From 5522b8b7271792691e52b457b3f2365fb4d4f4b4 Mon Sep 17 00:00:00 2001 From: Seongho Bae Date: Fri, 3 Jul 2026 05:34:36 +0900 Subject: [PATCH] fix: treat nested rust coverage as peer evidence --- .github/workflows/opencode-review.yml | 25 ++++++++++++++++--------- scripts/ci/test_strix_quick_gate.sh | 2 ++ 2 files changed, 18 insertions(+), 9 deletions(-) diff --git a/.github/workflows/opencode-review.yml b/.github/workflows/opencode-review.yml index 2ab6028a..38f6cd64 100644 --- a/.github/workflows/opencode-review.yml +++ b/.github/workflows/opencode-review.yml @@ -618,6 +618,15 @@ jobs: fi } + append_nested_rust_coverage_advisory() { + append "### Rust test coverage" + append "" + append "- Result: PASS" + append "- Reason: Rust files changed, but no root Cargo.toml coverage contract was found; nested Rust coverage is not measured by this central workflow." + append "- Required peer evidence: keep repo-local Rust CI/build/security checks required for nested crates." + append "" + } + run_rust_test_coverage() { ensure_rust_toolchain if ! command -v cargo >/dev/null 2>&1; then @@ -632,13 +641,7 @@ jobs: run_and_capture "Rust coverage with missing-line report" \ cargo llvm-cov --workspace --all-features --fail-under-lines 100 --show-missing-lines else - append "### Rust test coverage" - append "" - append "- Result: FAIL" - append "- Reason: Rust files changed, but no root Cargo.toml was found." - append "- Fix: add or point to the Cargo workspace manifest and run cargo coverage from that workspace." - append "" - failures=$((failures + 1)) + append_nested_rust_coverage_advisory fi } @@ -776,8 +779,12 @@ jobs: fi if has_changed_tracked_files 'Cargo.toml' 'Cargo.lock' '*.rs'; then - measured_any=1 - run_rust_test_coverage + if [ -f Cargo.toml ]; then + measured_any=1 + run_rust_test_coverage + else + append_nested_rust_coverage_advisory + fi fi if has_changed_tracked_files 'Dockerfile' '*/Dockerfile' 'Dockerfile.*' '*/Dockerfile.*' 'docker-compose.yml' 'docker-compose.yaml' 'compose.yml' 'compose.yaml'; then diff --git a/scripts/ci/test_strix_quick_gate.sh b/scripts/ci/test_strix_quick_gate.sh index f51cfff5..ec369b02 100755 --- a/scripts/ci/test_strix_quick_gate.sh +++ b/scripts/ci/test_strix_quick_gate.sh @@ -665,6 +665,8 @@ assert_opencode_review_uses_codegraph_and_gpt5_fallback() { assert_file_contains "$workflow_file" "publish REQUEST_CHANGES when coverage-evidence blocker states such as cancelled, skipped, failed, unsupported-tooling, or below-100 evidence are present" "opencode approval turns coverage-evidence blocker states into actionable review state" assert_file_contains "$workflow_file" "needs.coverage-evidence.result == 'success'" "opencode model steps skip when coverage-evidence already failed" assert_file_contains "$workflow_file" "supported repository test suites passed" "opencode coverage evidence requires supported repository test suites to pass" + assert_file_contains "$workflow_file" "nested Rust coverage is not measured by this central workflow" "opencode coverage evidence treats nested Rust crates as peer-CI evidence instead of failing on missing root Cargo.toml" + assert_file_contains "$workflow_file" "keep repo-local Rust CI/build/security checks required for nested crates" "opencode coverage evidence documents the required peer checks for nested Rust crates" assert_file_contains "$workflow_file" "Python project dependencies (requirements.txt)" "opencode coverage evidence records repository Python dependency installation" assert_file_contains "$workflow_file" "python3 -m pip install --disable-pip-version-check -r requirements.txt" "opencode coverage evidence installs repository Python requirements before pytest" assert_file_contains "$workflow_file" "'requirements.txt' '*/requirements.txt'" "opencode coverage evidence discovers nested requirements-only Python test projects"