Skip to content

ci(rust): convert rust-ci.yml to thin wrapper (standards#174)#54

Merged
hyperpolymath merged 1 commit into
mainfrom
chore/rust-ci-reusable-wrapper
May 29, 2026
Merged

ci(rust): convert rust-ci.yml to thin wrapper (standards#174)#54
hyperpolymath merged 1 commit into
mainfrom
chore/rust-ci-reusable-wrapper

Conversation

@hyperpolymath
Copy link
Copy Markdown
Owner

@hyperpolymath hyperpolymath commented May 29, 2026

Replaces the per-repo rust-ci.yml copy with a 5-line wrapper invoking the shared reusable workflow in hyperpolymath/standards (PR #174).

Pinned to PR #174's HEAD SHA 4fdf4314b4ab54269adbaff10e30e483b5e86845; will resolve to standards/main once #174 merges.

Estate audit found ~87 rust-ci.yml copies across the estate; this is one of them. The reusable provides identical cargo check/clippy/fmt/test behaviour with opt-in enable_audit + enable_coverage inputs.

Pattern precedent: standards#168 (governance-reusable) + downstream wrappers absolute-zero#41 + tma-mark2#41.

Summary

Changes

RSR Quality Checklist

Required

  • Tests pass (just test or equivalent)
  • Code is formatted (just fmt or equivalent)
  • Linter is clean (no new warnings or errors)
  • No banned language patterns (no TypeScript, no npm/bun, no Go/Python)
  • No unsafe blocks without // SAFETY: comments
  • No banned functions (believe_me, unsafeCoerce, Obj.magic, Admitted, sorry)
  • SPDX license headers present on all new/modified source files
  • No secrets, credentials, or .env files included

As Applicable

  • .machine_readable/STATE.a2ml updated (if project state changed)
  • .machine_readable/ECOSYSTEM.a2ml updated (if integrations changed)
  • .machine_readable/META.a2ml updated (if architectural decisions changed)
  • Documentation updated for user-facing changes
  • TOPOLOGY.md updated (if architecture changed)
  • CHANGELOG or release notes updated
  • New dependencies reviewed for license compatibility (MPL-2.0 / MPL-2.0)
  • ABI/FFI changes validated (src/interface/abi/ and src/interface/ffi/ consistent)

Testing

Screenshots

@hyperpolymath @claude
ci(rust): convert rust-ci.yml to thin wrapper (standards#174)
62874ae 
Replaces the per-repo `rust-ci.yml` copy with a 5-line wrapper invoking
the shared reusable workflow in `hyperpolymath/standards` (PR #174).

Pinned to PR #174's HEAD SHA `4fdf4314b4ab54269adbaff10e30e483b5e86845`; will resolve to standards/main
once #174 merges.

Estate audit found ~87 rust-ci.yml copies across the estate; this is
one of them. The reusable provides identical cargo check/clippy/fmt/test
behaviour with opt-in `enable_audit` + `enable_coverage` inputs.

Pattern precedent: standards#168 (governance-reusable) + downstream
wrappers absolute-zero#41 + tma-mark2#41.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 29, 2026

🔍 Hypatia Security Scan

Findings: 92 issues detected

Severity Count
🔴 Critical 2
🟠 High 10
🟡 Medium 80

⚠️ Action Required: Critical security issues found!

View findings 
[
  {
    "reason": "Action perpolymath/standards/.github/workflows/governance-reusable.yml@main\n needs attention",
    "type": "unpinned_action",
    "file": "governance.yml",
    "action": "pin_sha",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "codeql.yml lists `language: javascript-typescript` but the repo has no source files in any CodeQL-scannable language. The analyze job will exit 'no source files' on every run. Switch the matrix to `actions` (which scans workflow files — every repo has those).",
    "type": "codeql_language_matrix_mismatch",
    "file": "codeql.yml",
    "action": "switch_codeql_matrix_to_actions",
    "rule_module": "workflow_audit",
    "severity": "high"
  },
  {
    "reason": "Issue in boj-build.yml",
    "type": "unknown",
    "file": "boj-build.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in casket-pages.yml",
    "type": "unknown",
    "file": "casket-pages.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in casket-pages.yml",
    "type": "unknown",
    "file": "casket-pages.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in codeql.yml",
    "type": "unknown",
    "file": "codeql.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in dogfood-gate.yml",
    "type": "unknown",
    "file": "dogfood-gate.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in dogfood-gate.yml",
    "type": "unknown",
    "file": "dogfood-gate.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in dogfood-gate.yml",
    "type": "unknown",
    "file": "dogfood-gate.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in dogfood-gate.yml",
    "type": "unknown",
    "file": "dogfood-gate.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  }
]

Powered by Hypatia Neurosymbolic CI/CD Intelligence

@hyperpolymath hyperpolymath merged commit 6927125 into main May 29, 2026
31 of 35 checks passed
@hyperpolymath hyperpolymath deleted the chore/rust-ci-reusable-wrapper branch May 29, 2026 02:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@hyperpolymath