhema validate --recursive
- name: Check Rhema health
run: rhema health
- name: List Rhema scopes
run: rhema scopes
- name: Validate schemas
run: rhema schema validate
security:
name: Security Audit
runs-on: ubuntu-latest
needs: setup
if: ${{ github.event_name == 'pull_request' || github.event.inputs.run_security == 'true' }}
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Setup pnpm
uses: pnpm/action-setup@v4
with:
version: 10.14.0
- name: Setup Node.js
uses: actions/setup-node@v4
with:
cache: 'pnpm'
cache-dependency-path: pnpm-lock.yaml
- name: Install dependencies
run: pnpm install --frozen-lockfile
- name: Install Rust stable
uses: dtolnay/rust-toolchain@stable
with:
toolchain: stable
- name: Cache dependencies
uses: actions/cache@v4
with:
path: |
~/.cargo/registry
~/.cargo/git
target
.nx/cache
key: ${{ runner.os }}-cargo-stable-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
${{ runner.os }}-cargo-stable-
- name: Run security audit
run: cargo audit
- name: Check for secrets
if: ${{ env.SKIP_SECURITY_SCAN != 'true' }}
uses: trufflesecurity/trufflehog@main
with:
path: .
base: ${{ github.event.before || 'HEAD~1' }}
head: ${{ github.sha }}
- name: Run cargo-audit with advisory database
run: |
cargo install cargo-audit
cargo audit --db-path ~/.cargo/advisory-db
code-quality:
name: Code Quality
runs-on: ubuntu-latest
needs: setup
if: ${{ github.event_name == 'pull_request' || github.event.inputs.run_tests == 'true' }}
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup pnpm
uses: pnpm/action-setup@v4
with:
version: 10.14.0
- name: Setup Node.js
uses: actions/setup-node@v4
with:
cache: 'pnpm'
cache-dependency-path: pnpm-lock.yaml
- name: Install dependencies
run: pnpm install --frozen-lockfile
- name: Install Rust stable
uses: dtolnay/rust-toolchain@stable
with:
toolchain: stable
- name: Cache dependencies
uses: actions/cache@v4
with:
path: |
~/.cargo/registry
~/.cargo/git
target
.nx/cache
key: ${{ runner.os }}-cargo-stable-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
${{ runner.os }}-cargo-stable-
- name: Install cargo-tarpaulin
run: cargo install cargo-tarpaulin
- name: Generate coverage report
run: cargo tarpaulin --out Html --out Xml --ignore-tests
- name: Upload coverage artifact
uses: actions/upload-artifact@v4
with:
name: coverage-report
path: target/tarpaulin/tarpaulin-report.html
retention-days: 30
- name: Upload coverage to Codecov (optional)
if: ${{ env.SKIP_CODECOV != 'true' }}
uses: codecov/codecov-action@v4
with:
file: ./target/tarpaulin/tarpaulin-report.xml
flags: unittests
name: codecov-umbrella
fail_ci_if_error: false
performance:
name: Performance Tests
runs-on: ubuntu-latest
needs: setup
if: ${{ github.event_name == 'pull_request' || github.event.inputs.run_tests == 'true' }}
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup pnpm
uses: pnpm/action-setup@v4
with:
version: 10.14.0
- name: Setup Node.js
uses: actions/setup-node@v4
with:
cache: 'pnpm'
cache-dependency-path: pnpm-lock.yaml
- name: Install dependencies
run: pnpm install --frozen-lockfile
- name: Install Rust stable
uses: dtolnay/rust-toolchain@stable
with:
toolchain: stable
- name: Cache dependencies
uses: actions/cache@v4
with:
path: |
~/.cargo/registry
~/.cargo/git
target
.nx/cache
key: ${{ runner.os }}-cargo-stable-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
${{ runner.os }}-cargo-stable-
- name: Run performance tests
run: cargo test --test performance --verbose
- name: Run benchmarks
run: cargo bench --no-run
shell-tests:
name: Shell End-to-End Tests
runs-on: ubuntu-latest
needs: setup
if: ${{ github.event_name == 'pull_request' || github.event.inputs.run_tests == 'true' }}
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup pnpm
uses: pnpm/action-setup@v4
with:
version: 10.14.0
- name: Setup Node.js
uses: actions/setup-node@v4
with:
cache: 'pnpm'
cache-dependency-path: pnpm-lock.yaml
- name: Install dependencies
run: pnpm install --frozen-lockfile
- name: Install Rust stable
uses: dtolnay/rust-toolchain@stable
with:
toolchain: stable
- name: Cache dependencies
uses: actions/cache@v4
with:
path: |
~/.cargo/registry
~/.cargo/git
target
.nx/cache
key: ${{ runner.os }}-cargo-stable-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
${{ runner.os }}-cargo-stable-
- name: Build Rhema CLI
run: npx nx run rhema-app:build:release
- name: Run shell tests
run: |
cd tests/shell
chmod +x *.sh
./run-tests.sh
summary:
name: Pipeline Summary
runs-on: ubuntu-latest
needs: [test, validation, security, code-quality, performance, shell-tests]
if: always()
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Generate summary
run: |
echo "## Pull Request Pipeline Summary" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "### Jobs Status:" >> $GITHUB_STEP_SUMMARY
echo "- Test Suite: ${{ needs.test.result }}" >> $GITHUB_STEP_SUMMARY
echo "- Validation: ${{ needs.validation.result }}" >> $GITHUB_STEP_SUMMARY
echo "- Security: ${{ needs.security.result }}" >> $GITHUB_STEP_SUMMARY
echo "- Code Quality: ${{ needs.code-quality.result }}" >> $GITHUB_STEP_SUMMARY
echo "- Performance: ${{ needs.performance.result }}" >> $GITHUB_STEP_SUMMARY
echo "- Shell Tests: ${{ needs.shell-tests.result }}" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
if [[ "${{ needs.test.result }}" == "success" && "${{ needs.validation.result }}" == "success" && "${{ needs.security.result }}" == "success" ]]; then
echo "✅ All critical checks passed!" >> $GITHUB_STEP_SUMMARY
else
echo "❌ Some checks failed. Please review the logs above." >> $GITHUB_STEP_SUMMARY
fi