refactor(builtins): port tee/mktemp/realpath/stat/od to codegen args #3088
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| workflow_call: | |
| permissions: | |
| contents: read | |
| checks: write | |
| env: | |
| CARGO_TERM_COLOR: always | |
| RUST_BACKTRACE: 1 | |
| jobs: | |
| lint: | |
| name: Lint | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Install Rust toolchain | |
| uses: dtolnay/rust-toolchain@1.95.0 | |
| with: | |
| components: rustfmt, clippy | |
| - uses: Swatinem/rust-cache@v2 | |
| - name: Check formatting | |
| run: cargo fmt --all -- --check | |
| - name: Run clippy | |
| run: cargo clippy --all-targets --all-features -- -D warnings | |
| - name: Build documentation | |
| run: cargo doc --no-deps --all-features | |
| env: | |
| RUSTDOCFLAGS: "-D warnings" | |
| audit: | |
| name: Audit | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Install Rust toolchain | |
| uses: dtolnay/rust-toolchain@1.95.0 | |
| - name: Security audit (cargo-audit) | |
| uses: rustsec/audit-check@v2.0.0 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| ignore: RUSTSEC-2023-0071 | |
| - name: License check (cargo-deny) | |
| uses: EmbarkStudios/cargo-deny-action@v2 | |
| with: | |
| command: check licenses sources | |
| - name: Install cargo-vet | |
| uses: taiki-e/install-action@v2 | |
| with: | |
| tool: cargo-vet | |
| - name: Supply chain audit (cargo-vet) | |
| run: cargo vet --locked | |
| test: | |
| name: Test | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Install Rust toolchain | |
| uses: dtolnay/rust-toolchain@1.95.0 | |
| - uses: Swatinem/rust-cache@v2 | |
| # Pre-installed on `ubuntu-latest` images, but make the dependency | |
| # explicit so a future runner image change can't silently turn the | |
| # `sqlite_differential_tests` suite into a no-op (it skips when | |
| # `sqlite3` isn't on PATH). | |
| - name: Install host sqlite3 for differential tests | |
| run: | | |
| which sqlite3 || sudo apt-get update && sudo apt-get install -y sqlite3 | |
| sqlite3 --version | |
| # Install the uutils multicall binary for | |
| # `coreutils_differential_tests`. The harness gracefully skips when | |
| # the binary is unavailable, so `continue-on-error` keeps the | |
| # regular Test job green when the upstream install action has a | |
| # bad day — the drift workflow (`coreutils-args-drift.yml`) is the | |
| # authoritative body-drift gate, building uutils from the pinned | |
| # tree before running the harness. | |
| - name: Install uutils coreutils multicall for differential tests | |
| id: install_uutils | |
| continue-on-error: true | |
| uses: taiki-e/install-action@v2 | |
| with: | |
| tool: coreutils | |
| - name: Verify uutils on PATH | |
| if: steps.install_uutils.outcome == 'success' | |
| run: coreutils --version | |
| # Examples have a dedicated job below; skipping them here avoids | |
| # duplicated example links that can exhaust runner disk on main. | |
| - name: Run tests | |
| run: cargo test --workspace --lib --bins --tests --features http_client,ssh,sqlite | |
| - name: Run strict bash parity tests | |
| run: cargo test -p bashkit --test spec_tests --features http_client,ssh -- bash_comparison_tests --ignored | |
| - name: Run doc tests | |
| run: cargo test --workspace --doc --features http_client,ssh,sqlite | |
| - name: Run realfs tests | |
| run: cargo test --features realfs -p bashkit --test realfs_tests -p bashkit-cli | |
| - name: Run fail-point tests (single-threaded) | |
| run: cargo test --features failpoints --test security_failpoint_tests -- --test-threads=1 | |
| - name: Run property-based security tests (proptest) | |
| run: cargo test --test proptest_security -- --test-threads=1 | |
| env: | |
| PROPTEST_CASES: 50 | |
| examples: | |
| name: Examples | |
| runs-on: ubuntu-latest | |
| env: | |
| DOPPLER_TOKEN: ${{ secrets.DOPPLER_TOKEN }} | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Install Rust toolchain | |
| uses: dtolnay/rust-toolchain@1.95.0 | |
| - uses: Swatinem/rust-cache@v2 | |
| - name: Build examples | |
| run: cargo build --examples --features "git,http_client,ssh,sqlite" | |
| - name: Run examples | |
| run: | | |
| cargo run --example basic | |
| cargo run --example custom_fs | |
| cargo run --example clap_builtin | |
| cargo run --example clap_builtin_subcommands | |
| cargo run --example resource_limits | |
| cargo run --example text_processing | |
| cargo run --example live_mounts | |
| cargo run --example git_workflow --features git | |
| cargo run --example python_external_functions --features python | |
| cargo run --example typescript_external_functions --features typescript | |
| cargo run --example realfs_readonly --features realfs | |
| cargo run --example realfs_readwrite --features realfs | |
| cargo run --example sqlite_basic --features sqlite | |
| cargo run --example sqlite_workflow --features sqlite | |
| # SSH tests | |
| - name: Run ssh builtin tests (mock handler) | |
| run: cargo test --features ssh -p bashkit --test ssh_builtin_tests | |
| - name: Run ssh supabase.sh example and tests | |
| run: | | |
| cargo run --example ssh_supabase --features ssh | |
| cargo test --features ssh -p bashkit --test ssh_supabase_tests | |
| - name: Run realfs bash example | |
| run: | | |
| cargo build -p bashkit-cli --features realfs | |
| bash examples/realfs_mount.sh | |
| - name: Run ticket CLI example | |
| env: | |
| TICKET_REF: 194b71a8bbc3771da1ce9f579395937c976bbddc | |
| run: bash examples/ticket-cli.sh | |
| # External API dependency — don't block CI on Anthropic outages | |
| - name: Run LLM agent example | |
| continue-on-error: true | |
| env: | |
| ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }} | |
| run: cargo run --example agent_tool --features http_client | |
| - name: Install Doppler CLI | |
| if: env.DOPPLER_TOKEN != '' | |
| uses: dopplerhq/cli-action@v4 | |
| - name: Run harness OpenAI joke example | |
| if: env.DOPPLER_TOKEN != '' | |
| run: | | |
| cargo build -p bashkit-cli --features realfs --quiet | |
| doppler run -- bash examples/harness-openai-joke.sh | |
| fuzz-check: | |
| name: Fuzz Compile Check | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Install Rust nightly | |
| uses: dtolnay/rust-toolchain@nightly | |
| - name: Install cargo-fuzz | |
| uses: taiki-e/cache-cargo-install-action@v3 | |
| with: | |
| tool: cargo-fuzz | |
| locked: true | |
| - name: Verify fuzz targets compile | |
| working-directory: crates/bashkit | |
| run: cargo +nightly fuzz build | |
| # Gate job for branch protection — name must stay "Check" | |
| check: | |
| name: Check | |
| if: always() | |
| needs: [lint, audit, test, examples, fuzz-check] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Verify all jobs passed | |
| run: | | |
| if [[ "${{ needs.lint.result }}" != "success" ]] || \ | |
| [[ "${{ needs.audit.result }}" != "success" ]] || \ | |
| [[ "${{ needs.test.result }}" != "success" ]] || \ | |
| [[ "${{ needs.examples.result }}" != "success" ]] || \ | |
| [[ "${{ needs.fuzz-check.result }}" != "success" ]]; then | |
| echo "One or more required jobs failed" | |
| exit 1 | |
| fi |