chore(beads): close br-r37-c1-e04a1 #1309
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| permissions: | |
| contents: read | |
| concurrency: | |
| group: ci-${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| env: | |
| CARGO_TERM_COLOR: always | |
| jobs: | |
| g0-doc-freshness: | |
| name: G0 docs freshness | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 5 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 100 | |
| - name: Enforce README/FEATURE_PARITY/CHANGELOG freshness | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| max_commits=50 | |
| files=(README.md FEATURE_PARITY.md CHANGELOG.md) | |
| for file in "${files[@]}"; do | |
| if [[ ! -f "$file" ]]; then | |
| echo "::error file=${file}::missing required documentation file" | |
| exit 1 | |
| fi | |
| last_commit=$(git log -n 1 --format=%H -- "$file" || true) | |
| if [[ -z "$last_commit" ]]; then | |
| echo "::error file=${file}::no git history found for ${file}" | |
| exit 1 | |
| fi | |
| distance=$(git rev-list --count "${last_commit}..HEAD") | |
| if (( distance > max_commits )); then | |
| echo "::error file=${file}::last updated ${distance} commits ago (limit ${max_commits})" | |
| exit 1 | |
| fi | |
| echo "${file} OK (last update ${distance} commits ago)" | |
| done | |
| g1-format: | |
| name: G1 fmt | |
| needs: g0-doc-freshness | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 15 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@nightly | |
| with: | |
| components: rustfmt | |
| - uses: Swatinem/rust-cache@v2 | |
| - name: Check formatting | |
| run: cargo fmt --all -- --check | |
| g2-clippy: | |
| name: G2 clippy | |
| needs: g1-format | |
| runs-on: ${{ matrix.os }} | |
| timeout-minutes: 25 | |
| strategy: | |
| matrix: | |
| os: [ubuntu-latest, macos-latest, windows-latest] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@nightly | |
| with: | |
| components: clippy | |
| - uses: Swatinem/rust-cache@v2 | |
| - name: Run clippy | |
| run: cargo clippy --workspace --all-targets -- -D warnings | |
| g3-rust-tests: | |
| name: G3 rust tests | |
| needs: g2-clippy | |
| runs-on: ${{ matrix.os }} | |
| timeout-minutes: 30 | |
| strategy: | |
| matrix: | |
| os: [ubuntu-latest, macos-latest, windows-latest] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@nightly | |
| - uses: Swatinem/rust-cache@v2 | |
| - name: Run Rust tests | |
| run: cargo test --workspace | |
| g4-python-tests: | |
| name: G4 canonical python parity | |
| needs: g3-rust-tests | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 25 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@nightly | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.12" | |
| - uses: Swatinem/rust-cache@v2 | |
| - name: Install maturin and test dependencies | |
| run: pip install maturin pytest hypothesis networkx | |
| - name: Build and install | |
| run: maturin develop --features pyo3/abi3-py310 | |
| - name: Run canonical Python parity suite | |
| run: pytest tests/python/ -v --tb=long | |
| g4b-e2e: | |
| name: G4b e2e integration | |
| needs: g4-python-tests | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 25 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@nightly | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.12" | |
| - uses: Swatinem/rust-cache@v2 | |
| - name: Install maturin and E2E dependencies | |
| run: pip install maturin networkx numpy scipy | |
| - name: Build and install | |
| run: maturin develop --features pyo3/abi3-py310 | |
| - name: Run structured E2E integration script | |
| run: python3 scripts/e2e_integration_test.py | |
| g4c-docs: | |
| name: G4c docs | |
| needs: g4b-e2e | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 20 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@nightly | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.12" | |
| - uses: Swatinem/rust-cache@v2 | |
| - name: Install docs gate dependencies | |
| run: pip install maturin networkx | |
| - name: Build and install | |
| run: maturin develop --features pyo3/abi3-py310 | |
| - name: Verify docs and examples | |
| run: python3 scripts/verify_docs.py | |
| g4d-examples: | |
| name: G4d examples | |
| needs: g4c-docs | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 15 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@nightly | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.12" | |
| - uses: Swatinem/rust-cache@v2 | |
| - name: Install example dependencies | |
| run: pip install maturin networkx | |
| - name: Build and install | |
| run: maturin develop --features pyo3/abi3-py310 | |
| - name: Run examples | |
| shell: bash | |
| env: | |
| FNX_BENCH_RUNS: "1" | |
| FNX_BENCH_PATH_NODES: "500" | |
| FNX_BENCH_COMPONENT_NODES: "300" | |
| FNX_BENCH_PAGERANK_NODES: "80" | |
| run: | | |
| set -euo pipefail | |
| for script in examples/*.py; do | |
| echo "Running ${script}" | |
| python3 "${script}" | |
| done | |
| g5-conformance: | |
| name: G5 conformance evidence | |
| needs: g4d-examples | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 30 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@nightly | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.12" | |
| - uses: Swatinem/rust-cache@v2 | |
| - name: Install oracle capture dependencies | |
| run: pip install networkx | |
| - name: Capture oracle fixtures | |
| run: python3 scripts/capture_oracle_fixtures.py | |
| - name: Run curated conformance evidence harness | |
| run: env CARGO_TARGET_DIR=target-ci cargo run -q -p fnx-conformance --bin run_smoke | |
| - name: Generate conformance dashboard | |
| run: python3 scripts/generate_conformance_dashboard.py | |
| - name: Verify conformance freshness (B4 gate) | |
| run: python3 scripts/verify_conformance_freshness.py | |
| - name: Upload conformance artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: conformance-latest | |
| path: artifacts/conformance/latest | |
| g6-performance: | |
| name: G6 performance | |
| needs: g5-conformance | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 30 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@nightly | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.12" | |
| - uses: Swatinem/rust-cache@v2 | |
| - name: Install benchmark gate Python dependencies | |
| run: pip install maturin networkx | |
| - name: Build release extension for perf SLO workloads | |
| run: maturin develop --release --features pyo3/abi3-py310 | |
| - name: Run benchmark gate | |
| run: bash scripts/run_benchmark_gate.sh | |
| - name: Upload performance artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: perf-latest | |
| path: artifacts/perf/latest | |
| g7-ubs: | |
| name: G7 UBS | |
| needs: g6-performance | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 20 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install UBS | |
| run: | | |
| mkdir -p "$HOME/.local/bin" | |
| curl -fsSL https://raw.githubusercontent.com/Dicklesworthstone/ultimate_bug_scanner/master/ubs \ | |
| -o "$HOME/.local/bin/ubs" | |
| chmod +x "$HOME/.local/bin/ubs" | |
| echo "$HOME/.local/bin" >> "$GITHUB_PATH" | |
| - name: Run UBS fail-closed scan | |
| run: ubs --ci --fail-on-warning . | |
| g7b-fuzz-smoke: | |
| name: G7b fuzz smoke | |
| needs: g7-ubs | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 25 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@nightly | |
| with: | |
| components: llvm-tools-preview | |
| - uses: Swatinem/rust-cache@v2 | |
| with: | |
| workspaces: fuzz | |
| - name: Install cargo-fuzz | |
| run: cargo install cargo-fuzz | |
| - name: Fuzz edgelist parser (60s) | |
| run: cd fuzz && cargo +nightly fuzz run fuzz_edgelist corpus/fuzz_edgelist -- -max_total_time=60 | |
| - name: Fuzz JSON parser (60s) | |
| run: cd fuzz && cargo +nightly fuzz run fuzz_json corpus/fuzz_json -- -max_total_time=60 | |
| - name: Fuzz GraphML parser (60s) | |
| run: cd fuzz && cargo +nightly fuzz run fuzz_graphml corpus/fuzz_graphml -- -max_total_time=60 | |
| - name: Fuzz GML parser (60s) | |
| run: cd fuzz && cargo +nightly fuzz run fuzz_gml corpus/fuzz_gml -- -max_total_time=60 | |
| - name: Fuzz adjlist parser (60s) | |
| run: cd fuzz && cargo +nightly fuzz run fuzz_adjlist corpus/fuzz_adjlist -- -max_total_time=60 | |
| - name: Fuzz raw node-link parser (60s) | |
| run: cd fuzz && cargo +nightly fuzz run fuzz_node_link corpus/fuzz_node_link -- -max_total_time=60 | |
| - name: Fuzz attribute value coercion paths (60s) | |
| run: cd fuzz && cargo +nightly fuzz run fuzz_attribute_value corpus/fuzz_attribute_value -- -max_total_time=60 | |
| - name: Fuzz Pajek parser (60s) | |
| run: cd fuzz && cargo +nightly fuzz run fuzz_pajek corpus/fuzz_pajek -- -max_total_time=60 | |
| # E7: Structure-aware algorithm fuzzers (30s each) | |
| - name: Fuzz shortest path algorithms (30s) | |
| run: cd fuzz && cargo +nightly fuzz run fuzz_shortest_path corpus/fuzz_shortest_path -- -max_total_time=30 | |
| - name: Fuzz centrality algorithms (30s) | |
| run: cd fuzz && cargo +nightly fuzz run fuzz_centrality corpus/fuzz_centrality -- -max_total_time=30 | |
| - name: Fuzz connectivity algorithms (30s) | |
| run: cd fuzz && cargo +nightly fuzz run fuzz_connectivity corpus/fuzz_connectivity -- -max_total_time=30 | |
| - name: Fuzz matching algorithms (30s) | |
| run: cd fuzz && cargo +nightly fuzz run fuzz_matching corpus/fuzz_matching -- -max_total_time=30 | |
| - name: Fuzz flow algorithms (30s) | |
| run: cd fuzz && cargo +nightly fuzz run fuzz_flow corpus/fuzz_flow -- -max_total_time=30 | |
| - name: Fuzz spanning tree algorithms (30s) | |
| run: cd fuzz && cargo +nightly fuzz run fuzz_spanning_tree corpus/fuzz_spanning_tree -- -max_total_time=30 | |
| - name: Fuzz clustering algorithms (30s) | |
| run: cd fuzz && cargo +nightly fuzz run fuzz_clustering corpus/fuzz_clustering -- -max_total_time=30 | |
| g8-raptorq: | |
| name: G8 RaptorQ scrub | |
| needs: g7b-fuzz-smoke | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 20 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@nightly | |
| - uses: Swatinem/rust-cache@v2 | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| name: conformance-latest | |
| path: artifacts/conformance/latest | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| name: perf-latest | |
| path: artifacts/perf/latest | |
| - name: Generate, scrub, and decode durability sidecars | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| mkdir -p artifacts/conformance/latest artifacts/perf/latest artifacts/last_known_good | |
| for spec in \ | |
| "artifacts/conformance/latest/smoke_report.json|artifacts/conformance/latest/smoke_report.raptorq.json|artifacts/conformance/latest/smoke_report.recovered.json|smoke_report|conformance_report" \ | |
| "artifacts/conformance/latest/structured_logs.jsonl|artifacts/conformance/latest/structured_logs.raptorq.json|artifacts/conformance/latest/structured_logs.recovered.json|structured_logs|conformance_logs" \ | |
| "artifacts/conformance/latest/structured_log_emitter_normalization_report.json|artifacts/conformance/latest/structured_log_emitter_normalization_report.raptorq.json|artifacts/conformance/latest/structured_log_emitter_normalization_report.recovered.json|structured_log_emitter_normalization_report|conformance_logs" \ | |
| "artifacts/conformance/latest/telemetry_dependent_unblock_matrix_v1.json|artifacts/conformance/latest/telemetry_dependent_unblock_matrix_v1.raptorq.json|artifacts/conformance/latest/telemetry_dependent_unblock_matrix_v1.recovered.json|telemetry_dependent_unblock_matrix_v1|conformance_logs" \ | |
| "artifacts/conformance/latest/conformance_dashboard_v1.json|artifacts/conformance/latest/conformance_dashboard_v1.raptorq.json|artifacts/conformance/latest/conformance_dashboard_v1.recovered.json|conformance_dashboard|conformance_report" \ | |
| "artifacts/perf/latest/perf_baseline_matrix_v1.json|artifacts/perf/latest/perf_baseline_matrix_v1.raptorq.json|artifacts/perf/latest/perf_baseline_matrix_v1.recovered.json|perf_baseline_matrix|perf_report" \ | |
| "artifacts/perf/latest/slo_gate_report_v1.json|artifacts/perf/latest/slo_gate_report_v1.raptorq.json|artifacts/perf/latest/slo_gate_report_v1.recovered.json|slo_gate_report|perf_report" | |
| do | |
| IFS='|' read -r artifact_path sidecar_path recovered_path artifact_id artifact_type <<< "$spec" | |
| env CARGO_TARGET_DIR=target-ci cargo run -q -p fnx-durability --bin fnx-durability -- \ | |
| generate "$artifact_path" "$sidecar_path" "$artifact_id" "$artifact_type" 1400 6 | |
| env CARGO_TARGET_DIR=target-ci cargo run -q -p fnx-durability --bin fnx-durability -- \ | |
| scrub "$artifact_path" "$sidecar_path" | |
| env CARGO_TARGET_DIR=target-ci cargo run -q -p fnx-durability --bin fnx-durability -- \ | |
| decode-drill "$sidecar_path" "$recovered_path" | |
| done | |
| - name: Record last-known-good snapshot | |
| run: python3 scripts/record_last_known_good_snapshot.py | |
| - name: Generate RaptorQ envelope for last-known-good snapshot | |
| run: | | |
| env CARGO_TARGET_DIR=target-ci cargo run -q -p fnx-durability --bin fnx-durability -- \ | |
| generate artifacts/last_known_good/last_known_good_snapshot_v1.json \ | |
| artifacts/last_known_good/last_known_good_snapshot_v1.raptorq.json \ | |
| last_known_good_snapshot snapshot_report 1400 6 | |
| env CARGO_TARGET_DIR=target-ci cargo run -q -p fnx-durability --bin fnx-durability -- \ | |
| scrub artifacts/last_known_good/last_known_good_snapshot_v1.json \ | |
| artifacts/last_known_good/last_known_good_snapshot_v1.raptorq.json | |
| env CARGO_TARGET_DIR=target-ci cargo run -q -p fnx-durability --bin fnx-durability -- \ | |
| decode-drill artifacts/last_known_good/last_known_good_snapshot_v1.raptorq.json \ | |
| artifacts/last_known_good/last_known_good_snapshot_v1.recovered.json | |
| - name: Upload last-known-good snapshot | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: last-known-good | |
| path: artifacts/last_known_good/ |