From b25519c6aa29da904c5d5fb1fc9452985e0cf3a2 Mon Sep 17 00:00:00 2001 From: onspeedhp Date: Wed, 6 May 2026 23:02:56 +0700 Subject: [PATCH 1/2] ci(lint): add clippy + tsc lint workflow MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Two-job lint workflow gating PRs to main: 1. `clippy` — `cargo clippy --features devnet --all-targets -- -D warnings` with a documented allow-list for stylistic lints that fire in audited byte-identical code (op_ref, needless_borrow, manual_range_contains, too_many_arguments, unused_mut). When the audit baseline rolls over, the allow-list should be tightened. 2. `tsc` — `npx tsc --noEmit` against `tests-sdk` to keep TypeScript strict-mode violations from landing. `cargo fmt` is intentionally NOT in this workflow yet: the existing `rustfmt.toml` enables nightly-only options that would require a mass reformat of audited code (~1200 line diff across 28 files). Plan to land that as a separate PR after the audit baseline rolls over. --- .github/workflows/lint.yml | 66 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 66 insertions(+) create mode 100644 .github/workflows/lint.yml diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml new file mode 100644 index 0000000..9bb2bf0 --- /dev/null +++ b/.github/workflows/lint.yml @@ -0,0 +1,66 @@ +name: lint + +on: + pull_request: + push: + branches: [main] + +jobs: + clippy: + name: clippy (rust) + runs-on: ubuntu-latest + timeout-minutes: 15 + steps: + - uses: actions/checkout@v4 + + - name: Install Rust toolchain + uses: dtolnay/rust-toolchain@stable + with: + components: clippy + + - name: Cache cargo build + uses: actions/cache@v4 + with: + path: | + ~/.cargo/registry + ~/.cargo/git + target + key: lint-clippy-${{ hashFiles('**/Cargo.lock') }} + + # Allow-list explained: + # - op_ref / needless_borrow / manual_range_contains / too_many_arguments: + # stylistic lints that fire in audited code byte-identical with + # lazorkit-protocol. Touching them changes audited bytes and + # triggers an unnecessary delta audit on cosmetic refactors. + # - unused_mut: same — appears in a test closure in state/action.rs. + # When the audit baseline rolls over, revisit and tighten this list. + - name: cargo clippy (devnet features) + run: | + cargo clippy --features devnet --all-targets -- \ + -D warnings \ + -A clippy::op_ref \ + -A clippy::needless_borrow \ + -A clippy::manual_range_contains \ + -A clippy::too_many_arguments \ + -A unused_mut + + tsc: + name: tsc (tests-sdk) + runs-on: ubuntu-latest + timeout-minutes: 5 + steps: + - uses: actions/checkout@v4 + + - uses: actions/setup-node@v4 + with: + node-version: 20 + cache: npm + cache-dependency-path: tests-sdk/package-lock.json + + - name: install + working-directory: tests-sdk + run: npm ci || npm install + + - name: tsc --noEmit + working-directory: tests-sdk + run: npx tsc --noEmit From 6c727b9f0581eeb48cd7724f04d66876b5855b3f Mon Sep 17 00:00:00 2001 From: onspeedhp Date: Wed, 6 May 2026 23:07:34 +0700 Subject: [PATCH 2/2] ci(lint): drop tsc-tests job; keep clippy only tests-sdk depends on @lazorkit/sdk-legacy via a 'file:' link to the sibling lazorkit-protocol checkout. CI checks out only this repo, so the dep can't resolve and tsc fails on every import. Switch to the npm-published version (^0.3.1+) once it lands, then restore the tsc job. Type errors still caught locally. --- .github/workflows/lint.yml | 29 +++++++++-------------------- 1 file changed, 9 insertions(+), 20 deletions(-) diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 9bb2bf0..4c832fc 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -44,23 +44,12 @@ jobs: -A clippy::too_many_arguments \ -A unused_mut - tsc: - name: tsc (tests-sdk) - runs-on: ubuntu-latest - timeout-minutes: 5 - steps: - - uses: actions/checkout@v4 - - - uses: actions/setup-node@v4 - with: - node-version: 20 - cache: npm - cache-dependency-path: tests-sdk/package-lock.json - - - name: install - working-directory: tests-sdk - run: npm ci || npm install - - - name: tsc --noEmit - working-directory: tests-sdk - run: npx tsc --noEmit +# tsc on tests-sdk is intentionally NOT included here. +# +# tests-sdk depends on `@lazorkit/sdk-legacy` via a `file:` link to the +# sibling lazorkit-protocol checkout, which doesn't exist in CI. Wiring +# this up cleanly requires switching to the npm-published version +# (^0.3.1+) once it lands, then restoring the tsc job. +# +# Type errors are still caught locally via `npx tsc --noEmit` from +# tests-sdk against the file: linked SDK.