senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

ci: consolidate rust-ci + stream-ci into ci.yml Rust job
Some checks are pending
Veza CI / Backend (Go) (push) Waiting to run
Details
Veza CI / Frontend (Web) (push) Waiting to run
Details
Veza CI / Rust (Stream Server) (push) Waiting to run
Details
Veza CI / Notify on failure (push) Blocked by required conditions
Details
Security Scan / Secret Scanning (gitleaks) (push) Waiting to run
Details

Browse source 
Before this commit, every push touching veza-stream-server triggered
three parallel Rust workflows that did essentially the same work:

  - ci.yml Rust job      : build + test + clippy + fmt + audit
  - rust-ci.yml          : clippy + test + tarpaulin coverage
  - stream-ci.yml        : clippy + audit + test

With the runner at capacity=4, this meant 3 of the 4 parallel slots
burned on duplicate Rust compilation while Backend/Frontend waited.
Each Rust build is ~3-5 min warm, so the redundancy was costing
~10 min per Rust-touching push.

Consolidate into a single job in ci.yml:
  - Adds the tarpaulin coverage step + 50% threshold gate from rust-ci
  - Adds the upload-artifact step for the coverage JSON
  - Deletes rust-ci.yml and stream-ci.yml

All Rust CI now happens in ci.yml's `rust` job. The Cargo cache,
rustup cache and tool-binary cache already set up in the prior
commit keep everything warm.
This commit is contained in:
senke 2026-04-14 15:43:01 +02:00
parent ff1c044965
commit e949e2d794
3 changed files with 26 additions and 156 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

27
.github/workflows/ci.yml vendored
View file

@ -140,7 +140,7 @@ jobs:
path: |
~/.rustup
~/.cargo/bin
key: ${{ runner.os }}-rustup-stable-rustfmt-clippy
key: ${{ runner.os }}-rustup-stable-rustfmt-clippy-audit-tarpaulin
- name: Set up Rust
if: steps.rustup-cache.outputs.cache-hit != 'true'
@ -189,6 +189,31 @@ jobs:
cargo audit
working-directory: veza-stream-server
- name: Measure coverage
# cargo-tarpaulin is cached with the rustup toolchain.
run: |
command -v cargo-tarpaulin >/dev/null || cargo install cargo-tarpaulin --locked
cargo tarpaulin --out json --output-dir target/coverage --timeout 300 --skip-clean
working-directory: veza-stream-server
- name: Enforce coverage threshold (>= 50%)
run: |
COVERAGE=$(python3 -c "import sys,json; print(f'{json.load(open(\"target/coverage/tarpaulin-report.json\")).get(\"coverage\", 0):.1f}')")
echo "Rust coverage: ${COVERAGE}%"
COV_INT=$(echo "$COVERAGE" | cut -d. -f1)
if [ "$COV_INT" -lt 50 ]; then
echo "::error::Rust coverage ${COVERAGE}% is below the 50% threshold"
exit 1
fi
echo "::notice::Rust coverage ${COVERAGE}% meets the >= 50% threshold"
working-directory: veza-stream-server
- name: Upload coverage report
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
with:
name: rust-coverage
path: veza-stream-server/target/coverage/tarpaulin-report.json
# ===========================================================================
# Notify on failure
# ===========================================================================

85
.github/workflows/rust-ci.yml vendored
View file

@ -1,85 +0,0 @@
name: Rust CI
on:
push:
branches: [main]
paths:
- "veza-stream-server/**"
- ".github/workflows/rust-ci.yml"
pull_request:
branches: [main]
paths:
- "veza-stream-server/**"
- ".github/workflows/rust-ci.yml"
env:
GIT_SSL_NO_VERIFY: "true"
NODE_TLS_REJECT_UNAUTHORIZED: "0"
jobs:
test-and-lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Cache rustup toolchain
id: rustup-cache
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: |
~/.rustup
~/.cargo/bin
key: ${{ runner.os }}-rustup-stable-clippy-tarpaulin
- name: Set up Rust
if: steps.rustup-cache.outputs.cache-hit != 'true'
run: |
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain stable --component clippy
- name: Add ~/.cargo/bin to PATH
run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH
- name: Cache Cargo deps and target
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: |
~/.cargo/registry
~/.cargo/git
veza-stream-server/target
key: ${{ runner.os }}-cargo-${{ hashFiles('veza-stream-server/Cargo.lock') }}
restore-keys: |
${{ runner.os }}-cargo-
- name: Clippy lint
# NOTE: -D warnings temporarily lifted (see ci.yml Clippy step).
run: cargo clippy
working-directory: veza-stream-server
- name: Run tests
run: cargo test --workspace --timeout 300
working-directory: veza-stream-server
- name: Install cargo-tarpaulin
# Cached via rustup-cache (~/.cargo/bin). Skip rebuild on warm cache.
run: command -v cargo-tarpaulin >/dev/null || cargo install cargo-tarpaulin --locked
- name: Measure coverage
run: cargo tarpaulin --out json --output-dir target/coverage --timeout 300 --skip-clean
working-directory: veza-stream-server
- name: Enforce coverage threshold (>= 50%)
run: |
COVERAGE=$(cat target/coverage/tarpaulin-report.json | python3 -c "import sys,json; print(f'{json.load(sys.stdin).get(\"coverage\", 0):.1f}')")
echo "Rust coverage: ${COVERAGE}%"
COV_INT=$(echo "$COVERAGE" | cut -d. -f1)
if [ "$COV_INT" -lt 50 ]; then
echo "::error::Rust coverage ${COVERAGE}% is below the 50% threshold"
exit 1
fi
echo "::notice::Rust coverage ${COVERAGE}% meets the >= 50% threshold"
working-directory: veza-stream-server
- name: Upload coverage report
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
with:
name: rust-coverage
path: veza-stream-server/target/coverage/tarpaulin-report.json

70
.github/workflows/stream-ci.yml vendored
View file

@ -1,70 +0,0 @@
name: Stream Server CI
on:
push:
paths:
- "veza-stream-server/**"
- "veza-common/**"
- ".github/workflows/stream-ci.yml"
pull_request:
paths:
- "veza-stream-server/**"
- "veza-common/**"
- ".github/workflows/stream-ci.yml"
env:
GIT_SSL_NO_VERIFY: "true"
NODE_TLS_REJECT_UNAUTHORIZED: "0"
jobs:
test:
runs-on: ubuntu-latest
defaults:
run:
working-directory: veza-stream-server
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Cache rustup toolchain
id: rustup-cache
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: |
~/.rustup
~/.cargo/bin
key: ${{ runner.os }}-rustup-stable-clippy-audit
- name: Set up Rust
if: steps.rustup-cache.outputs.cache-hit != 'true'
run: |
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain stable --component clippy
- name: Add ~/.cargo/bin to PATH
run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH
- name: Cache Cargo deps and target
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: |
~/.cargo/registry
~/.cargo/git
veza-stream-server/target
key: ${{ runner.os }}-cargo-${{ hashFiles('veza-stream-server/Cargo.lock') }}
restore-keys: |
${{ runner.os }}-cargo-
- name: Lint with clippy
# NOTE: -D warnings temporarily lifted (see ci.yml Clippy step).
run: cargo clippy --all-targets
- name: Audit dependencies
# cargo-audit is cached with the rustup toolchain (~/.cargo/bin).
run: |
command -v cargo-audit >/dev/null || cargo install cargo-audit --locked
cargo audit
working-directory: veza-stream-server
- name: Run tests
run: cargo test --all