ci(mutation): run as scheduled audit + opt-in instead of on every push to main#787
Conversation
Full mutation testing is slow (one test-suite run per mutant) and the job is `continue-on-error`, so running the baseline on every push to `main` gated nothing and only burned CI minutes. Drop the `push: [main]` trigger; the baseline now runs weekly (`schedule`) and on demand (`workflow_dispatch`), alongside the existing opt-in per-PR job (`run-mutation` label). Also swap `cargo install cargo-mutants` (compiles from source on every run) for `taiki-e/install-action` (prebuilt binaries) in both jobs. Docs updated to describe the new triggers and point to `cargo mutants --in-diff` for pre-push feedback. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_0126WFgFsxsvCewFb9pxfT7v
WalkthroughThe mutation testing workflow removes the ChangesMutation Testing CI and Docs Update
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~4 minutes Possibly related PRs
Suggested reviewers
Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
🧹 Nitpick comments (1)
.github/workflows/mutation.yml (1)
44-46: ⚡ Quick winConsider pinning the action to a specific commit SHA.
While using
@v2simplifies maintenance, pinning to a specific SHA (e.g.,taiki-e/install-action@3068b918e10e4f9f92c7f333305bf152ad1e03b2) improves supply-chain security and build reproducibility. Many projects accept the@v2tradeoff for easier updates, but if this repository has a blanket pinning policy, you should pin this action.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In @.github/workflows/mutation.yml around lines 44 - 46, The taiki-e/install-action currently uses `@v2` version reference which is not pinned to a specific commit SHA. Update the uses statement for taiki-e/install-action to reference a specific commit SHA instead of the version tag to improve supply-chain security and build reproducibility. Replace `@v2` with the full commit SHA format as indicated in the review comment.Source: Linters/SAST tools
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Nitpick comments:
In @.github/workflows/mutation.yml:
- Around line 44-46: The taiki-e/install-action currently uses `@v2` version
reference which is not pinned to a specific commit SHA. Update the uses
statement for taiki-e/install-action to reference a specific commit SHA instead
of the version tag to improve supply-chain security and build reproducibility.
Replace `@v2` with the full commit SHA format as indicated in the review comment.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 28c30e1d-651d-4391-9102-c8f222711631
📒 Files selected for processing (2)
.github/workflows/mutation.ymldocs/MUTATION_TESTING.md
What
Stop running full mutation testing on every push to
main. Keep it as a periodic + on-demand audit and an opt-in per-PR job, and speed up the tool install.Why
The
mutation-baselinejob ran a fullcargo mutantsover the whole codebase on every push tomain(the run that prompted this: it sat in progress for 20+ min). Two problems:continue-on-error: true, so it gates nothing — it only produces a report.Moving it fully local was considered and rejected: a non-gating, informational job that depends on each dev remembering to run a slow command locally would simply rot, and we'd lose the published HTML report and historical artifacts. The right fix is changing when CI runs it, not removing it.
Changes
push: [main]trigger. The baseline now runs via:schedule— weekly full run (unchanged), HTML report to GitHub Pagesworkflow_dispatch— manual on-demand full runrun-mutationlabel (unchanged)cargo install cargo-mutants→taiki-e/install-action(prebuilt binaries) in both jobs, saving the from-source compile each run.docs/MUTATION_TESTING.md): describe the new triggers and point tocargo mutants --in-difffor pre-push local feedback.Notes
🤖 Generated with Claude Code
Summary by CodeRabbit
Documentation
Chores