chore(ci): externalize workflow scripts and relocate main flow doc (#722)

* feat: Add GitHub Actions workflows for security audits, CodeQL analysis, contributor updates, performance benchmarks, integration tests, fuzz testing, and reusable Rust build jobs - Implemented `sec-audit.yml` for Rust package security audits using `rustsec/audit-check` and `cargo-deny-action`. - Created `sec-codeql.yml` for CodeQL analysis scheduled twice daily. - Added `sync-contributors.yml` to update the NOTICE file with new contributors automatically. - Introduced `test-benchmarks.yml` for performance benchmarks using Criterion. - Established `test-e2e.yml` for running integration and end-to-end tests. - Developed `test-fuzz.yml` for fuzz testing with configurable runtime. - Created `test-rust-build.yml` as a reusable job for executing Rust commands with customizable parameters. - Documented main branch delivery flows in `main-branch-flow.md` for clarity on CI/CD processes. * ci(workflows): update workflow scripts and rename for clarity; remove obsolete lint feedback script * chore(ci): externalize workflow scripts and relocate main flow doc
2026-02-17 19:48:37 -05:00 · 2026-02-17 19:48:37 -05:00 · 69a3b54968
commit 69a3b54968
parent 41da46e2b2
34 changed files with 2090 additions and 1777 deletions
--- a/.github/workflows/fuzz.yml
+++ b/.github/workflows/fuzz.yml
@ -1,72 +0,0 @@
-name: Fuzz Testing
-
-on:
-    schedule:
-        - cron: "0 2 * * 0" # Weekly Sunday 2am UTC
-    workflow_dispatch:
-        inputs:
-            fuzz_seconds:
-                description: "Seconds to run each fuzz target"
-                required: false
-                default: "300"
-
-concurrency:
-    group: fuzz-${{ github.ref }}
-    cancel-in-progress: true
-
-permissions:
-    contents: read
-    issues: write
-
-env:
-    CARGO_TERM_COLOR: always
-
-jobs:
-    fuzz:
-        name: Fuzz (${{ matrix.target }})
-        runs-on: blacksmith-2vcpu-ubuntu-2404
-        timeout-minutes: 60
-        strategy:
-            fail-fast: false
-            matrix:
-                target:
-                    - fuzz_config_parse
-                    - fuzz_tool_params
-        steps:
-            - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
-
-            - uses: dtolnay/rust-toolchain@631a55b12751854ce901bb631d5902ceb48146f7 # stable
-              with:
-                  toolchain: nightly
-                  components: llvm-tools-preview
-
-            - name: Install cargo-fuzz
-              run: cargo install cargo-fuzz --locked
-
-            - name: Run fuzz target
-              run: |
-                  SECONDS="${{ github.event.inputs.fuzz_seconds || '300' }}"
-                  echo "Fuzzing ${{ matrix.target }} for ${SECONDS}s"
-                  cargo +nightly fuzz run ${{ matrix.target }} -- \
-                    -max_total_time="${SECONDS}" \
-                    -max_len=4096
-              continue-on-error: true
-              id: fuzz
-
-            - name: Upload crash artifacts
-              if: failure() || steps.fuzz.outcome == 'failure'
-              uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6
-              with:
-                  name: fuzz-crashes-${{ matrix.target }}
-                  path: fuzz/artifacts/${{ matrix.target }}/
-                  retention-days: 30
-                  if-no-files-found: ignore
-
-            - name: Report fuzz results
-              run: |
-                  echo "### Fuzz: ${{ matrix.target }}" >> "$GITHUB_STEP_SUMMARY"
-                  if [ "${{ steps.fuzz.outcome }}" = "failure" ]; then
-                    echo "- :x: Crashes found — see artifacts" >> "$GITHUB_STEP_SUMMARY"
-                  else
-                    echo "- :white_check_mark: No crashes found" >> "$GITHUB_STEP_SUMMARY"
-                  fi