From 36ff78e6ae5d90fb33b9f5845b8267d69eefd173 Mon Sep 17 00:00:00 2001 From: slokh Date: Thu, 26 Feb 2026 11:45:20 -0500 Subject: [PATCH 1/4] ci: add coverage (cargo-llvm-cov) with 85% gate; add security checks (cargo-audit, cargo-deny); add informational MSRV job; add local make coverage target Amp-Thread-ID: https://ampcode.com/threads/T-019c9ab7-3294-76f8-bcbd-2edc07323c50 Co-authored-by: Amp --- .github/workflows/coverage.yml | 28 +++++++++++++++++++++ .github/workflows/security.yml | 45 ++++++++++++++++++++++++++++++++++ Makefile | 4 +++ 3 files changed, 77 insertions(+) create mode 100644 .github/workflows/coverage.yml create mode 100644 .github/workflows/security.yml diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml new file mode 100644 index 00000000..ef53676f --- /dev/null +++ b/.github/workflows/coverage.yml @@ -0,0 +1,28 @@ +name: Coverage + +on: + pull_request: + branches: [main, master] + push: + branches: [main, master] + +jobs: + coverage: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: dtolnay/rust-toolchain@stable + with: + components: llvm-tools-preview + - uses: taiki-e/install-action@v2 + with: + tool: cargo-llvm-cov + - uses: Swatinem/rust-cache@v2 + - name: Run coverage (min 85%) + run: | + cargo llvm-cov --all-features --workspace --fail-under-lines 85 --lcov --output-path lcov.info + - name: Upload lcov artifact + uses: actions/upload-artifact@v4 + with: + name: lcov.info + path: lcov.info diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml new file mode 100644 index 00000000..72b49b8f --- /dev/null +++ b/.github/workflows/security.yml @@ -0,0 +1,45 @@ +name: Security + +on: + pull_request: + branches: [main, master] + schedule: + - cron: '0 3 * * *' + +jobs: + audit: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: dtolnay/rust-toolchain@stable + - uses: Swatinem/rust-cache@v2 + - name: Install cargo-audit + uses: taiki-e/install-action@v2 + with: + tool: cargo-audit + - name: Cargo audit + run: cargo audit --deny warnings + + deny: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: dtolnay/rust-toolchain@stable + - uses: Swatinem/rust-cache@v2 + - name: Install cargo-deny + uses: taiki-e/install-action@v2 + with: + tool: cargo-deny + - name: Cargo deny (advisories & bans) + run: | + cargo deny check advisories bans + + msrv: + name: MSRV (informational) + runs-on: ubuntu-latest + continue-on-error: true + steps: + - uses: actions/checkout@v4 + - uses: dtolnay/rust-toolchain@1.77.0 + - uses: Swatinem/rust-cache@v2 + - run: cargo build -q diff --git a/Makefile b/Makefile index dd441e1b..05e70f0c 100644 --- a/Makefile +++ b/Makefile @@ -39,3 +39,7 @@ fix: # Run e2e tests against live mpp-proxy (requires funded wallet) e2e: build cargo test --test live -- --ignored --nocapture +# Generate coverage locally (requires cargo-llvm-cov and llvm-tools-preview) +# Install once: `rustup component add llvm-tools-preview` and `cargo install cargo-llvm-cov` +coverage: + cargo llvm-cov --all-features --workspace --fail-under-lines 85 --lcov --output-path lcov.info From 330e75a0441f599ed6fc04155313fead90d1fe32 Mon Sep 17 00:00:00 2001 From: slokh Date: Thu, 26 Feb 2026 11:46:03 -0500 Subject: [PATCH 2/4] fix(ci): replace spaces with tab in Makefile coverage target Amp-Thread-ID: https://ampcode.com/threads/T-019c9ab7-3294-76f8-bcbd-2edc07323c50 Co-authored-by: Amp --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 05e70f0c..0e9dfb98 100644 --- a/Makefile +++ b/Makefile @@ -42,4 +42,4 @@ e2e: build # Generate coverage locally (requires cargo-llvm-cov and llvm-tools-preview) # Install once: `rustup component add llvm-tools-preview` and `cargo install cargo-llvm-cov` coverage: - cargo llvm-cov --all-features --workspace --fail-under-lines 85 --lcov --output-path lcov.info + cargo llvm-cov --all-features --workspace --fail-under-lines 85 --lcov --output-path lcov.info From 277b98f8d16295057c654d7d15371a2e90693e05 Mon Sep 17 00:00:00 2001 From: slokh Date: Thu, 26 Feb 2026 11:48:34 -0500 Subject: [PATCH 3/4] fix: silence dead_code for OsKeychain on non-macOS test builds; keep macOS integration tests working Amp-Thread-ID: https://ampcode.com/threads/T-019c9ab7-3294-76f8-bcbd-2edc07323c50 Co-authored-by: Amp --- src/wallet/keychain.rs | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/wallet/keychain.rs b/src/wallet/keychain.rs index d2a18195..f02af103 100644 --- a/src/wallet/keychain.rs +++ b/src/wallet/keychain.rs @@ -45,8 +45,10 @@ pub trait KeychainBackend: Send + Sync { /// OS keychain backend using platform-native secret storage. /// /// Currently supports macOS only (via `security-framework`). +#[cfg_attr(all(test, not(target_os = "macos")), allow(dead_code))] pub struct OsKeychain; +#[cfg_attr(all(test, not(target_os = "macos")), allow(dead_code))] impl KeychainBackend for OsKeychain { fn get(&self, profile: &str) -> Result>> { #[cfg(target_os = "macos")] From c15d741d4e0abe5894b0028818549047d169daa8 Mon Sep 17 00:00:00 2001 From: slokh Date: Thu, 26 Feb 2026 11:51:24 -0500 Subject: [PATCH 4/4] ci: drop coverage and security workflows; keep tests-only pipeline; retain optional local coverage target Amp-Thread-ID: https://ampcode.com/threads/T-019c9ab7-3294-76f8-bcbd-2edc07323c50 Co-authored-by: Amp --- .github/workflows/coverage.yml | 28 --------------------- .github/workflows/security.yml | 45 ---------------------------------- 2 files changed, 73 deletions(-) delete mode 100644 .github/workflows/coverage.yml delete mode 100644 .github/workflows/security.yml diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml deleted file mode 100644 index ef53676f..00000000 --- a/.github/workflows/coverage.yml +++ /dev/null @@ -1,28 +0,0 @@ -name: Coverage - -on: - pull_request: - branches: [main, master] - push: - branches: [main, master] - -jobs: - coverage: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - uses: dtolnay/rust-toolchain@stable - with: - components: llvm-tools-preview - - uses: taiki-e/install-action@v2 - with: - tool: cargo-llvm-cov - - uses: Swatinem/rust-cache@v2 - - name: Run coverage (min 85%) - run: | - cargo llvm-cov --all-features --workspace --fail-under-lines 85 --lcov --output-path lcov.info - - name: Upload lcov artifact - uses: actions/upload-artifact@v4 - with: - name: lcov.info - path: lcov.info diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml deleted file mode 100644 index 72b49b8f..00000000 --- a/.github/workflows/security.yml +++ /dev/null @@ -1,45 +0,0 @@ -name: Security - -on: - pull_request: - branches: [main, master] - schedule: - - cron: '0 3 * * *' - -jobs: - audit: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - uses: dtolnay/rust-toolchain@stable - - uses: Swatinem/rust-cache@v2 - - name: Install cargo-audit - uses: taiki-e/install-action@v2 - with: - tool: cargo-audit - - name: Cargo audit - run: cargo audit --deny warnings - - deny: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - uses: dtolnay/rust-toolchain@stable - - uses: Swatinem/rust-cache@v2 - - name: Install cargo-deny - uses: taiki-e/install-action@v2 - with: - tool: cargo-deny - - name: Cargo deny (advisories & bans) - run: | - cargo deny check advisories bans - - msrv: - name: MSRV (informational) - runs-on: ubuntu-latest - continue-on-error: true - steps: - - uses: actions/checkout@v4 - - uses: dtolnay/rust-toolchain@1.77.0 - - uses: Swatinem/rust-cache@v2 - - run: cargo build -q