The release_trigger_guard.py requires gh CLI to verify CI Required Gate
status in publish mode. Self-hosted hetzner runners don't have gh
pre-installed, causing the guard to fail with exit code 3.
Add a gh CLI install step before the guard runs, with a skip if gh is
already available.
Two pre-existing issues blocking Pub Release builds:
1. x86_64-unknown-linux-gnu binary grew to 24MB, exceeding the 23MB
hard limit. Bump Linux safeguard from 23MB to 26MB to accommodate
recent feature growth. Binary size investigation deferred to follow-up.
2. armv7-unknown-linux-gnueabihf fails compiling ring/aws-lc-sys due to
missing libc6-dev-armhf-cross headers. Add libc dev package install
for armv7 and aarch64 cross-compile targets.
The release safety gates branch inadvertently replaced all matrix os
labels with self-hosted Linux runner arrays, including macOS and Windows
targets that require GitHub-hosted runners. This caused all three
cross-platform builds to fail: macOS builds attempted C compilation with
GNU cc (missing -arch flag), and Windows MSVC builds failed without
lib.exe.
Restore the original GitHub-hosted labels:
- macos-15-intel for x86_64-apple-darwin
- macos-14 for aarch64-apple-darwin
- windows-latest for x86_64-pc-windows-msvc
* chore(license): make apache primary while preserving dual-license (#1307)
* fix(license): adopt rust-style dual-license layout for github detection (#1308)
* fix(license): restore canonical apache-2.0 text for detection (#1309)
* ci(policy): restrict main PR authors and target bot PRs to dev (#1310)
* ci(intake): warn and retarget non-promotion PRs from main to dev (#1319)
* ci(release): add bot-owned Homebrew publish workflow (#1323)
* fix(onboard): serialize quick-setup env tests safely
* chore(release): bump version to v0.1.5
* ci(build-fast): align toolchain with stable release build
Replace individual >> redirects with a single grouped { ... } >> block
to resolve shellcheck SC2129 and satisfy actionlint.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* feat: Add GitHub Actions workflows for security audits, CodeQL analysis, contributor updates, performance benchmarks, integration tests, fuzz testing, and reusable Rust build jobs
- Implemented `sec-audit.yml` for Rust package security audits using `rustsec/audit-check` and `cargo-deny-action`.
- Created `sec-codeql.yml` for CodeQL analysis scheduled twice daily.
- Added `sync-contributors.yml` to update the NOTICE file with new contributors automatically.
- Introduced `test-benchmarks.yml` for performance benchmarks using Criterion.
- Established `test-e2e.yml` for running integration and end-to-end tests.
- Developed `test-fuzz.yml` for fuzz testing with configurable runtime.
- Created `test-rust-build.yml` as a reusable job for executing Rust commands with customizable parameters.
- Documented main branch delivery flows in `main-branch-flow.md` for clarity on CI/CD processes.
* ci(workflows): update workflow scripts and rename for clarity; remove obsolete lint feedback script
* chore(ci): externalize workflow scripts and relocate main flow doc
* chore(ci): align workflow names with file naming style
* feat: Add GitHub Actions workflows for security audits, CodeQL analysis, contributor updates, performance benchmarks, integration tests, fuzz testing, and reusable Rust build jobs
- Implemented `sec-audit.yml` for Rust package security audits using `rustsec/audit-check` and `cargo-deny-action`.
- Created `sec-codeql.yml` for CodeQL analysis scheduled twice daily.
- Added `sync-contributors.yml` to update the NOTICE file with new contributors automatically.
- Introduced `test-benchmarks.yml` for performance benchmarks using Criterion.
- Established `test-e2e.yml` for running integration and end-to-end tests.
- Developed `test-fuzz.yml` for fuzz testing with configurable runtime.
- Created `test-rust-build.yml` as a reusable job for executing Rust commands with customizable parameters.
- Documented main branch delivery flows in `main-branch-flow.md` for clarity on CI/CD processes.
* ci(workflows): update workflow scripts and rename for clarity; remove obsolete lint feedback script
* chore(ci): externalize workflow scripts and relocate main flow doc
