This repository uses a three-layer CI strategy with a hybrid GitHub status lane.
- Hook path:
.githooks/pre-commit - Priority order (first available tool is used):
- local-ci (unified CI pipeline, if installed)
- Nix (via
nix develop) - Cargo (bare local installation)
- Runs:
cargo fmt --all -- --checkcargo clippy --workspace --all-targets -- -D warnings
- Installation:
./.githooks/install.sh
- Run
./.githooks/install.sh. - Confirm hook path:
git config core.hooksPath
- Validate hook script:
bash -n .githooks/pre-commit
To use unified CI pipeline in pre-commit hooks (optional):
- Install local-ci:
just local-ci-install- Or manually:
git clone https://github.com/stevedores-org/local-ci && cd local-ci && make build
- Hook will automatically detect and use it
- Check hook behavior:
bash -x .githooks/pre-commit(debug mode)
- Tool:
local-ci(from https://github.com/stevedores-org/local-ci) - Configuration:
.local-ci.toml - Install:
just local-ci-install
- Run full pipeline:
just local-ci(orlocal-ci)
- Run fix mode:
just local-ci-fix(orlocal-ci --fix)
- Run selected stages:
local-ci fmt clippylocal-ci test
- Benefits:
- Unified configuration across all tools
- Fast cached stage runs
- Consistent output formatting
- Built-in caching strategy
- Current limitation:
local-cicurrently uses built-in stage definitions (fmt,clippy,test,check).local-ci.tomlis forward-compatible policy documentation and not enforced yet by the binary
- Command shortcuts defined in
justfile - Main command:
just ci
- Equivalent to:
- fmt + clippy + tests + benches compile + docs build
Useful commands:
just fmt— Format codejust fmt-check— Check formattingjust clippy— Run clipper linterjust test— Run testsjust bench— Compile benchesjust doc— Build docsjust check— Quick cargo check
- Runner script:
ci/runner.sh - Systemd unit:
ci/oxidizedrag-ci.service - Behavior:
- Polls
origin/develop - Fast-forwards local checkout to latest commit
- Runs
nix flake check - Optionally pushes successful build outputs to Attic cache
- Polls
- Copy service unit to systemd:
sudo cp ci/oxidizedrag-ci.service /etc/systemd/system/
- Provide environment file:
sudo tee /etc/oxidizedrag-ci.env
- Add token value:
ATTIC_TOKEN=...
- Enable and start:
sudo systemctl daemon-reloadsudo systemctl enable --now oxidizedrag-ci.service
- Verify logs:
journalctl -u oxidizedrag-ci.service -f
- Workflow:
.github/workflows/ci.yml - Runs
nix flake checkon pushes and PRs todevelop/main - Uses DeterminateSystems
magic-nix-cachefor fast, reproducible builds - Also runs an explicit
cargo test --workspaceinsidenix develop
- Cache endpoint:
https://nix-cache.stevedores.org - Login example:
attic login stevedores https://nix-cache.stevedores.org $ATTIC_TOKEN
For self-hosted service environments, place ATTIC_TOKEN in an env file loaded by systemd.
local-ci currently executes built-in stages and does not load this file yet.
Treat .local-ci.toml as desired policy documentation for upcoming schema-backed config support.
- local-ci not found:
- Install:
just local-ci-install - Or manually build:
git clone https://github.com/stevedores-org/local-ci && make build - Add to PATH or ensure GOPATH/bin is in PATH
- Install:
- Stage fails to run:
- Check configuration:
cat .local-ci.toml - Run with verbose output:
local-ci --verbose fmt clippy test - Verify tools are installed:
cargo audit --version,cargo deny --version
- Check configuration:
- Hook not running:
- Re-run:
./.githooks/install.sh - Verify:
git config core.hooksPath
- Re-run:
- Hook runs wrong tool:
- Check tool priority: local-ci > nix > cargo
- Debug:
bash -x .githooks/pre-commit
- Runner refuses to update branch:
- Check for dirty working tree:
git status --short - Runner intentionally refuses destructive updates on non-clean repos.
- Check for dirty working tree:
nix flake checkfails:- Reproduce locally:
just flake-check
- Reproduce locally:
- Attic push skipped:
- Confirm
ATTIC_TOKENis set in/etc/oxidizedrag-ci.env - Validate auth:
attic cache info stevedores
- Confirm