Skip to content

ci(rust): add always-on Rust Gate + clear latent clippy debt#230

Merged
systemslibrarian merged 1 commit into
mainfrom
ci/rust-gate-and-clippy-cleanup
Jul 5, 2026
Merged

ci(rust): add always-on Rust Gate + clear latent clippy debt#230
systemslibrarian merged 1 commit into
mainfrom
ci/rust-gate-and-clippy-cleanup

Conversation

@systemslibrarian

Copy link
Copy Markdown
Owner

Follow-up to the branch-protection work: makes the Rust clippy/test suite enforceable and clears the latent lint debt so it starts green.

1. New required-check-safe gate: .github/workflows/rust-gate.yml

The comprehensive Rust workflows (rust-crypto.yml, rust-security-suite.yml) are path-filtered to rust_crypto/** + crypto_core/**. Making a path-filtered check required deadlocks every non-Rust PR (the check never runs β†’ PR waits forever β€” the exact problem that kept the Rust checks out of branch protection).

This new job has no path filter, so it always runs and always reports a conclusion. It runs cargo clippy --workspace --all-targets -- -D warnings + cargo test -p crypto_core only when Rust sources changed, and passes trivially otherwise. Detection is fail-safe: if the diff can't be computed, it runs the checks rather than skipping.

Once green, I'll add Rust Gate (clippy + tests) to the required checks alongside Preflight.

2. Clear all outstanding clippy -D warnings findings

A newer clippy (1.96) flags these; CI's current clippy doesn't yet β€” fixing pre-emptively so the gate is green from day one and a future toolchain bump doesn't break it:

  • secure_alloc.rs: manual div-ceil β†’ usize::div_ceil
  • meow_fountain/wire.rs: repeat().take() β†’ repeat_n (test data)
  • crypto_core coverage test: drop redundant explicit deref
  • rust_crypto coverage test: a >= x && a <= y β†’ (x..=y).contains()

Verified locally: cargo clippy --workspace --all-targets -- -D warnings exits clean, cargo test -p crypto_core passes.

πŸ€– Generated with Claude Code

Two related changes so the Rust clippy/test suite can be safely enforced
as a required check:

1. Fix all outstanding `clippy -D warnings` findings (a newer clippy
   flags these; current CI clippy doesn't yet, so this is pre-emptive):
   - secure_alloc.rs: manual div_ceil -> `usize::div_ceil`
   - meow_fountain/wire.rs: `repeat().take()` -> `repeat_n` (test data)
   - crypto_core coverage test: drop redundant explicit deref
   - rust_crypto coverage test: `a >= x && a <= y` -> `(x..=y).contains()`

2. Add .github/workflows/rust-gate.yml β€” an always-running, no-path-filter
   job that runs `cargo clippy --workspace --all-targets -- -D warnings`
   and `cargo test -p crypto_core` when Rust sources change, and passes
   trivially otherwise. Unlike the path-filtered rust-crypto.yml /
   rust-security-suite.yml, this can be a required status check without
   deadlocking non-Rust PRs. Detection is fail-safe (runs the checks if
   the diff is inconclusive).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@systemslibrarian systemslibrarian merged commit 0c8a713 into main Jul 5, 2026
78 of 79 checks passed
@systemslibrarian systemslibrarian deleted the ci/rust-gate-and-clippy-cleanup branch July 5, 2026 13:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant