fix: ruvector-postgres v0.3.2 — 100% audit pass (HNSW + hybrid fixes) #152
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: PostgreSQL Extension CI | |
| on: | |
| push: | |
| branches: [main, develop, "claude/**", "fix/**"] | |
| paths: | |
| - 'crates/ruvector-postgres/**' | |
| - '.github/workflows/postgres-extension-ci.yml' | |
| pull_request: | |
| branches: [main, develop] | |
| paths: | |
| - 'crates/ruvector-postgres/**' | |
| - '.github/workflows/postgres-extension-ci.yml' | |
| workflow_dispatch: | |
| env: | |
| CARGO_TERM_COLOR: always | |
| RUST_BACKTRACE: 1 | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| jobs: | |
| # Build and test matrix for multiple PostgreSQL versions | |
| test: | |
| name: Test PostgreSQL ${{ matrix.pg_version }} on ${{ matrix.os }} | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ubuntu-latest] | |
| pg_version: [17] | |
| rust: [stable] | |
| include: | |
| # Test on macOS for pg17 | |
| - os: macos-latest | |
| pg_version: 17 | |
| rust: stable | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Install Rust toolchain | |
| uses: actions-rust-lang/setup-rust-toolchain@v1 | |
| with: | |
| toolchain: ${{ matrix.rust }} | |
| components: rustfmt, clippy | |
| - name: Install PostgreSQL (Ubuntu) | |
| if: runner.os == 'Linux' | |
| run: | | |
| sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list' | |
| wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add - | |
| sudo apt-get update | |
| sudo apt-get install -y postgresql-${{ matrix.pg_version }} postgresql-server-dev-${{ matrix.pg_version }} | |
| echo "/usr/lib/postgresql/${{ matrix.pg_version }}/bin" >> $GITHUB_PATH | |
| - name: Install PostgreSQL (macOS) | |
| if: runner.os == 'macOS' | |
| run: | | |
| brew install postgresql@${{ matrix.pg_version }} | |
| echo "/opt/homebrew/opt/postgresql@${{ matrix.pg_version }}/bin" >> $GITHUB_PATH | |
| - name: Cache cargo registry | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.cargo/registry | |
| key: ${{ runner.os }}-cargo-registry-${{ hashFiles('**/Cargo.lock') }} | |
| restore-keys: | | |
| ${{ runner.os }}-cargo-registry- | |
| - name: Cache cargo index | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.cargo/git | |
| key: ${{ runner.os }}-cargo-index-${{ hashFiles('**/Cargo.lock') }} | |
| restore-keys: | | |
| ${{ runner.os }}-cargo-index- | |
| - name: Cache cargo build | |
| uses: actions/cache@v4 | |
| with: | |
| path: target | |
| key: ${{ runner.os }}-cargo-build-target-${{ matrix.pg_version }}-${{ hashFiles('**/Cargo.lock') }} | |
| restore-keys: | | |
| ${{ runner.os }}-cargo-build-target-${{ matrix.pg_version }}- | |
| - name: Install cargo-pgrx | |
| run: cargo install cargo-pgrx --version 0.12.9 --locked | |
| - name: Initialize pgrx (Ubuntu) | |
| if: runner.os == 'Linux' | |
| run: cargo pgrx init --pg${{ matrix.pg_version }}=/usr/lib/postgresql/${{ matrix.pg_version }}/bin/pg_config | |
| working-directory: crates/ruvector-postgres | |
| - name: Initialize pgrx (macOS) | |
| if: runner.os == 'macOS' | |
| run: cargo pgrx init --pg${{ matrix.pg_version }}=/opt/homebrew/opt/postgresql@${{ matrix.pg_version }}/bin/pg_config | |
| working-directory: crates/ruvector-postgres | |
| - name: Check code formatting | |
| run: cargo fmt --all -- --check | |
| working-directory: crates/ruvector-postgres | |
| - name: Run clippy | |
| run: cargo clippy --no-default-features --features pg${{ matrix.pg_version }} -- -D warnings | |
| working-directory: crates/ruvector-postgres | |
| - name: Build extension | |
| run: cargo build --no-default-features --features pg${{ matrix.pg_version }} --release | |
| working-directory: crates/ruvector-postgres | |
| - name: Run tests | |
| run: cargo pgrx test pg${{ matrix.pg_version }} --no-default-features --features pg${{ matrix.pg_version }} | |
| working-directory: crates/ruvector-postgres | |
| # Test with all features enabled | |
| test-all-features: | |
| name: Test All Features (PostgreSQL 17) | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Install Rust toolchain | |
| uses: actions-rust-lang/setup-rust-toolchain@v1 | |
| with: | |
| toolchain: stable | |
| - name: Install PostgreSQL | |
| run: | | |
| sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list' | |
| wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add - | |
| sudo apt-get update | |
| sudo apt-get install -y postgresql-17 postgresql-server-dev-17 | |
| - name: Install cargo-pgrx | |
| run: cargo install cargo-pgrx --version 0.12.9 --locked | |
| - name: Initialize pgrx | |
| run: cargo pgrx init --pg17=/usr/lib/postgresql/17/bin/pg_config | |
| working-directory: crates/ruvector-postgres | |
| - name: Build with all features | |
| run: | | |
| cargo build --no-default-features --features pg17,index-all,quant-all --release | |
| working-directory: crates/ruvector-postgres | |
| - name: Test with all features | |
| run: | | |
| cargo pgrx test pg17 --no-default-features --features pg17,index-all,quant-all | |
| working-directory: crates/ruvector-postgres | |
| # Benchmark on pull requests | |
| benchmark: | |
| name: Benchmark | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'pull_request' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Install Rust toolchain | |
| uses: actions-rust-lang/setup-rust-toolchain@v1 | |
| with: | |
| toolchain: stable | |
| - name: Install PostgreSQL | |
| run: | | |
| sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list' | |
| wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add - | |
| sudo apt-get update | |
| sudo apt-get install -y postgresql-17 postgresql-server-dev-17 | |
| - name: Install cargo-pgrx | |
| run: cargo install cargo-pgrx --version 0.12.9 --locked | |
| - name: Initialize pgrx | |
| run: cargo pgrx init --pg17=/usr/lib/postgresql/17/bin/pg_config | |
| working-directory: crates/ruvector-postgres | |
| - name: Run benchmarks | |
| run: cargo bench --no-default-features --features pg17 -- --output-format bencher | tee benchmark-output.txt | |
| working-directory: crates/ruvector-postgres | |
| - name: Store benchmark result | |
| uses: benchmark-action/github-action-benchmark@v1 | |
| with: | |
| name: Rust Benchmark | |
| tool: 'cargo' | |
| output-file-path: crates/ruvector-postgres/benchmark-output.txt | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| auto-push: false | |
| # Security audit | |
| security: | |
| name: Security Audit | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Install Rust toolchain | |
| uses: actions-rust-lang/setup-rust-toolchain@v1 | |
| - name: Run cargo audit | |
| uses: rustsec/audit-check@v2 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| working-directory: crates/ruvector-postgres | |
| # Package the extension | |
| package: | |
| name: Package Extension | |
| runs-on: ubuntu-latest | |
| needs: [test, test-all-features] | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| strategy: | |
| matrix: | |
| pg_version: [17] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Install Rust toolchain | |
| uses: actions-rust-lang/setup-rust-toolchain@v1 | |
| - name: Install PostgreSQL | |
| run: | | |
| sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list' | |
| wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add - | |
| sudo apt-get update | |
| sudo apt-get install -y postgresql-${{ matrix.pg_version }} postgresql-server-dev-${{ matrix.pg_version }} | |
| - name: Install cargo-pgrx | |
| run: cargo install cargo-pgrx --version 0.12.9 --locked | |
| - name: Initialize pgrx | |
| run: cargo pgrx init --pg${{ matrix.pg_version }}=/usr/lib/postgresql/${{ matrix.pg_version }}/bin/pg_config | |
| working-directory: crates/ruvector-postgres | |
| - name: Package extension | |
| run: cargo pgrx package --no-default-features --features pg${{ matrix.pg_version }} | |
| working-directory: crates/ruvector-postgres | |
| - name: Upload artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ruvector-postgres-pg${{ matrix.pg_version }} | |
| path: target/release/ruvector-postgres-pg${{ matrix.pg_version }}/ | |
| retention-days: 30 | |
| # Integration tests with Docker | |
| integration-test: | |
| name: Integration Test (Docker) | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build Docker image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| file: crates/ruvector-postgres/Dockerfile | |
| push: false | |
| tags: ruvector-postgres:test | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| - name: Run integration tests | |
| run: | | |
| docker run --rm ruvector-postgres:test psql --version | |
| docker run --rm ruvector-postgres:test pg_config --version |