ci(rust): add always-on Rust Gate + clear latent clippy debt#230
Merged
Conversation
Two related changes so the Rust clippy/test suite can be safely enforced as a required check: 1. Fix all outstanding `clippy -D warnings` findings (a newer clippy flags these; current CI clippy doesn't yet, so this is pre-emptive): - secure_alloc.rs: manual div_ceil -> `usize::div_ceil` - meow_fountain/wire.rs: `repeat().take()` -> `repeat_n` (test data) - crypto_core coverage test: drop redundant explicit deref - rust_crypto coverage test: `a >= x && a <= y` -> `(x..=y).contains()` 2. Add .github/workflows/rust-gate.yml β an always-running, no-path-filter job that runs `cargo clippy --workspace --all-targets -- -D warnings` and `cargo test -p crypto_core` when Rust sources change, and passes trivially otherwise. Unlike the path-filtered rust-crypto.yml / rust-security-suite.yml, this can be a required status check without deadlocking non-Rust PRs. Detection is fail-safe (runs the checks if the diff is inconclusive). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Follow-up to the branch-protection work: makes the Rust clippy/test suite enforceable and clears the latent lint debt so it starts green.
1. New required-check-safe gate:
.github/workflows/rust-gate.ymlThe comprehensive Rust workflows (
rust-crypto.yml,rust-security-suite.yml) are path-filtered torust_crypto/**+crypto_core/**. Making a path-filtered check required deadlocks every non-Rust PR (the check never runs β PR waits forever β the exact problem that kept the Rust checks out of branch protection).This new job has no path filter, so it always runs and always reports a conclusion. It runs
cargo clippy --workspace --all-targets -- -D warnings+cargo test -p crypto_coreonly when Rust sources changed, and passes trivially otherwise. Detection is fail-safe: if the diff can't be computed, it runs the checks rather than skipping.Once green, I'll add
Rust Gate (clippy + tests)to the required checks alongsidePreflight.2. Clear all outstanding
clippy -D warningsfindingsA newer clippy (1.96) flags these; CI's current clippy doesn't yet β fixing pre-emptively so the gate is green from day one and a future toolchain bump doesn't break it:
secure_alloc.rs: manual div-ceil βusize::div_ceilmeow_fountain/wire.rs:repeat().take()βrepeat_n(test data)a >= x && a <= yβ(x..=y).contains()Verified locally:
cargo clippy --workspace --all-targets -- -D warningsexits clean,cargo test -p crypto_corepasses.π€ Generated with Claude Code