feat(ci): enforce rust crate registration in codecov coverage (#155)#449
Merged
Conversation
…eam hve-core pattern - add .github/workflows/rust-tests.yml with 3-crate matrix using cargo-llvm-cov - add repo-root codecov.yml registering the rust flag with carryforward - pin codecov-action@57e3a136... (v6.0.0) and use OIDC per upstream - ignore wasm32-wasip2 crates and target/** from coverage - leave azure-pipelines.yml unchanged Resolves #155 Generated by Copilot
- add Validate-RustCrateRegistration.ps1 with Pester suite - add validate-rust-registration.yml CI gate - add rust-crate-registration.instructions.md and index link - align codecov.yml ignores with validator - trigger rust-tests.yml on Cargo.lock changes 🦀 - Generated by Copilot
WilliamBerryiii
force-pushed
the
feat/issue-155-rust-coverage-codecov
branch
from
34c10da to
d35e8f0
Compare
- convert rust-tests.yml to workflow_call with id-token: write for codecov OIDC - repin Swatinem/rust-cache to v2.9.1 (fix invalid v2.9.4 SHA) - add rust-tests reusable job to pr-validation.yml and main.yml 🔒 - Generated by Copilot
…kflow - add pull_request and push path filters for rust crate roots - correct matrix entries to include /services/ segment 🔒 - Generated by Copilot
…triggers 🔧 - Generated by Copilot
- update Validate-RustCrateRegistration.ps1 default OutputPath to logs/ - update validate-rust-registration.yml artifact path to logs/rust-crate-registration-report.json 📦 - Generated by Copilot
…nd actions/cache - replace dtolnay/rust-toolchain with shell rustup install - replace Swatinem/rust-cache with SHA-pinned actions/cache@v4.3.0 - replace taiki-e/install-action with cargo install cargo-llvm-cov --locked 🔒 - Generated by Copilot
- generate cyclonedx SBOM of runner filesystem with Syft v1.17.0 - scan SBOM with Grype v0.86.1 (fail-on high) - upload SBOM artifact for 30 day retention - document Syft in ACTIONS-SECURITY verified binaries list 🔒 - Generated by Copilot
katriendg
reviewed
Apr 27, 2026
Collaborator
katriendg
left a comment
katriendg
left a comment
There was a problem hiding this comment.
PR Review Summary
Reviewed all 11 changed files. Found 6 review items — 2 critical, 1 high, 1 medium, 2 low.
🔴 Critical
- RI-1:
Invoke-Pester.ps1output path change breaks artifact upload inpr-validation.yml(path mismatch:logs/pester/vstest-results/) - RI-2: Grype SBOM scan (
--fail-on high) blocks all Rust test execution — most likely root cause of current pipeline failures
🟡 High
- RI-3: Rust test coverage jobs run unconditionally on every PR (no path filtering) — performance regression for all PRs
🟠 Medium
- RI-4: Instructions reference
on.pull_request.paths/on.push.pathssections that don't exist in theworkflow_call-onlyrust-tests.yml
🟢 Low
- RI-5: All matrix entries install ffmpeg libs even though only
503-media-capture-serviceneeds them - RI-6:
upload-artifactversion inconsistency betweenvalidate-rust-registration.yml(v7) and rest of repo (v4)
Existing App Impact
✅ No application source code is modified — build/deploy for existing apps is unaffected
…500-application crates - broaden Test-IsRustChangeFile regex to match all crates under src/500-application/** - add Pester test suite (20 tests) covering positive/negative cases 🔒 - Generated by Copilot
…changes gate, bump action SHAs 🔒 - Generated by Copilot
🔒 - Generated by Copilot
…ator - expand rust-tests.yml matrix to 9 src/500-application crates - fix vuln-scan index range from [0,1,2] to [0..8] - opt out 4 WASM cdylib crates in codecov.yml ignore - fix Validate-RustCrateRegistration.ps1 object-form include parser - sync rust-crate-registration.instructions.md with new matrix 🔒 - Generated by Copilot
- resolve PSUseSingularNouns and Get verb misuse for boolean predicate - update all call sites and Pester tests 🔒 - Generated by Copilot
Member
Author
|
Thanks for the review! All comments have been addressed and replied to. Additionally, the PowerShell Lint CI failure was fixed by renaming Get-RustHasChanges -> Test-RustHasChange (commit 005ecd1) to satisfy the PSUseSingularNouns rule. PowerShell Lint is now passing. Could you take another look when you have a moment? @katriendg |
… verification sha256sum -c reads filenames from upstream *_checksums.txt and looks for those exact names on disk. Saving tarballs as syft.tar.gz / grype.tar.gz caused (syft) or risked (grype) 'No such file or directory' verification failures. Introduce *_TARBALL variables holding canonical upstream filenames. 🔒 - Generated by Copilot
…tests - Syft rejects absolute /path/** exclusion patterns; must start with ./, */, or **/ - replace 8 absolute exclude paths with ./ prefix relative to scan root 🛠️ - Generated by Copilot
Welcome to Codecov 🎉Once you merge this PR into your default branch, you're all set! Codecov will compare coverage reports and display results in all future pull requests. Thanks for integrating Codecov - We've got you covered ☂️ |
…_router tests, install opencv/clang deps
📚 Documentation Health ReportGenerated on: 2026-04-29 03:18:07 UTC 📈 Documentation Statistics
🏗️ Three-Tree Architecture Status
🔍 Quality Metrics
This report is automatically generated by the Documentation Automation workflow. |
…y assert - multi_trigger: classify any topic containing 'alert' as Alert - ai-edge-inference backend test: gate available_backends assertion on onnx-runtime/candle features
WilliamBerryiii
force-pushed
the
feat/issue-155-rust-coverage-codecov
branch
from
097b975 to
1d4cdb1
Compare
katriendg
approved these changes
Apr 29, 2026
Collaborator
katriendg
left a comment
katriendg
left a comment
There was a problem hiding this comment.
Thanks, looking good and great to have this added.
Just nit comments, and then the agent also recommends checking if the following changes are intentional:
-
src/500-application/503-media-capture-service/.../multi_trigger.rs- Alert classification was loosened fromt.contains("alert") && t.contains("trigger")to justt.contains("alert"). This is a real runtime behavior change: any topic containing "alert" (e.g. alerts/state, device/alerted) now classifies asMessageType::Alert. Not a CI fix. -
507-ai-inference/.../topic_router.rs- Test fixture rewritten from a nested outputs:vec![ModelOutput { predictions: ... }]shape with SiteContext to a flat predictions / model_type: String shape, and an assertion swapped from site_id to model_name in a custom-route template. Tests now compile against a different InferenceResult shape. If InferenceResult was already migrated upstream, this is alignment; otherwise it's a divergence. Worth confirming the type definition matches.
- wrap syft tarball and checksum fetches in 5-attempt retry with backoff - mitigate transient GitHub releases 502s in CI 🔒 - Generated by Copilot
…s 502s 🛡️ - Generated by Copilot
- add sparse checkout step to vuln-scan job to fetch .grype.yaml - pass --config .grype.yaml to grype scan command - ignore GHSA-rp8m-h266-53jh (grype 0.86.1 pep440 inflate bug on dpkg version) 🔒 - Generated by Copilot
Replace syft scan dir:/ (with 8 runner-path excludes) with syft scan dir:. so the SBOM only covers checked-out sources. Runner OS / toolchain CVEs are GitHub's responsibility and not gated by this workflow. Also drop a stale .gitignore entry for docs/merge-override-diagnosis.md (file is not tracked). 🔒 - Generated by Copilot
Open
8 tasks
auyidi1
approved these changes
May 2, 2026
Contributor
auyidi1
left a comment
auyidi1
left a comment
There was a problem hiding this comment.
looks like some checks are failing, but I'm sure you already have a handle of that.
Wraps both apt-get steps in coverage job in 5-attempt retry loops with exponential backoff (10s/20s/30s/40s/50s) to recover from transient azure.archive.ubuntu.com DNS resolution failures observed in run 25237983594. Mirrors the curl retry pattern introduced in 05f6a05 for the syft download.
WilliamBerryiii
added a commit
that referenced
this pull request
May 14, 2026
🤖 I have created a release *beep* *boop* --- ## [3.0.0](v2.8.0...v3.0.0) (2026-05-14) ### ⚠ BREAKING CHANGES * **terraform:** upgrade required_version floor from 1.9.8 to 1.12.0 ([#487](#487)) ### Features * **500-application:** add 514-wasm-msg-to-dss WASM map operator with DSS enrichment pattern ([#356](#356)) ([db882a5](db882a5)) * add tags support to all blueprints and remove deprecated federated identity reference ([#483](#483)) ([c9c8967](c9c8967)) * add unit tests for application services (Rust + Python) ([#372](#372)) ([220ab28](220ab28)) * **avro-to-json:** add unit tests for wire format config parsing ([#368](#368)) ([65bc924](65bc924)) * **build:** add multi-language fuzzing infra (CFLite + Codecov flags) ([#453](#453)) ([7407230](7407230)) * **ci:** enforce rust crate registration in codecov coverage ([#155](#155)) ([#449](#449)) ([9b33d69](9b33d69)) * **docs:** migrate from Docsify to Docusaurus ([#399](#399)) ([ca06002](ca06002)) * **iot-ops:** upgrade AIO 2604 release (1.3.70), harden schema-registry RBAC ([#471](#471)) ([e772b74](e772b74)) * **release-please:** implement PAI 1+6 jobs DAG with binary integrity and tag signature verification ([#501](#501)) ([dc58f10](dc58f10)) * **terraform:** upgrade required_version floor from 1.9.8 to 1.12.0 ([#487](#487)) ([49229da](49229da)) ### Bug Fixes * **ai-edge-inference:** bump notify 7 to 8 (partial RUSTSEC-2024-0384) ([#469](#469)) ([f548586](f548586)) * **build:** pin all dependencies for OSSF Scorecard ([#402](#402)) ([79e6971](79e6971)) * **build:** resolve all 4 main branch CI lint failures ([#365](#365)) ([f90ad6f](f90ad6f)) * **build:** use valid 'rust' cataloger tag for Syft v1.42.3+ ([#423](#423)) ([f168e56](f168e56)) * **deps:** bump openssl to 0.10.79 across remaining Rust services ([#480](#480)) ([14e6f16](14e6f16)) * **docker:** replace awk with cut for hash verification in Dockerfiles and templates ([#493](#493)) ([80e97fd](80e97fd)) * **docs:** remove ignoreDeprecations in tsconfig.json ([#488](#488)) ([1b4af53](1b4af53)) * **docs:** silence TS5101 baseUrl deprecation in docusaurus tsconfig ([#475](#475)) ([ff9d53f](ff9d53f)) * **release-please:** use client-id instead of deprecated app-id ([#491](#491)) ([aff623c](aff623c)) * **scripts:** align Grype writer/reader naming so security gate fails closed ([#362](#362)) ([#411](#411)) ([64b3db3](64b3db3)) * update stale hashes for checkov and requests in requirements.txt ([#516](#516)) ([fa3c57f](fa3c57f)) * **workflows:** harden CI workflows to fail-fast on lint, security, and doc-gen errors ([#393](#393)) ([4669835](4669835)) ### Documentation * add OpenSSF Scorecard badge to README ([#371](#371)) ([917851b](917851b)) * **adrs:** document .terraform.lock.hcl exclusion rationale ([#505](#505)) ([7c7185b](7c7185b)) * **governance:** add GOVERNANCE.md ([#160](#160)) ([#503](#503)) ([76d1cfe](76d1cfe)) ### Build System * **deps:** bump Rust and Python deps to clear CI security gates ([#444](#444)) ([2c05d82](2c05d82)) ### Miscellaneous Chores * **build:** migrate node toolchain to v24 (closes [#458](#458)) ([#460](#460)) ([7a7648c](7a7648c)) * **build:** pin pip and CI tool installs for Scorecard ([#464](#464)) ([1a57e67](1a57e67)) * **deps:** bump github.com/aws/aws-sdk-go-v2/service/lambda from 1.69.0 to 1.88.5 in /blueprints/full-single-node-cluster/tests ([#364](#364)) ([ca8a5a2](ca8a5a2)) * **deps:** bump github.com/jackc/pgx/v5 from 5.7.1 to 5.9.0 in /blueprints/full-single-node-cluster/tests ([#397](#397)) ([57caa75](57caa75)) * **deps:** bump github.com/microsoft/kiota-http-go from 1.5.4 to 1.5.5 in /blueprints/full-single-node-cluster/tests ([#485](#485)) ([f080a5e](f080a5e)) * **deps:** bump github.com/moby/spdystream from 0.5.0 to 0.5.1 in /blueprints/full-single-node-cluster/tests ([#396](#396)) ([a45f051](a45f051)) * **deps:** bump openssl from 0.10.78 to 0.10.79 in /src/500-application/507-ai-inference/services/ai-edge-inference ([#477](#477)) ([8326a97](8326a97)) * **deps:** bump openssl from 0.10.78 to 0.10.79 in /src/500-application/507-ai-inference/services/ai-edge-inference-crate ([#476](#476)) ([8b7536e](8b7536e)) * **deps:** bump pytest from 9.0.2 to 9.0.3 in /src/500-application/506-ros2-connector/services ([#394](#394)) ([14828e7](14828e7)) * **deps:** bump rand from 0.9.2 to 0.9.4 in /src/500-application/507-ai-inference/services/ai-edge-inference-crate ([#395](#395)) ([3cac305](3cac305)) * **deps:** bump urllib3 from 2.6.3 to 2.7.0 and consolidate dependencies ([#509](#509)) ([40c1ef6](40c1ef6)) * **deps:** consolidate Dependabot updates into one weekly PR per ecosystem ([#410](#410)) ([37de2b4](37de2b4)) * **deps:** remediate Grype/OSSF vulnerabilities ([#451](#451)) ([#450](#450)) ([b5d0753](b5d0753)) * migrate from GitVersion to release-please ([#446](#446)) ([d2ced15](d2ced15)) * **security:** pin remaining unpinned dependencies (OSSF Scorecard) ([#497](#497)) ([39d385a](39d385a)) * **security:** remediate OSSF Scorecard vulnerability advisories ([#502](#502)) ([ba570c4](ba570c4)) * vulnerability remediation ([#409](#409) phases A-G), OSSF hardening, and Docusaurus migration completion ([#408](#408)) ([b6a3f08](b6a3f08)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). --------- Co-authored-by: edge-ai-release-please[bot] <282732779+edge-ai-release-please[bot]@users.noreply.github.com> Co-authored-by: Bill Berry <wberry@microsoft.com>
WilliamBerryiii
added a commit
that referenced
this pull request
May 16, 2026
🤖 I have created a release *beep* *boop* --- ## [4.0.0](v3.0.0...v4.0.0) (2026-05-15) ### ⚠ BREAKING CHANGES * **terraform:** upgrade required_version floor from 1.9.8 to 1.12.0 ([#487](#487)) ### Features * **500-application:** add 514-wasm-msg-to-dss WASM map operator with DSS enrichment pattern ([#356](#356)) ([db882a5](db882a5)) * add tags support to all blueprints and remove deprecated federated identity reference ([#483](#483)) ([c9c8967](c9c8967)) * Add Terraform modules for Azure Kubernetes Service (AKS) and Azure Container Registry (ACR) ([e92f3f7](e92f3f7)) * add unit tests for application services (Rust + Python) ([#372](#372)) ([220ab28](220ab28)) * adopt hve-core PowerShell CI infrastructure ([#312](#312)) ([9745d2b](9745d2b)) * **application:** add WASM operator for Avro-to-JSON transformation ([#212](#212)) ([1e032eb](1e032eb)) * **avro-to-json:** add unit tests for wire format config parsing ([#368](#368)) ([65bc924](65bc924)) * **avro-to-json:** add wireFormat configuration parameter ([#357](#357)) ([e5d1833](e5d1833)) * **bicep:** implement AKS and ACR deployment components ([903cbee](903cbee)) * **blueprints:** update blueprint metadata and add Terraform files ([e075d19](e075d19)) * **build:** add multi-language fuzzing infra (CFLite + Codecov flags) ([#453](#453)) ([7407230](7407230)) * **build:** add root .hadolint.yaml and centralize Dockerfile linting config ([#133](#133)) ([45e0d04](45e0d04)) * **build:** Add Security Scan Results for Edge AI Infrastructure Components - Merged PR 266 ([a5a6b61](a5a6b61)) * **build:** Update azure-pipelines.yml for internal-eng branch: Merged PR 326 ([d8beaa2](d8beaa2)) * **chatmode:** update phase and task stop conditions for user review ([a9fb653](a9fb653)) * **ci:** add docker cleanup to megalinter template ([9cd020a](9cd020a)) * **ci:** enforce rust crate registration in codecov coverage ([#155](#155)) ([#449](#449)) ([9b33d69](9b33d69)) * **ci:** upgrade CodeQL actions and enhance GitHub Pages deployment ([56087d4](56087d4)) * **community:** add community data processing and reporting markdown - Merged PR 239 ([7221d45](7221d45)) * **dependency:** minor fix for the dependency scan for main branch builds ([b1f22bf](b1f22bf)) * **dev:** add markdown table formatter for all folders to package.json - Merged PR 264 ([eef006d](eef006d)) * **docs:** add CODEOWNERS file for repository ownership management ([2d0de94](2d0de94)) * **docs:** enhance dev container and prerequisites and setup instructions in source README ([dd0dd42](dd0dd42)) * **docs:** migrate from Docsify to Docusaurus ([#399](#399)) ([ca06002](ca06002)) * **iot-ops:** upgrade AIO 2604 release (1.3.70), harden schema-registry RBAC ([#471](#471)) ([e772b74](e772b74)) * **mcp:** add terraform-mcp-server ([9797ced](9797ced)) * **networking:** add Terraform and bicep module for Azure virtual network with subnets and NSGs, removed from VM-Host ([35eb221](35eb221)) * **pipeline:** add pre-release stage and update conditions for PR builds ([ace7192](ace7192)) * **pipelines:** add internalGitHub parameter for repository access ([93a7c86](93a7c86)) * **release-please:** implement PAI 1+6 jobs DAG with binary integrity and tag signature verification ([#501](#501)) ([dc58f10](dc58f10)) * **reporting:** add scenario to capability to feature mapping graphic - Merged PR 292 ([7eb24d4](7eb24d4)) * **security-identity:** add security review gate via CODEOWNERS, PR template, and label ([#333](#333)) ([dcb6d57](dcb6d57)) * **settings:** add GitHub HTTP MCP server configuration ([#197](#197)) ([6a70b61](6a70b61)) * **settings:** add initial Jekyll configuration file ([350603d](350603d)) * **settings:** add v8r schema validation configuration ([#219](#219)) ([2e5e261](2e5e261)) * **terraform:** add should_create_aks variable and update AKS module logic ([fb3f0ff](fb3f0ff)) * **terraform:** upgrade required_version floor from 1.9.8 to 1.12.0 ([#487](#487)) ([49229da](49229da)) * **tools:** add .shellcheckrc for ShellCheck configuration ([#124](#124)) ([6441eb9](6441eb9)) ### Bug Fixes * **ai-edge-inference:** bump notify 7 to 8 (partial RUSTSEC-2024-0384) ([#469](#469)) ([f548586](f548586)) * **application:** avro-to-json handle JSON-string-encoded schema and Confluent wire format prefix ([#336](#336)) ([e2ac755](e2ac755)) * **application:** update trigger topics for video capture ([2795b3b](2795b3b)) * **build:** add granular grype-soft-fail for PR validation ([#313](#313)) ([2169b99](2169b99)) * **build:** format markdown tables for MD060 compliance ([#102](#102)) ([2875957](2875957)) * **build:** narrow mega linter diff fetch scope ([f4b07e1](f4b07e1)) * **build:** pin all dependencies for OSSF Scorecard ([#402](#402)) ([79e6971](79e6971)) * **build:** remediate script injection in create-release workflow ([#351](#351)) ([0ffddb7](0ffddb7)) * **build:** resolve all 4 main branch CI lint failures ([#365](#365)) ([f90ad6f](f90ad6f)) * **build:** resolve npm vulnerabilities and merge release 2.0.0 ([#61](#61)) ([349c30e](349c30e)) * **build:** resolve npm vulnerabilities and sidebar generation ([5bb66cd](5bb66cd)) * **build:** the addition of bicep documents check to the GH workflows was missing for PR Validation. ([9e23bf8](9e23bf8)) * **build:** update stale GitHub Action SHAs and npm dependencies ([#103](#103)) ([e0d5731](e0d5731)) * **build:** update working directory for resource provider scripts - noticed an inconsistency since the refactor of the folder names under /src/ ([1ef1f27](1ef1f27)) * **build:** use valid 'rust' cataloger tag for Syft v1.42.3+ ([#423](#423)) ([f168e56](f168e56)) * **deps:** bump openssl to 0.10.79 across remaining Rust services ([#480](#480)) ([14e6f16](14e6f16)) * **docker:** replace awk with cut for hash verification in Dockerfiles and templates ([#493](#493)) ([80e97fd](80e97fd)) * **docs:** blueprint links ([#27](#27)) ([46b51a0](46b51a0)) * **docs:** clean up docs - Merged PR 285 ([1be28fd](1be28fd)) * **docs:** clean up project security plans folder - Merged PR 265 ([19a4489](19a4489)) * **docs:** remove ignoreDeprecations in tsconfig.json ([#488](#488)) ([1b4af53](1b4af53)) * **docs:** silence TS5101 baseUrl deprecation in docusaurus tsconfig ([#475](#475)) ([ff9d53f](ff9d53f)) * **instructions:** use prompt refactor prompt to update csharp instructions ([bff1893](bff1893)) * **iot-ops:** add dependency for azurerm_arc_kubernetes_cluster_extension in instance resource ([aafcfe7](aafcfe7)) * **iot-ops:** change type of should_create_anonymous_broker_listener to bool ([27efdbc](27efdbc)) * **iot-ops:** correct user assigned identity naming format ([71cd557](71cd557)) * **linting:** address linting issues on main branch - Merged PR 231 ([29e0bbf](29e0bbf)) * **mega-linter:** add `permissions > statuses: write` for main.yml GH ([f5374b9](f5374b9)) * **pr-validation:** update job dependencies for matrix changes ([1d858ee](1d858ee)) * **release-please:** use client-id instead of deprecated app-id ([#491](#491)) ([aff623c](aff623c)) * **scripts:** align Grype writer/reader naming so security gate fails closed ([#362](#362)) ([#411](#411)) ([64b3db3](64b3db3)) * **settings:** update kubectl-helm-minikube version to avoid outages ([51384e9](51384e9)) * **settings:** update YAML lint filter regex for templates ([a39adbb](a39adbb)) * **terraform:** correct subnet address prefix in virtual network configuration ([10674fb](10674fb)) * **terraform:** resourceSyncRules fixes in resource definition ([1da54d2](1da54d2)) * update stale hashes for checkov and requests in requirements.txt ([#516](#516)) ([fa3c57f](fa3c57f)) * **workflows:** create git tag for draft releases ([#521](#521)) ([d9ceaf9](d9ceaf9)) * **workflows:** harden CI workflows to fail-fast on lint, security, and doc-gen errors ([#393](#393)) ([4669835](4669835)) ### Documentation * **500-application:** remove duplicate section and pre-release app from README ([8a19340](8a19340)) * add OpenSSF Scorecard badge to README ([#371](#371)) ([917851b](917851b)) * **adrs:** document .terraform.lock.hcl exclusion rationale ([#505](#505)) ([7c7185b](7c7185b)) * **contribute:** replace Azure DevOps references with GitHub equivalents ([#198](#198)) ([9c96219](9c96219)) * **governance:** add GOVERNANCE.md ([#160](#160)) ([#503](#503)) ([76d1cfe](76d1cfe)) * **pr-template:** add regression test checkbox for bug fixes ([#187](#187)) ([bf9af5a](bf9af5a)) * **readme:** add OpenSSF Best Practices badge ([#290](#290)) ([9b119a6](9b119a6)) * regenerate module README files for MD060 table compliance ([45bef8d](45bef8d)) * **security:** add vulnerability response timeline to SECURITY.md ([#193](#193)) ([966cb42](966cb42)) * **testing:** add formal test policy and requirements ([#190](#190)) ([cdd6446](cdd6446)) ### Build System * **build:** add clippy lint configuration and CI integration ([#231](#231)) ([dadeaa9](dadeaa9)) * **build:** add integrity verification for third-party GitHub Actions ([#269](#269)) ([4d68f68](4d68f68)) * **build:** add prettier configuration for JSON formatting ([#217](#217)) ([7766d33](7766d33)) * **build:** replace SLSA attestation with actions/attest ([#332](#332)) ([6ec9952](6ec9952)) * **ci:** replace MegaLinter with per-tool GitHub Actions lint workflows ([#240](#240)) ([022a1a1](022a1a1)) * **deps:** bump Rust and Python deps to clear CI security gates ([#444](#444)) ([2c05d82](2c05d82)) * **deps:** use ga release of the fabric terraform ([b27b9c5](b27b9c5)) * **scripts:** add EditorConfig and enable shfmt in MegaLinter ([#136](#136)) ([2a496d2](2a496d2)) * **scripts:** pin tonistiigi/xx to versioned SHA256 digest ([#260](#260)) ([a14084a](a14084a)) * **security-identity:** add standalone OSSF Scorecard workflow ([#307](#307)) ([51611e8](51611e8)) ### Code Refactoring * **build:** consolidate workflow inputs for GitHub 10-input limit ([#63](#63)) ([2d6500b](2d6500b)) * **terraform:** remove site MQTT endpoint and clean secret-provider-class ([8d3f695](8d3f695)) * **vm-host:** simplify subnet handling in Terraform configuration ([927e0fa](927e0fa)) ### Miscellaneous Chores * **build:** expand dependabot to cover all dependency ecosystems ([#261](#261)) ([04f3b23](04f3b23)) * **build:** migrate node toolchain to v24 (closes [#458](#458)) ([#460](#460)) ([7a7648c](7a7648c)) * **build:** pin pip and CI tool installs for Scorecard ([#464](#464)) ([1a57e67](1a57e67)) * **build:** upgrade tf-docs to v 0.19.0 - Merged PR 232 ([fa75196](fa75196)) * **ci:** Remove redundant PowerShell installation from GitHub Actions workflow ([#86](#86)) ([5918632](5918632)) * **codeowners:** add missing directory paths ([#256](#256)) ([7e8b559](7e8b559)) * **deps-dev:** bump minimatch from 3.1.2 to 3.1.5 in /docs/_server ([#229](#229)) ([24a38d6](24a38d6)) * **deps-dev:** bump rollup from 4.53.3 to 4.59.0 in /docs/_server ([#228](#228)) ([e6c3740](e6c3740)) * **deps-dev:** bump undici from 7.22.0 to 7.24.1 ([#252](#252)) ([6b967ac](6b967ac)) * **deps:** batch security and dependency updates ([#216](#216)) ([d19c605](d19c605)) * **deps:** bump @isaacs/brace-expansion from 5.0.0 to 5.0.1 ([#132](#132)) ([b836cfd](b836cfd)) * **deps:** bump bytes from 1.10.1 to 1.11.1 in /src/500-application/501-rust-telemetry/services/receiver ([#184](#184)) ([2534de9](2534de9)) * **deps:** bump bytes from 1.10.1 to 1.11.1 in /src/500-application/501-rust-telemetry/services/sender ([#181](#181)) ([5672cb9](5672cb9)) * **deps:** bump bytes from 1.10.1 to 1.11.1 in /src/500-application/502-rust-http-connector/services/broker ([#183](#183)) ([695c16d](695c16d)) * **deps:** bump bytes from 1.10.1 to 1.11.1 in /src/500-application/503-media-capture-service/services/media-capture-service ([#131](#131)) ([76cad0b](76cad0b)) * **deps:** bump bytes from 1.10.1 to 1.11.1 in /src/500-application/504-mqtt-otel-trace-exporter/services/mqtt-otel-trace-exporter ([#138](#138)) ([2cc0c8d](2cc0c8d)) * **deps:** bump bytes from 1.10.1 to 1.11.1 in /src/500-application/507-ai-inference/services/ai-edge-inference ([#129](#129)) ([d2a83f5](d2a83f5)) * **deps:** bump bytes from 1.10.1 to 1.11.1 in /src/500-application/507-ai-inference/services/ai-edge-inference-crate ([#236](#236)) ([a13417f](a13417f)) * **deps:** bump bytes from 1.10.1 to 1.11.1 in /src/500-application/507-ai-inference/services/ai-edge-inference-crate/tests/no-features-test ([#130](#130)) ([5d4f2ce](5d4f2ce)) * **deps:** bump express from 4.21.2 to 4.22.1 in /docs/_server ([#68](#68)) ([a0e7e0b](a0e7e0b)) * **deps:** bump flask from 3.0.3 to 3.1.3 in /src/500-application/505-akri-rest-http-connector/services/sensor-simulator ([#202](#202)) ([02ad24c](02ad24c)) * **deps:** bump flask from 3.0.3 to 3.1.3 in /src/500-application/506-ros2-connector/services ([#227](#227)) ([97c54ca](97c54ca)) * **deps:** bump flask from 3.1.2 to 3.1.3 in /src/500-application/502-rust-http-connector/services/sensor-simulator/src ([#209](#209)) ([7544fbe](7544fbe)) * **deps:** bump github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs from 1.44.0 to 1.65.0 in /blueprints/full-single-node-cluster/tests ([#363](#363)) ([52e807a](52e807a)) * **deps:** bump github.com/aws/aws-sdk-go-v2/service/lambda from 1.69.0 to 1.88.5 in /blueprints/full-single-node-cluster/tests ([#364](#364)) ([ca8a5a2](ca8a5a2)) * **deps:** bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.69.0 to 1.97.3 in /blueprints/full-single-node-cluster/tests ([#366](#366)) ([5de38e9](5de38e9)) * **deps:** bump github.com/jackc/pgx/v5 from 5.7.1 to 5.9.0 in /blueprints/full-single-node-cluster/tests ([#397](#397)) ([57caa75](57caa75)) * **deps:** bump github.com/microsoft/kiota-http-go from 1.5.4 to 1.5.5 in /blueprints/full-single-node-cluster/tests ([#485](#485)) ([f080a5e](f080a5e)) * **deps:** bump github.com/moby/spdystream from 0.5.0 to 0.5.1 in /blueprints/full-single-node-cluster/tests ([#396](#396)) ([a45f051](a45f051)) * **deps:** bump github.com/ulikunitz/xz from 0.5.10 to 0.5.14 in /blueprints/full-single-node-cluster/tests ([#139](#139)) ([43c6a1b](43c6a1b)) * **deps:** bump github.com/ulikunitz/xz from 0.5.10 to 0.5.14 in /src/900-tools-utilities/904-test-utilities ([#180](#180)) ([3c83f8b](3c83f8b)) * **deps:** bump lodash-es from 4.17.22 to 4.17.23 ([#113](#113)) ([fb12deb](fb12deb)) * **deps:** bump openssl from 0.10.78 to 0.10.79 in /src/500-application/507-ai-inference/services/ai-edge-inference ([#477](#477)) ([8326a97](8326a97)) * **deps:** bump openssl from 0.10.78 to 0.10.79 in /src/500-application/507-ai-inference/services/ai-edge-inference-crate ([#476](#476)) ([8b7536e](8b7536e)) * **deps:** bump pillow from 10.4.0 to 12.1.1 in /src/500-application/506-ros2-connector/services ([#192](#192)) ([6511fa3](6511fa3)) * **deps:** bump pytest from 9.0.2 to 9.0.3 in /src/500-application/506-ros2-connector/services ([#394](#394)) ([14828e7](14828e7)) * **deps:** bump rand from 0.9.2 to 0.9.4 in /src/500-application/507-ai-inference/services/ai-edge-inference-crate ([#395](#395)) ([3cac305](3cac305)) * **deps:** bump requests from 2.32.3 to 2.32.4 in /src/500-application/505-akri-rest-http-connector/services/sensor-simulator ([#64](#64)) ([a5e1735](a5e1735)) * **deps:** bump requests from 2.32.4 to 2.33.0 in /src/500-application/505-akri-rest-http-connector/services/sensor-simulator ([#304](#304)) ([eff3240](eff3240)) * **deps:** bump tar from 7.5.10 to 7.5.11 ([#241](#241)) ([78bc60d](78bc60d)) * **deps:** bump tar from 7.5.3 to 7.5.7 ([#115](#115)) ([31a41a9](31a41a9)) * **deps:** bump tar from 7.5.7 to 7.5.9 ([#200](#200)) ([3d19470](3d19470)) * **deps:** bump tar from 7.5.9 to 7.5.10 ([#230](#230)) ([f785f97](f785f97)) * **deps:** bump urllib3 from 2.6.3 to 2.7.0 and consolidate dependencies ([#509](#509)) ([40c1ef6](40c1ef6)) * **deps:** bump werkzeug from 3.0.6 to 3.1.4 in /src/500-application/506-ros2-connector/services ([#74](#74)) ([c6b4d15](c6b4d15)) * **deps:** bump werkzeug from 3.1.5 to 3.1.6 in /src/500-application/502-rust-http-connector/services/sensor-simulator/src ([#210](#210)) ([6e82c78](6e82c78)) * **deps:** bump werkzeug from 3.1.5 to 3.1.6 in /src/500-application/506-ros2-connector/services ([#203](#203)) ([90ae904](90ae904)) * **deps:** bundle Dependabot security fixes for flatted, cors, and grype config ([#292](#292)) ([bb13625](bb13625)) * **deps:** consolidate 16 dependabot PRs with eslint v10, vitest v4, and cspell v9 ([#297](#297)) ([e6ecdb4](e6ecdb4)) * **deps:** consolidate Dependabot updates into one weekly PR per ecosystem ([#410](#410)) ([37de2b4](37de2b4)) * **deps:** regenerate package-lock.json after merge ([683a29a](683a29a)) * **deps:** remediate Grype/OSSF vulnerabilities ([#451](#451)) ([#450](#450)) ([b5d0753](b5d0753)) * **devcontainer:** pin .NET SDK to 9.0 ([#517](#517)) ([77adefd](77adefd)) * **docs:** clean up localization - Merged PR 233 ([86fd6d0](86fd6d0)) * **docs:** regenerate sidebar for new wasm provider component ([3ad039d](3ad039d)) * integrate changes from main ([da6eaa7](da6eaa7)) * integrate changes from main ([a3d7b1a](a3d7b1a)) * integrate changes from main ([31e850a](31e850a)) * integrate changes from main ([4c2c55f](4c2c55f)) * integrate changes from main ([de2103c](de2103c)) * integrate changes from main ([0b69506](0b69506)) * integrate changes from main ([7f6758f](7f6758f)) * integrate changes from main ([cbf26d8](cbf26d8)) * integrate changes from main ([161e8bc](161e8bc)) * integrate changes from main ([8a4dfeb](8a4dfeb)) * integrate changes from main ([54ecd23](54ecd23)) * integrate changes from main ([8abef9d](8abef9d)) * integrate changes from main ([5e621d0](5e621d0)) * integrate changes from main ([19b27d2](19b27d2)) * integrate changes from main ([498f342](498f342)) * integrate changes from main ([4eac1e9](4eac1e9)) * integrate changes from main ([01baf3a](01baf3a)) * integrate changes from main ([97f0c7f](97f0c7f)) * integrate changes from main ([93f2215](93f2215)) * **main:** release 3.0.0 ([#489](#489)) ([c42703d](c42703d)) * merge github/main into release/2.0.0 ([88365e6](88365e6)) * migrate from GitVersion to release-please ([#446](#446)) ([d2ced15](d2ced15)) * migrate prompt engineering artifacts to hve-core ([#182](#182)) ([718d21c](718d21c)) * resolve merge conflicts from main sync ([c6f6d1d](c6f6d1d)) * **rust:** standardize strip = true across release profiles ([#189](#189)) ([945ea28](945ea28)) * **security:** pin remaining unpinned dependencies (OSSF Scorecard) ([#497](#497)) ([39d385a](39d385a)) * **security:** remediate OSSF Scorecard vulnerability advisories ([#502](#502)) ([ba570c4](ba570c4)) * **shellcheck:** remove redundant SC1091 directives ([#220](#220)) ([d8d3b04](d8d3b04)) * simplify CODEOWNERS to use team-based ownership ([#137](#137)) ([ce8722a](ce8722a)) * **template:** modernize github issue templates to YML format ([#213](#213)) ([2e18b1b](2e18b1b)) * **tools:** add secretlint config ([#128](#128)) ([e3bd668](e3bd668)) * vulnerability remediation ([#409](#409) phases A-G), OSSF hardening, and Docusaurus migration completion ([#408](#408)) ([b6a3f08](b6a3f08)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). --------- Co-authored-by: edge-ai-release-please[bot] <282732779+edge-ai-release-please[bot]@users.noreply.github.com> Co-authored-by: Bill Berry <wberry@microsoft.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Enforces Rust crate registration for Codecov coverage reporting (#155) by adding a validation script, CI gate, and authoring guidance.
Changes
scripts/Validate-RustCrateRegistration.ps1— validates everyCargo.tomlundersrc/500-application/is registered for CI test/coverage and Codecov reporting.scripts/tests/Validate-RustCrateRegistration.Tests.ps1— Pester suite for the validator..github/workflows/validate-rust-registration.yml— CI gate running the validator on PRs..github/instructions/rust-crate-registration.instructions.md— authoring guidance for crate registration..github/instructions/README.md— index entry for the new instructions..github/workflows/rust-tests.yml— trigger onCargo.lockchanges.codecov.yml— align ignore patterns with the validator.scripts/Invoke-Pester.ps1— defaultOutputPathto./logs/pester.Validation
Related