azcomputerguru/guru-connect
1
0
Fork 0
Code Issues 4 Pull Requests Actions Packages Projects Releases 2 Wiki Activity

ci: enforce clippy -D warnings and cargo audit as hard gates
All checks were successful
Build and Test / Build Agent (Windows) (push) Successful in 12m18s
Details
Build and Test / Build Server (Linux) (push) Successful in 14m11s
Details
Build and Test / Security Audit (push) Successful in 5m32s
Details
Build and Test / Build Summary (push) Successful in 9s
Details

Browse Source 
Flip both CI gates from informational to hard-fail (SPEC-001 quality gates):
- clippy: `-- -D warnings` on the server crate. Cleared the debt via clippy --fix
  (unused imports/style), targeted #[allow(dead_code)] on native-remote-control
  future API, and #[allow(clippy::too_many_arguments)] on 3 protocol-mirroring fns.
- cargo audit: hard-fail with documented per-ID --ignore flags (rsa RUSTSEC-2023-0071
  unfixable/unreachable in active tree; gtk-rs + glib Linux-only tray backend not
  compiled into the Windows agent; proc-macro-error build-time). New advisories fail.
- Move [profile.release] to the workspace root (it was silently ignored in the server
  member), activating lto/codegen-units/strip.

No behavioral changes. Reviewed and gates verified passing on the build host.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
Mike Swanson
2026-05-30 00:18:50 +00:00
parent 6e7e7c0ccb
commit ccc6ba9c02
21 changed files with 92 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
.gitea/workflows/build-and-test.yml
View File

@@ -57,11 +57,10 @@ jobs:
- name: Check formatting
run: cd server && cargo fmt --all -- --check
# Informational (warn-only) for now. The pre-spec codebase has ~65 lint warnings,
# mostly dead-code for API the integration spec (native-remote-control) will wire.
# Re-tighten to `-- -D warnings` during the GC re-spec once that API is in use.
- name: Run Clippy (informational)
run: cd server && cargo clippy --all-targets --all-features
# Hard gate: clippy must pass with zero warnings (-D warnings). Dead-code that is
# future API surface for native-remote-control carries targeted #[allow(dead_code)].
- name: Run Clippy
run: cd server && cargo clippy --all-targets --all-features -- -D warnings
- name: Build server
run: |
@@ -143,12 +142,18 @@ jobs:
- name: Install cargo-audit
run: cargo install cargo-audit
# Informational (warn-only) for now, like clippy. GuruConnect is a single Cargo workspace,
# so one `cargo audit` at the root covers all members (agent + server) via the shared
# Cargo.lock. The pre-spec dependency tree has known advisories; re-tighten to a hard gate
# during the GC re-spec after a dependency refresh.
- name: Run security audit (informational)
run: cargo audit || echo "[WARNING] cargo audit reported advisories (informational; address in GC re-spec)"
# Hard gate: cargo audit must pass. GuruConnect is a single Cargo workspace, so one
# `cargo audit` at the root covers all members (agent + server) via the shared Cargo.lock.
# The advisories below are explicitly ignored with documented justifications; any NEW
# advisory fails the build.
# RUSTSEC-2023-0071 (rsa) ............. no fixed upgrade; optional/unreachable in active tree
# RUSTSEC-2024-0413/-0416/-0412/-0418/
# -0415/-0420/-0419 (gtk-rs GTK3) ..... Linux-only tray-icon backend, not compiled into shipping Windows agent
# RUSTSEC-2024-0429 (glib) ............ Linux-only tray-icon backend, not compiled into shipping Windows agent
# RUSTSEC-2024-0370 (proc-macro-error) build-time proc-macro dependency, no runtime impact
- name: Run security audit
run: |
cargo audit --ignore RUSTSEC-2023-0071 --ignore RUSTSEC-2024-0413 --ignore RUSTSEC-2024-0416 --ignore RUSTSEC-2024-0412 --ignore RUSTSEC-2024-0418 --ignore RUSTSEC-2024-0415 --ignore RUSTSEC-2024-0420 --ignore RUSTSEC-2024-0419 --ignore RUSTSEC-2024-0429 --ignore RUSTSEC-2024-0370
build-summary:
name: Build Summary