Strip languages card, just show logo row below stats #63
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| env: | |
| CARGO_TERM_COLOR: always | |
| jobs: | |
| fmt: | |
| name: Format | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: dtolnay/rust-toolchain@stable | |
| with: | |
| components: rustfmt | |
| - run: cargo fmt --check | |
| clippy: | |
| name: Clippy | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| matrix: | |
| os: [ubuntu-latest, macos-latest] | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: dtolnay/rust-toolchain@stable | |
| with: | |
| components: clippy | |
| - uses: actions/cache@v5 | |
| with: | |
| path: | | |
| ~/.cargo/registry | |
| ~/.cargo/git | |
| target | |
| key: ${{ runner.os }}-cargo-clippy-${{ hashFiles('**/Cargo.lock') }} | |
| restore-keys: ${{ runner.os }}-cargo-clippy- | |
| - run: cargo clippy -- -D warnings | |
| test: | |
| name: Test | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| matrix: | |
| os: [ubuntu-latest, macos-latest] | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: dtolnay/rust-toolchain@stable | |
| - uses: actions/cache@v5 | |
| with: | |
| path: | | |
| ~/.cargo/registry | |
| ~/.cargo/git | |
| target | |
| key: ${{ runner.os }}-cargo-test-${{ hashFiles('**/Cargo.lock') }} | |
| restore-keys: ${{ runner.os }}-cargo-test- | |
| - run: cargo test | |
| build: | |
| name: Build Release | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| matrix: | |
| os: [ubuntu-latest, macos-latest] | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: dtolnay/rust-toolchain@stable | |
| - uses: actions/cache@v5 | |
| with: | |
| path: | | |
| ~/.cargo/registry | |
| ~/.cargo/git | |
| target | |
| key: ${{ runner.os }}-cargo-build-${{ hashFiles('**/Cargo.lock') }} | |
| restore-keys: ${{ runner.os }}-cargo-build- | |
| - run: cargo build --release | |
| dogfood: | |
| name: Dogfood (foxguard scans itself) | |
| needs: build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: dtolnay/rust-toolchain@stable | |
| - uses: actions/cache@v5 | |
| with: | |
| path: | | |
| ~/.cargo/registry | |
| ~/.cargo/git | |
| target | |
| key: ${{ runner.os }}-cargo-build-${{ hashFiles('**/Cargo.lock') }} | |
| restore-keys: ${{ runner.os }}-cargo-build- | |
| - name: Build foxguard | |
| run: cargo build --release | |
| - name: Scan own source (must be clean) | |
| run: ./target/release/foxguard --severity high src/ | |
| - name: Scan own source for secrets (must be clean) | |
| run: ./target/release/foxguard secrets src/ | |
| - name: Verify fixture detection (must find issues) | |
| run: | | |
| if ./target/release/foxguard tests/fixtures/ 2>&1; then | |
| echo "::error::Expected foxguard to find issues in test fixtures but it exited clean" | |
| exit 1 | |
| else | |
| echo "Fixtures correctly detected — foxguard found issues as expected" | |
| fi | |
| dist-npm: | |
| name: Distribution (npm) | |
| needs: build | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| matrix: | |
| os: [ubuntu-latest, macos-latest] | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 20 | |
| - name: npx foxguard --version | |
| run: npx foxguard@0.1.0 --version | |
| - name: npx foxguard scans test fixtures | |
| run: | | |
| if npx foxguard@0.1.0 tests/fixtures/ 2>&1; then | |
| echo "::error::Expected findings in fixtures" | |
| exit 1 | |
| else | |
| echo "npm distribution works — found issues as expected" | |
| fi | |
| - name: npx foxguard clean scan | |
| run: npx foxguard@0.1.0 --severity high src/ | |
| - name: npx foxguard SARIF output | |
| run: npx foxguard@0.1.0 --severity high --format sarif src/ > /dev/null | |
| dist-cargo: | |
| name: Distribution (cargo install) | |
| needs: build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: dtolnay/rust-toolchain@stable | |
| - name: cargo install from source | |
| run: cargo install --path . | |
| - name: foxguard --version | |
| run: foxguard --version | |
| - name: foxguard scans test fixtures | |
| run: | | |
| if foxguard tests/fixtures/ 2>&1; then | |
| echo "::error::Expected findings in fixtures" | |
| exit 1 | |
| else | |
| echo "cargo install works — found issues as expected" | |
| fi | |
| - name: foxguard clean scan | |
| run: foxguard --severity high src/ | |
| - name: foxguard secrets scan | |
| run: foxguard secrets src/ | |
| - name: foxguard SARIF output | |
| run: foxguard --severity high --format sarif src/ > /dev/null | |
| - name: foxguard JSON output | |
| run: foxguard --severity high --format json src/ > /dev/null | |
| - name: foxguard init (dry run) | |
| run: | | |
| cd "$(mktemp -d)" | |
| git init | |
| foxguard init | |
| test -f .git/hooks/pre-commit && echo "pre-commit hook installed" || exit 1 | |
| test -f .foxguard.yml && echo ".foxguard.yml created" || exit 1 | |