feat(ci): enforce rust crate registration in codecov coverage (#155)

[WilliamBerryiii]

Summary

Enforces Rust crate registration for Codecov coverage reporting (#155) by adding a validation script, CI gate, and authoring guidance.

Changes

• New: scripts/Validate-RustCrateRegistration.ps1 — validates every Cargo.toml under src/500-application/ is registered for CI test/coverage and Codecov reporting.
• New: scripts/tests/Validate-RustCrateRegistration.Tests.ps1 — Pester suite for the validator.
• New: .github/workflows/validate-rust-registration.yml — CI gate running the validator on PRs.
• New: .github/instructions/rust-crate-registration.instructions.md — authoring guidance for crate registration.
• Update: .github/instructions/README.md — index entry for the new instructions.
• Update: .github/workflows/rust-tests.yml — trigger on Cargo.lock changes.
• Update: codecov.yml — align ignore patterns with the validator.
• Update: scripts/Invoke-Pester.ps1 — default OutputPath to ./logs/pester.

Validation

• Pester: 19 passed / 2 skipped.

Related

• Closes ci(rust-coverage): add Rust code coverage reporting #155

[katriendg]

PR Review Summary

Reviewed all 11 changed files. Found 6 review items — 2 critical, 1 high, 1 medium, 2 low.

🔴 Critical

• RI-1: Invoke-Pester.ps1 output path change breaks artifact upload in pr-validation.yml (path mismatch: logs/pester/ vs test-results/)
• RI-2: Grype SBOM scan (--fail-on high) blocks all Rust test execution — most likely root cause of current pipeline failures

🟡 High

• RI-3: Rust test coverage jobs run unconditionally on every PR (no path filtering) — performance regression for all PRs

🟠 Medium

• RI-4: Instructions reference on.pull_request.paths / on.push.paths sections that don't exist in the workflow_call-only rust-tests.yml

🟢 Low

• RI-5: All matrix entries install ffmpeg libs even though only 503-media-capture-service needs them
• RI-6: upload-artifact version inconsistency between validate-rust-registration.yml (v7) and rest of repo (v4)

Existing App Impact

✅ No application source code is modified — build/deploy for existing apps is unaffected
⚠️ Pester test artifacts will silently stop uploading (RI-1)
⚠️ All PRs get 3 additional heavy CI jobs regardless of content (RI-3)

[WilliamBerryiii]

Thanks for the review! All comments have been addressed and replied to. Additionally, the PowerShell Lint CI failure was fixed by renaming Get-RustHasChanges -> Test-RustHasChange (commit 005ecd1) to satisfy the PSUseSingularNouns rule. PowerShell Lint is now passing. Could you take another look when you have a moment? @katriendg

[codecov-commenter]

Welcome to Codecov 🎉

Once you merge this PR into your default branch, you're all set! Codecov will compare coverage reports and display results in all future pull requests.

Thanks for integrating Codecov - We've got you covered ☂️

[github-actions]

📚 Documentation Health Report

Generated on: 2026-04-29 03:18:07 UTC

📈 Documentation Statistics

Category	File Count
Main Documentation	218
Infrastructure Components	196
Blueprints	39
GitHub Resources	44
AI Assistant Guides (Copilot)	17
Total	514

🏗️ Three-Tree Architecture Status

• ✅ Bicep Documentation Tree: Auto-generated navigation
• ✅ Terraform Documentation Tree: Auto-generated navigation
• ✅ README Documentation Tree: Manual README organization

🔍 Quality Metrics

• Frontmatter Validation:
  success
• Link Validation: success

---

This report is automatically generated by the Documentation Automation workflow.

[katriendg]

Thanks, looking good and great to have this added.

Just nit comments, and then the agent also recommends checking if the following changes are intentional:

• src/500-application/503-media-capture-service/.../multi_trigger.rs - Alert classification was loosened from t.contains("alert") && t.contains("trigger") to just t.contains("alert"). This is a real runtime behavior change: any topic containing "alert" (e.g. alerts/state, device/alerted) now classifies as MessageType::Alert. Not a CI fix.

• 507-ai-inference/.../topic_router.rs - Test fixture rewritten from a nested outputs: vec![ModelOutput { predictions: ... }] shape with SiteContext to a flat predictions / model_type: String shape, and an assertion swapped from site_id to model_name in a custom-route template. Tests now compile against a different InferenceResult shape. If InferenceResult was already migrated upstream, this is alignment; otherwise it's a divergence. Worth confirming the type definition matches.

[auyidi1]

looks like some checks are failing, but I'm sure you already have a handle of that.