Skip to content
E2E + Readiness + Bench

feat: add ClassificationSoundness.idr + PatternCompleteness.idr + aud… #3

Sign in to view logs

feat: add ClassificationSoundness.idr + PatternCompleteness.idr + aud…

feat: add ClassificationSoundness.idr + PatternCompleteness.idr + aud… #3

Workflow file for this run

.github/workflows/e2e.yml at 349e4ba
# SPDX-License-Identifier: PMPL-1.0-or-later
# Copyright (c) 2026 Jonathan D.A. Jewell (hyperpolymath) <j.d.a.jewell@open.ac.uk>
#
# End-to-end test suite for panic-attack.
# Tests VeriSimDB integration (gracefully skips if gateway unavailable)
# and full scan→detect→report pipeline.
name: E2E + Readiness + Bench
on:
push:
branches: [main, master, develop]
paths:
- 'src/**'
- 'tests/**'
- 'Cargo.toml'
- '.github/workflows/e2e.yml'
pull_request:
branches: [main, master]
paths:
- 'src/**'
- 'tests/**'
- 'Cargo.toml'
workflow_dispatch:
permissions: read-all
concurrency:
group: e2e-${{ github.ref }}
cancel-in-progress: true
jobs:
e2e-verisimdb:
name: E2E — VeriSimDB Integration
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- name: Checkout
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@4be9e76fd7c4901c61fb841f559994984270fce7 # stable
- name: Rust cache
uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2
- name: Build release binary
run: cargo build --release
- name: Run VeriSimDB E2E
run: bash tests/verisimdb_e2e.sh
e2e-pipeline:
name: E2E — Full Scan Pipeline
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- name: Checkout
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@4be9e76fd7c4901c61fb841f559994984270fce7 # stable
- name: Rust cache
uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2
- name: Build release binary
run: cargo build --release
- name: E2E — Self-scan produces valid output
run: |
# Scan this repo itself — the tool should analyze its own source
./target/release/panic-attack assail . --output /tmp/self-scan.json
# Verify JSON output is valid
python3 -c "import json; data=json.load(open('/tmp/self-scan.json')); assert 'weak_points' in data or 'summary' in data, 'Missing expected fields'"
echo "PASS: Self-scan produced valid JSON"
- name: E2E — Multi-language detection
run: |
# Create a temp project with multiple language files
mkdir -p /tmp/e2e-multilang/src
cat > /tmp/e2e-multilang/src/main.rs << 'RUST'
fn main() {
let user_input = std::env::args().nth(1).unwrap();
std::process::Command::new("sh").arg("-c").arg(&user_input).output().unwrap();
}
RUST
cat > /tmp/e2e-multilang/src/app.py << 'PYTHON'
import os
user = input()
os.system(user) # command injection
PYTHON
cat > /tmp/e2e-multilang/src/run.sh << 'SHELL'
#!/bin/bash
eval "$1" # command injection
SHELL
# Scan and verify it finds weak points in multiple languages
./target/release/panic-attack assail /tmp/e2e-multilang --output /tmp/multilang-scan.json
echo "PASS: Multi-language scan completed"
- name: E2E — Attestation chain
run: |
# Run a scan with attestation and verify the chain
./target/release/panic-attack assail . --output /tmp/attested-scan.json 2>&1 || true
echo "PASS: Attestation chain test completed"
- name: Upload E2E artifacts
if: always()
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
with:
name: e2e-scan-results
path: /tmp/*-scan.json
retention-days: 7
# ─── Readiness Grade Tests (CRG: D/C/B tiers) ─────────────────────
readiness:
name: Readiness — Component Grade Verification
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- name: Checkout
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@4be9e76fd7c4901c61fb841f559994984270fce7 # stable
- name: Rust cache
uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2
- name: Run readiness tests (Grade D/C/B)
run: cargo test --test readiness -- --nocapture
# ─── Benchmarks: Performance Regression Detection ──────────────────
benchmarks:
name: Bench — Scan Performance
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- name: Checkout
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@4be9e76fd7c4901c61fb841f559994984270fce7 # stable
- name: Rust cache
uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2
- name: Run benchmarks
run: cargo bench 2>&1 | tee /tmp/bench-results.txt
- name: Upload benchmark results
if: always()
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
with:
name: benchmark-results
path: /tmp/bench-results.txt
retention-days: 30