Update docs for v1.5.0, fix CI disk space, add new fuzz targets to CI #66
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| jobs: | |
| test: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Free disk space | |
| run: | | |
| sudo rm -rf /usr/share/dotnet /usr/local/lib/android /opt/ghc /opt/hostedtoolcache/CodeQL | |
| sudo docker image prune --all --force | |
| df -h / | |
| - uses: actions/checkout@v4 | |
| with: | |
| submodules: recursive | |
| - uses: arduino/setup-protoc@v3 | |
| with: | |
| repo-token: ${{ secrets.GITHUB_TOKEN }} | |
| - uses: dtolnay/rust-toolchain@stable | |
| - uses: Swatinem/rust-cache@v2 | |
| - run: cargo fmt --check | |
| - run: cargo clippy --workspace -- -D warnings | |
| - run: cargo test --workspace | |
| fuzz: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Free disk space | |
| run: | | |
| sudo rm -rf /usr/share/dotnet /usr/local/lib/android /opt/ghc /opt/hostedtoolcache/CodeQL | |
| sudo docker image prune --all --force | |
| df -h / | |
| - uses: actions/checkout@v4 | |
| with: | |
| submodules: recursive | |
| - uses: arduino/setup-protoc@v3 | |
| with: | |
| repo-token: ${{ secrets.GITHUB_TOKEN }} | |
| # Pin nightly to avoid str::as_str() breakage in shellexpand 3.1.1 | |
| # (rust-lang/rust#152961). Unpin once revert #152963 lands in nightly. | |
| - uses: dtolnay/rust-toolchain@nightly | |
| with: | |
| toolchain: nightly-2026-02-21 | |
| - uses: Swatinem/rust-cache@v2 | |
| with: | |
| workspaces: tools/fuzz | |
| - name: Install cargo-fuzz | |
| run: cargo install cargo-fuzz | |
| - name: Fuzz (short CI run) | |
| run: | | |
| cd tools/fuzz | |
| for target in \ | |
| policy_parser \ | |
| fail_closed_tool_invocation \ | |
| tofu_key_substitution \ | |
| slack_signature_verification \ | |
| enforcement_policy_matrix \ | |
| dsl_lexer_parser \ | |
| schema_verification_garbage \ | |
| sensitive_arg_masking \ | |
| tool_substitution_detection \ | |
| dsl_structure_aware \ | |
| sse_jsonrpc_parsing \ | |
| schemapin_keystore_roundtrip \ | |
| dsl_evaluator \ | |
| mattermost_signature_verification \ | |
| crypto_roundtrip \ | |
| webhook_verify_generic \ | |
| api_key_store \ | |
| policy_evaluation; do | |
| echo "--- Fuzzing $target (15s) ---" | |
| cargo fuzz run --fuzz-dir . "$target" -- -max_total_time=15 || exit 1 | |
| done |