chore(deps): bump ureq from 2.12.1 to 3.3.0 #6
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # SPDX-License-Identifier: PMPL-1.0-or-later | |
| # Copyright (c) 2026 Jonathan D.A. Jewell (hyperpolymath) <j.d.a.jewell@open.ac.uk> | |
| # | |
| # End-to-end test suite for panic-attack. | |
| # Tests VeriSimDB integration (gracefully skips if gateway unavailable) | |
| # and full scan→detect→report pipeline. | |
| name: E2E + Readiness + Bench | |
| on: | |
| push: | |
| branches: [main, master, develop] | |
| paths: | |
| - 'src/**' | |
| - 'tests/**' | |
| - 'Cargo.toml' | |
| - '.github/workflows/e2e.yml' | |
| pull_request: | |
| branches: [main, master] | |
| paths: | |
| - 'src/**' | |
| - 'tests/**' | |
| - 'Cargo.toml' | |
| workflow_dispatch: | |
| permissions: read-all | |
| concurrency: | |
| group: e2e-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| e2e-verisimdb: | |
| name: E2E — VeriSimDB Integration | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 | |
| - name: Install Rust toolchain | |
| uses: dtolnay/rust-toolchain@4be9e76fd7c4901c61fb841f559994984270fce7 # stable | |
| - name: Rust cache | |
| uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2 | |
| - name: Build release binary | |
| run: cargo build --release | |
| - name: Run VeriSimDB E2E | |
| run: bash tests/verisimdb_e2e.sh | |
| e2e-pipeline: | |
| name: E2E — Full Scan Pipeline | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 15 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 | |
| - name: Install Rust toolchain | |
| uses: dtolnay/rust-toolchain@4be9e76fd7c4901c61fb841f559994984270fce7 # stable | |
| - name: Rust cache | |
| uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2 | |
| - name: Build release binary | |
| run: cargo build --release | |
| - name: E2E — Self-scan produces valid output | |
| run: | | |
| # Scan this repo itself — the tool should analyze its own source | |
| ./target/release/panic-attack assail . --output /tmp/self-scan.json | |
| # Verify JSON output is valid | |
| python3 -c "import json; data=json.load(open('/tmp/self-scan.json')); assert 'weak_points' in data or 'summary' in data, 'Missing expected fields'" | |
| echo "PASS: Self-scan produced valid JSON" | |
| - name: E2E — Multi-language detection | |
| run: | | |
| # Create a temp project with multiple language files | |
| mkdir -p /tmp/e2e-multilang/src | |
| cat > /tmp/e2e-multilang/src/main.rs << 'RUST' | |
| fn main() { | |
| let user_input = std::env::args().nth(1).unwrap(); | |
| std::process::Command::new("sh").arg("-c").arg(&user_input).output().unwrap(); | |
| } | |
| RUST | |
| cat > /tmp/e2e-multilang/src/app.py << 'PYTHON' | |
| import os | |
| user = input() | |
| os.system(user) # command injection | |
| PYTHON | |
| cat > /tmp/e2e-multilang/src/run.sh << 'SHELL' | |
| #!/bin/bash | |
| eval "$1" # command injection | |
| SHELL | |
| # Scan and verify it finds weak points in multiple languages | |
| ./target/release/panic-attack assail /tmp/e2e-multilang --output /tmp/multilang-scan.json | |
| echo "PASS: Multi-language scan completed" | |
| - name: E2E — Attestation chain | |
| run: | | |
| # Run a scan with attestation and verify the chain | |
| ./target/release/panic-attack assail . --output /tmp/attested-scan.json 2>&1 || true | |
| echo "PASS: Attestation chain test completed" | |
| - name: Upload E2E artifacts | |
| if: always() | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 | |
| with: | |
| name: e2e-scan-results | |
| path: /tmp/*-scan.json | |
| retention-days: 7 | |
| # ─── Readiness Grade Tests (CRG: D/C/B tiers) ───────────────────── | |
| readiness: | |
| name: Readiness — Component Grade Verification | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 | |
| - name: Install Rust toolchain | |
| uses: dtolnay/rust-toolchain@4be9e76fd7c4901c61fb841f559994984270fce7 # stable | |
| - name: Rust cache | |
| uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2 | |
| - name: Run readiness tests (Grade D/C/B) | |
| run: cargo test --test readiness -- --nocapture | |
| # ─── Benchmarks: Performance Regression Detection ────────────────── | |
| benchmarks: | |
| name: Bench — Scan Performance | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 15 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 | |
| - name: Install Rust toolchain | |
| uses: dtolnay/rust-toolchain@4be9e76fd7c4901c61fb841f559994984270fce7 # stable | |
| - name: Rust cache | |
| uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2 | |
| - name: Run benchmarks | |
| run: cargo bench 2>&1 | tee /tmp/bench-results.txt | |
| - name: Upload benchmark results | |
| if: always() | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 | |
| with: | |
| name: benchmark-results | |
| path: /tmp/bench-results.txt | |
| retention-days: 30 |