131 lines
3.5 KiB
YAML
131 lines
3.5 KiB
YAML
stages:
|
|
- build
|
|
- test
|
|
- lint
|
|
|
|
variables:
|
|
CARGO_HOME: $CI_PROJECT_DIR/.cargo
|
|
|
|
# Ensure receipts directories exist (tests may write into them)
|
|
before_script:
|
|
- mkdir -p receipts/guardian receipts/treasury receipts/offsec receipts/automation receipts/mcp receipts/mesh
|
|
|
|
# Rust build job
|
|
rust-build:
|
|
stage: build
|
|
image: rust:1.75
|
|
script:
|
|
- cargo build --workspace --locked
|
|
cache:
|
|
key: cargo-$CI_COMMIT_REF_SLUG
|
|
paths:
|
|
- target/
|
|
- .cargo/registry/
|
|
|
|
# Sentinel contract parity + testvectors (required gate)
|
|
sentinel-contracts:
|
|
stage: test
|
|
image: python:3.11
|
|
before_script:
|
|
- pip install -q blake3
|
|
script:
|
|
- python3 tools/check_sentinel_contract_parity.py
|
|
- bash tools/run_sentinel_testvectors.sh
|
|
|
|
# MERIDIAN v1 conformance suite (offline, deterministic, build-blocking)
|
|
meridian-v1-conformance:
|
|
stage: test
|
|
image: python:3.11
|
|
before_script:
|
|
- pip install -q blake3
|
|
script:
|
|
- bash MERIDIAN_V1_CONFORMANCE_TEST_SUITE/run.sh
|
|
|
|
# OpenCode plugin smoke (one PASS + one FAIL)
|
|
sentinel-opencode-smoke:
|
|
stage: test
|
|
image: node:20-bullseye
|
|
before_script:
|
|
- apt-get update && apt-get install -y python3 python3-pip >/dev/null
|
|
- pip3 install -q blake3
|
|
- npm install -g opencode-ai@1.0.166
|
|
- npm install --prefix .opencode
|
|
- export VAULTMESH_WORKSPACE_ROOT="$CI_PROJECT_DIR"
|
|
- export VAULTMESH_SENTINEL_VERIFIER="$CI_PROJECT_DIR/tools/vm_verify_sentinel_bundle.py"
|
|
script:
|
|
- opencode run --format json --command sentinelVerifyBundle --worktree "$CI_PROJECT_DIR" --directory "$CI_PROJECT_DIR" --tool-args '{"bundlePath":"testvectors/sentinel/black-box-that-refused","strict":true}'
|
|
- opencode run --format json --command sentinelVerifyBundle --worktree "$CI_PROJECT_DIR" --directory "$CI_PROJECT_DIR" --tool-args '{"bundlePath":"testvectors/sentinel/integrity-size-mismatch","strict":true}'
|
|
|
|
# Rust test job
|
|
rust-test:
|
|
stage: test
|
|
image: rust:1.75
|
|
script:
|
|
- cargo test --workspace --locked
|
|
cache:
|
|
key: cargo-$CI_COMMIT_REF_SLUG
|
|
paths:
|
|
- target/
|
|
- .cargo/registry/
|
|
|
|
# Rust lint job (format + clippy)
|
|
rust-lint:
|
|
stage: lint
|
|
image: rust:1.75
|
|
script:
|
|
- rustup component add clippy rustfmt
|
|
- cargo fmt --check
|
|
- cargo clippy --workspace -- -D warnings
|
|
allow_failure: true
|
|
cache:
|
|
key: cargo-$CI_COMMIT_REF_SLUG
|
|
paths:
|
|
- target/
|
|
- .cargo/registry/
|
|
|
|
# Python CLI tests (when pytest available)
|
|
python-test:
|
|
stage: test
|
|
image: python:3.11
|
|
before_script:
|
|
- pip install -q blake3 click pynacl pytest
|
|
script:
|
|
- python -m pytest -q cli/ tests/ 2>/dev/null || echo "No Python tests yet"
|
|
allow_failure: true
|
|
|
|
# Observability exporter smoke test
|
|
observability-smoke:
|
|
stage: test
|
|
image: rust:1.75
|
|
script:
|
|
- cargo test -p vaultmesh-observability --tests -- --nocapture
|
|
cache:
|
|
key: cargo-$CI_COMMIT_REF_SLUG
|
|
paths:
|
|
- target/
|
|
- .cargo/registry/
|
|
|
|
# Guardian metrics integration test (requires --features metrics)
|
|
guardian-metrics-integration:
|
|
stage: test
|
|
image: rust:1.75
|
|
script:
|
|
- cargo test -p vaultmesh-guardian --features metrics --test metrics_integration -- --nocapture
|
|
cache:
|
|
key: cargo-$CI_COMMIT_REF_SLUG
|
|
paths:
|
|
- target/
|
|
- .cargo/registry/
|
|
|
|
# Mesh metrics integration test (requires --features metrics)
|
|
mesh-metrics-integration:
|
|
stage: test
|
|
image: rust:1.75
|
|
script:
|
|
- cargo test -p vaultmesh-mesh --features metrics --test metrics_integration -- --nocapture
|
|
cache:
|
|
key: cargo-$CI_COMMIT_REF_SLUG
|
|
paths:
|
|
- target/
|
|
- .cargo/registry/
|