From ce7f533cb08e08926ff9fe47e620b14af7863b19 Mon Sep 17 00:00:00 2001 From: Claude Date: Wed, 25 Mar 2026 01:34:22 +0000 Subject: [PATCH] Add CI workflow for tests and enrichment dry-run Two jobs: - test: builds and runs cargo test - enrichment-dry-run: runs the pipeline against 10 real advisories using the Actions GITHUB_TOKEN, uploads vuln_db.json as artifact https://claude.ai/code/session_01AeNG3herWfKhos9uZVUY5d --- .github/workflows/ci.yml | 72 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 72 insertions(+) create mode 100644 .github/workflows/ci.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..37c0e60 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,72 @@ +name: CI + +on: + push: + branches: [main] + pull_request: + branches: [main] + +permissions: + contents: read + +jobs: + test: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Install Rust + uses: dtolnay/rust-toolchain@stable + + - name: Cache cargo registry & build + uses: actions/cache@v4 + with: + path: | + ~/.cargo/registry + ~/.cargo/git + target + key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} + restore-keys: | + ${{ runner.os }}-cargo- + + - name: Build + run: cargo build --verbose + + - name: Run tests + run: cargo test --verbose + + enrichment-dry-run: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Install Rust + uses: dtolnay/rust-toolchain@stable + + - name: Cache cargo registry & build + uses: actions/cache@v4 + with: + path: | + ~/.cargo/registry + ~/.cargo/git + target + key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} + restore-keys: | + ${{ runner.os }}-cargo- + + - name: Build + run: cargo build + + - name: Run enrichment pipeline (10 advisories) + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: cargo run -- --limit 10 --output vuln_db.json + + - name: Show output + run: cat vuln_db.json + + - name: Upload enriched DB artifact + uses: actions/upload-artifact@v4 + with: + name: vuln-db + path: vuln_db.json