repo: enable Miri for Rust

[arkjedrz]

• Disable flaky test.
• Add pipeline with Miri.

Resolved #89

[github-actions]

License Check Results

🚀 The license check job ran with the Bazel command:

bazel run //:license-check

Status: ⚠️ Needs Review

Click to expand output

[License Check Output]
Extracting Bazel installation...
Starting local Bazel server (8.4.2) and connecting to it...
INFO: Invocation ID: 9b0c0d5c-d1f4-41b0-b912-dad4a0b29307
Computing main repo mapping: 
Computing main repo mapping: 
Computing main repo mapping: 
Computing main repo mapping: 
WARNING: For repository 'score_rust_policies', the root module requires module version score_rust_policies@0.0.3, but got score_rust_policies@0.0.5 in the resolved dependency graph. Please update the version in your MODULE.bazel or set --check_direct_dependencies=off
Loading: 
Loading: 0 packages loaded
Loading: 0 packages loaded
Loading: 0 packages loaded
    currently loading: 
Loading: 0 packages loaded
    currently loading: 
Loading: 0 packages loaded
    currently loading: 
Loading: 0 packages loaded
    currently loading: 
Analyzing: target //:license-check (1 packages loaded, 0 targets configured)
Analyzing: target //:license-check (1 packages loaded, 0 targets configured)

Analyzing: target //:license-check (47 packages loaded, 9 targets configured)

Analyzing: target //:license-check (89 packages loaded, 9 targets configured)

Analyzing: target //:license-check (145 packages loaded, 1239 targets configured)

Analyzing: target //:license-check (153 packages loaded, 4417 targets configured)

Analyzing: target //:license-check (157 packages loaded, 7184 targets configured)

Analyzing: target //:license-check (165 packages loaded, 7901 targets configured)

Analyzing: target //:license-check (165 packages loaded, 7901 targets configured)

Analyzing: target //:license-check (165 packages loaded, 7901 targets configured)

Analyzing: target //:license-check (165 packages loaded, 7901 targets configured)

Analyzing: target //:license-check (169 packages loaded, 9913 targets configured)

INFO: Analyzed target //:license-check (170 packages loaded, 10039 targets configured).
[11 / 16] [Prepa] JavaToolchainCompileClasses external/rules_java+/toolchains/platformclasspath_classes ... (2 actions, 1 running)
[13 / 16] JavaToolchainCompileClasses external/rules_java+/toolchains/platformclasspath_classes; 0s disk-cache, processwrapper-sandbox
[14 / 16] JavaToolchainCompileBootClasspath external/rules_java+/toolchains/platformclasspath.jar; 0s disk-cache, processwrapper-sandbox
INFO: Found 1 target...
Target //:license.check.license_check up-to-date:
  bazel-bin/license.check.license_check
  bazel-bin/license.check.license_check.jar
INFO: Elapsed time: 27.258s, Critical Path: 2.83s
INFO: 16 processes: 12 internal, 3 processwrapper-sandbox, 1 worker.
INFO: Build completed successfully, 16 total actions
INFO: Running command line: bazel-bin/license.check.license_check ./formatted.txt <args omitted>
usage: org.eclipse.dash.licenses.cli.Main [-batch <int>] [-cd <url>]
       [-confidence <int>] [-ef <url>] [-excludeSources <sources>] [-help] [-lic
       <url>] [-project <shortname>] [-repo <url>] [-review] [-summary <file>]
       [-timeout <seconds>] [-token <token>]

[github-actions]

The created documentation from the pull request is available at: docu-html

[pawelrutkaq]

Fine until @dcalavrezo-qorix finishes miri integration for bazel.

[Copilot]

Pull request overview

This PR enables running Rust tests under Miri in CI to catch undefined behavior early, while skipping a known-flaky test when executed under Miri (resolving #89).

Changes:

• Mark unique_thread_runner_monitoring_works as ignored when running under Miri.
• Add a new GitHub Actions workflow to run cargo miri test on pull requests.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.

File	Description
src/health_monitoring_lib/rust/worker.rs	Ignores one flaky test specifically under Miri.
.github/workflows/miri.yml	Adds a PR CI job that installs Miri and runs cargo miri test.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

[Copilot]

GITHUB_TOKEN is being exported as a job-wide environment variable, but this workflow doesn’t appear to use it directly. Consider removing it (or scoping it to the one step that needs it) to reduce unnecessary secret exposure in the runner environment.

Suggested change

	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

[Copilot]

The toolchain version is pinned twice (in dtolnay/rust-toolchain and in cargo +nightly-...). This duplication can drift over time; prefer relying on the installed toolchain (i.e., run cargo miri test without +...) or define the toolchain once (e.g., via an env var) and reuse it.

Suggested change

	cargo +nightly-2025-12-15 miri test --features stub_supervisor_api_client --no-default-features
	cargo miri test --features stub_supervisor_api_client --no-default-features

[Copilot]

-Zmiri-disable-isolation disables Miri’s isolation sandbox, which reduces the usefulness of CI Miri runs and broadens what tests can do on the runner. If it’s not strictly required, drop it; if it is required, add a brief note explaining what operation needs it so the flag doesn’t become a permanent blanket exception.

Suggested change

	runs-on: ubuntu-latest
	env:
	MIRIFLAGS: "-Zmiri-ignore-leaks -Zmiri-disable-isolation"
	runs-on: ubuntu-lest
	env:
	MIRIFLAGS: "-Zmiri-ignore-leaks"

[Copilot]

The comment explains the test is flaky under Miri, but it doesn’t capture the failure mode or link to a tracking issue. Adding a short reason (e.g., timing/thread scheduling sensitivity) and/or an issue reference will make it clearer when it’s safe to re-enable the test for Miri.

Suggested change

	// Test is flaky for Miri.
	// Test is flaky under Miri due to timing and thread-scheduling sensitivity
	// in this sleep-based background thread check.