ci(rust): drop tarpaulin coverage step (ASLR ptrace not available)
Some checks failed
Security Scan / Secret Scanning (gitleaks) (push) Successful in 3m19s
Veza CI / Rust (Stream Server) (push) Successful in 17m52s
Veza CI / Backend (Go) (push) Failing after 21m43s
Veza CI / Frontend (Web) (push) Successful in 28m24s
Veza CI / Notify on failure (push) Successful in 15s
Some checks failed
Security Scan / Secret Scanning (gitleaks) (push) Successful in 3m19s
Veza CI / Rust (Stream Server) (push) Successful in 17m52s
Veza CI / Backend (Go) (push) Failing after 21m43s
Veza CI / Frontend (Web) (push) Successful in 28m24s
Veza CI / Notify on failure (push) Successful in 15s
Run #69 task 146 failed with: ERROR cargo_tarpaulin: Failed to run tests: ASLR disable failed: EPERM: Operation not permitted cargo-tarpaulin relies on ptrace to disable ASLR for code-coverage instrumentation, but the Docker container the Forgejo act runner spawns for each job doesn't carry CAP_SYS_PTRACE. Two fixes possible: 1. Set `container.privileged: true` in /root/.runner.yaml to grant ptrace (wide capability, affects all jobs) 2. Switch to `cargo llvm-cov` which uses source-based coverage instead of runtime instrumentation Neither is the scope of "unblock CI today". Drop the coverage step and its threshold gate from ci.yml. Coverage can run in a dedicated nightly job once we pick option 1 or 2. Saves ~7 min per Rust-touching run on cold cache (5 min tarpaulin install + 2 min run attempt).
This commit is contained in:
senke
parent
45662aad1a
commit
ec08b638d2
1 changed files with 9 additions and 24 deletions
33
.github/workflows/ci.yml
vendored
33
.github/workflows/ci.yml
vendored
|
|
@ -189,30 +189,15 @@ jobs:
|
|||
cargo audit
|
||||
working-directory: veza-stream-server
|
||||
|
||||
- name: Measure coverage
|
||||
# cargo-tarpaulin is cached with the rustup toolchain.
|
||||
run: |
|
||||
command -v cargo-tarpaulin >/dev/null || cargo install cargo-tarpaulin --locked
|
||||
cargo tarpaulin --out json --output-dir target/coverage --timeout 300 --skip-clean
|
||||
working-directory: veza-stream-server
|
||||
|
||||
- name: Enforce coverage threshold (>= 50%)
|
||||
run: |
|
||||
COVERAGE=$(python3 -c "import sys,json; print(f'{json.load(open(\"target/coverage/tarpaulin-report.json\")).get(\"coverage\", 0):.1f}')")
|
||||
echo "Rust coverage: ${COVERAGE}%"
|
||||
COV_INT=$(echo "$COVERAGE" | cut -d. -f1)
|
||||
if [ "$COV_INT" -lt 50 ]; then
|
||||
echo "::error::Rust coverage ${COVERAGE}% is below the 50% threshold"
|
||||
exit 1
|
||||
fi
|
||||
echo "::notice::Rust coverage ${COVERAGE}% meets the >= 50% threshold"
|
||||
working-directory: veza-stream-server
|
||||
|
||||
- name: Upload coverage report
|
||||
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
|
||||
with:
|
||||
name: rust-coverage
|
||||
path: veza-stream-server/target/coverage/tarpaulin-report.json
|
||||
# Rust coverage via cargo-tarpaulin is disabled in ci.yml because
|
||||
# tarpaulin needs CAP_SYS_PTRACE to disable ASLR, which the Docker
|
||||
# container running the Forgejo act runner doesn't grant:
|
||||
# "ERROR cargo_tarpaulin: Failed to run tests:
|
||||
# ASLR disable failed: EPERM: Operation not permitted"
|
||||
# Either (a) add `privileged: true` to the runner's container
|
||||
# config to grant ptrace, or (b) switch to `cargo llvm-cov`
|
||||
# which uses source-based coverage and doesn't need ptrace.
|
||||
# Until then, run coverage locally or in a dedicated nightly job.
|
||||
|
||||
# ===========================================================================
|
||||
# Notify on failure
|
||||
|
|
|
|||
Loading…
Reference in a new issue