Skip to content
CI

fix(interpreter): apply redirects left-to-right for correct fd duplication #1520

Sign in to view logs

fix(interpreter): apply redirects left-to-right for correct fd duplication

fix(interpreter): apply redirects left-to-right for correct fd duplication #1520

Workflow file for this run

.github/workflows/ci.yml at 763a829
name: CI
on:
push:
branches: [main]
pull_request:
branches: [main]
workflow_call:
permissions:
contents: read
checks: write
env:
CARGO_TERM_COLOR: always
RUST_BACKTRACE: 1
jobs:
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@stable
with:
components: rustfmt, clippy
- uses: Swatinem/rust-cache@v2
- name: Check formatting
run: cargo fmt --all -- --check
- name: Run clippy
run: cargo clippy --all-targets --all-features -- -D warnings
- name: Build documentation
run: cargo doc --no-deps --all-features
env:
RUSTDOCFLAGS: "-D warnings"
audit:
name: Audit
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@stable
- name: Generate lockfile
run: cargo generate-lockfile
- name: Security audit (cargo-audit)
uses: rustsec/audit-check@v2.0.0
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: License check (cargo-deny)
uses: EmbarkStudios/cargo-deny-action@v2
with:
command: check licenses sources
- name: Install cargo-vet
uses: taiki-e/install-action@v2
with:
tool: cargo-vet
- name: Supply chain audit (cargo-vet)
run: cargo vet --locked
test:
name: Test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@stable
- uses: Swatinem/rust-cache@v2
- name: Run tests
run: cargo test --features http_client
- name: Run realfs tests
run: cargo test --features realfs -p bashkit --test realfs_tests -p bashkit-cli
- name: Run fail-point tests (single-threaded)
run: cargo test --features failpoints --test security_failpoint_tests -- --test-threads=1
- name: Run property-based security tests (proptest)
run: cargo test --test proptest_security -- --test-threads=1
env:
PROPTEST_CASES: 50
examples:
name: Examples
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@stable
- uses: Swatinem/rust-cache@v2
- name: Build examples
run: cargo build --examples --features "git,http_client"
- name: Run examples
run: |
cargo run --example basic
cargo run --example custom_fs
cargo run --example resource_limits
cargo run --example text_processing
cargo run --example live_mounts
cargo run --example git_workflow --features git
cargo run --example python_external_functions --features python
cargo run --example realfs_readonly --features realfs
cargo run --example realfs_readwrite --features realfs
- name: Run realfs bash example
run: |
cargo build -p bashkit-cli --features realfs
bash examples/realfs_mount.sh
# External API dependency — don't block CI on Anthropic outages
- name: Run LLM agent example
continue-on-error: true
env:
ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
run: cargo run --example agent_tool --features http_client
fuzz-check:
name: Fuzz Compile Check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Install Rust nightly
uses: dtolnay/rust-toolchain@nightly
- name: Install cargo-fuzz
uses: taiki-e/cache-cargo-install-action@v3
with:
tool: cargo-fuzz
locked: true
- name: Verify fuzz targets compile
working-directory: crates/bashkit
run: cargo +nightly fuzz build
# Gate job for branch protection — name must stay "Check"
check:
name: Check
if: always()
needs: [lint, audit, test, examples, fuzz-check]
runs-on: ubuntu-latest
steps:
- name: Verify all jobs passed
run: |
if [[ "${{ needs.lint.result }}" != "success" ]] || \
[[ "${{ needs.audit.result }}" != "success" ]] || \
[[ "${{ needs.test.result }}" != "success" ]] || \
[[ "${{ needs.examples.result }}" != "success" ]] || \
[[ "${{ needs.fuzz-check.result }}" != "success" ]]; then
echo "One or more required jobs failed"
exit 1
fi