fix: correct CI badge attribution to actual repo #10
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| env: | |
| CARGO_TERM_COLOR: always | |
| RUSTFLAGS: -D warnings | |
| jobs: | |
| security: | |
| name: Security Scanning | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: TruffleHog Secrets Scan | |
| uses: trufflesecurity/trufflehog@v3 | |
| with: | |
| extra_args: --only-verified | |
| - name: Build Docker Image for Scanning | |
| run: docker build -f docker/Dockerfile -t agit:scan . || true | |
| - name: Trivy Container Scan | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: "agit:scan" | |
| format: "table" | |
| exit-code: "1" | |
| severity: "CRITICAL,HIGH" | |
| continue-on-error: true | |
| rust: | |
| name: Rust (test + clippy + fmt) | |
| runs-on: ubuntu-latest | |
| needs: [security] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@stable | |
| with: | |
| components: clippy, rustfmt | |
| - uses: Swatinem/rust-cache@v2 | |
| - name: Check formatting | |
| run: cargo fmt --check | |
| - name: Clippy | |
| run: cargo clippy --all-targets -- -D warnings | |
| - name: Test | |
| run: cargo test --workspace | |
| - name: Test with observability feature | |
| run: cargo test -p agit-core --features observability | |
| python: | |
| name: Python (test + lint) | |
| runs-on: ubuntu-latest | |
| needs: [security, rust] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@stable | |
| - uses: Swatinem/rust-cache@v2 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.12" | |
| - name: Install build tools | |
| run: pip install maturin hatch | |
| - name: Build native extension | |
| run: cd crates/agit-python && maturin develop | |
| id: native_build | |
| - name: Install Python package | |
| run: pip install -e ".[dev]" | |
| - name: Ruff check | |
| run: ruff check python/ tests/ | |
| - name: Mypy | |
| run: mypy python/agit/ --ignore-missing-imports | |
| - name: Contract checks | |
| run: python scripts/check_contracts.py | |
| - name: Pytest | |
| run: pytest tests/ -v --tb=short | |
| typescript: | |
| name: TypeScript (build + test) | |
| runs-on: ubuntu-latest | |
| needs: [security, rust] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@stable | |
| - uses: Swatinem/rust-cache@v2 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: "20" | |
| - name: Build native addon | |
| working-directory: crates/agit-node | |
| run: | | |
| npm install | |
| npm run build | |
| id: native_addon | |
| - name: Install TS SDK deps | |
| run: cd ts-sdk && npm install | |
| - name: TypeScript build | |
| run: cd ts-sdk && npx tsc --skipLibCheck | |
| - name: Test | |
| run: cd ts-sdk && npm test |