Skip to content

feat(ci): check only affected Rust packages#2963

Closed
poroh wants to merge 1 commit into
NVIDIA:mainfrom
poroh:affected-rust-ci
Closed

feat(ci): check only affected Rust packages#2963
poroh wants to merge 1 commit into
NVIDIA:mainfrom
poroh:affected-rust-ci

Conversation

@poroh

@poroh poroh commented Jun 29, 2026

Copy link
Copy Markdown
Contributor

Replace full-workspace Rust pre-build checks with an affected-package selection flow. The new xtask maps changed Git paths to workspace packages, expands the selection to transitive workspace dependents, and falls back to the full workspace when a change is global or cannot be mapped safely.

This reduces CI time for package-scoped changes while preserving coverage for shared inputs such as Cargo files, toolchain config, CI config, custom lints, xtask code, and other global build inputs.

The affected check now runs:

  • isolated default-feature package builds
  • Clippy with all targets/features
  • carbide-lints with all targets/features

Also add reviewer guidance for keeping the global-path fallback list up to date.

Related issues

Type of Change

  • Add - New feature or capability
  • Change - Changes in existing functionality
  • Fix - Bug fixes
  • Remove - Removed features or deprecated functionality
  • Internal - Internal changes (refactoring, tests, docs, etc.)

Breaking Changes

  • This PR contains breaking changes

Testing

  • Unit tests added/updated
  • Integration tests added/updated
  • Manual testing performed
  • No testing required (docs, internal refactor, etc.)

Additional Notes

@poroh poroh requested review from a team as code owners June 29, 2026 06:23
@coderabbitai

coderabbitai Bot commented Jun 29, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

Summary by CodeRabbit

  • New Features

    • Added a new “affected Rust checks” workflow so CI can run Rust validation only on packages touched by a change.
    • Introduced a new top-level command for checking affected Rust packages, with support for choosing the base revision.
  • Bug Fixes

    • Improved package selection to better handle changed paths, renames, and dependency-related impact.
    • Added safer fallback behavior when changes can’t be mapped reliably.
  • Documentation

    • Updated build and CI guidance to reflect the new Rust workflow and command entrypoints.

Walkthrough

Introduces a cargo xtask affected-packages subcommand that computes changed workspace packages from a git diff against a base ref, expands selections to transitive reverse dependents, and outputs name@version selectors. A new check-affected cargo-make task consumes these selectors to run isolated builds, clippy, and carbide-lints only for affected packages. The CI lint-police job and top-level Makefile are updated to invoke this pipeline.

Changes

Affected-package CI pipeline

Layer / File(s) Summary
affected_packages module: types, selection logic, and git parsing
crates/xtask/src/affected_packages.rs
New module with WorkspacePackage, Selection, FullWorkspaceReason, and ChangedPaths types; implements merge-base git diff parsing (NUL-terminated, rename-aware), deepest-manifest-root ownership, safe-path validation, global-path detection, transitive reverse-dependency expansion, full-workspace conservative fallback, and comprehensive unit tests.
isolated_package_builds: explicit package selection
crates/xtask/src/isolated_package_builds.rs
check() now accepts selected_packages: &[String]; adds WorkspacePackage struct with cargo_selector (name@version), select_packages() helper with name-or-selector validation, BTreeSet deduplication, and full-workspace passthrough on empty input; adds unit tests.
xtask CLI: new subcommand and updated args
crates/xtask/src/main.rs
Registers affected_packages module, adds AffectedPackages { base } clap struct defaulting to origin/main, extends IsolatedPackageBuilds with repeatable --package args, updates main() routing, and adds CLI argument tests.
Makefile.toml: check-affected task
Makefile.toml
New check-affected cargo-make task: queries cargo xtask affected-packages, builds -p argument array, then sequentially runs isolated-package-builds, clippy, and carbide-lints each with an isolated CARGO_TARGET_DIR subdirectory.
CI job, Makefile entrypoint, and docs
.github/workflows/ci.yaml, Makefile, AGENTS.md
lint-police fetches full git history (fetch-depth: 0), configures git safe-directory, and replaces individual lint steps with cargo make check-affected; removes standalone isolated-package-builds step. Adds core/check-affected Makefile target with AFFECTED_BASE variable. Updates AGENTS.md with affected-package CI maintenance guidance.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 43.24% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (4 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly captures the main CI change: checking only affected Rust packages.
Description check ✅ Passed The description is directly aligned with the changeset and explains the affected-package CI flow.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Comment @coderabbitai help to get the list of available commands.

Replace full-workspace Rust pre-build checks with an affected-package
selection flow. The new xtask maps changed Git paths to workspace
packages, expands the selection to transitive workspace dependents, and
falls back to the full workspace when a change is global or cannot be
mapped safely.

This reduces CI time for package-scoped changes while preserving coverage
for shared inputs such as Cargo files, toolchain config, CI config,
custom lints, xtask code, and other global build inputs.

The affected check now runs:

- isolated default-feature package builds
- Clippy with all targets/features
- carbide-lints with all targets/features

Also add reviewer guidance for keeping the global-path fallback list
up to date.

Signed-off-by: Dmitry Porokh <dporokh@nvidia.com>
@poroh poroh force-pushed the affected-rust-ci branch from f77625f to 375e302 Compare June 29, 2026 06:30
@coderabbitai

coderabbitai Bot commented Jun 29, 2026

Copy link
Copy Markdown
Contributor

Caution

Failed to replace (edit) comment. This is likely due to insufficient permissions or the comment being deleted.

Error details
{}

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (1)
crates/xtask/src/affected_packages.rs (1)

545-605: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Drive the global-path regression cases from the fallback list.

This test only samples part of GLOBAL_FILES / GLOBAL_DIRECTORIES, so a future addition to is_global_path() can land without matching coverage. Please derive the cases from a single shared table so the safety check and its test stay in sync. As per coding guidelines, crates/xtask/src/affected_packages.rs: Keep is_global_path() ... up to date; as per path instructions, crates/**/*.rs: Prefer findings about behavior ... and missing tests over style-only comments; based on learnings, When writing tests, prefer the table-driven style.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@crates/xtask/src/affected_packages.rs` around lines 545 - 605, The regression
test for global path handling is only covering a hand-written subset of the
fallback globals, so it can drift from is_global_path() as GLOBAL_FILES or
GLOBAL_DIRECTORIES change. Refactor
global_unmapped_unsafe_and_empty_changes_select_all_with_a_reason in
affected_packages.rs to drive its cases from one shared table/source used by
is_global_path(), and iterate that table in the test so new global paths
automatically stay covered. Keep the existing assertions around select_affected
and Selection::All, but make the test table-driven and shared with the
production global-path matcher.

Sources: Coding guidelines, Path instructions, Learnings

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@crates/xtask/src/affected_packages.rs`:
- Around line 545-605: The regression test for global path handling is only
covering a hand-written subset of the fallback globals, so it can drift from
is_global_path() as GLOBAL_FILES or GLOBAL_DIRECTORIES change. Refactor
global_unmapped_unsafe_and_empty_changes_select_all_with_a_reason in
affected_packages.rs to drive its cases from one shared table/source used by
is_global_path(), and iterate that table in the test so new global paths
automatically stay covered. Keep the existing assertions around select_affected
and Selection::All, but make the test table-driven and shared with the
production global-path matcher.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 4f042823-af75-49f5-8e78-97fe6dfa5f74

📥 Commits

Reviewing files that changed from the base of the PR and between 0082abd and f77625f.

📒 Files selected for processing (7)
  • .github/workflows/ci.yaml
  • AGENTS.md
  • Makefile
  • Makefile.toml
  • crates/xtask/src/affected_packages.rs
  • crates/xtask/src/isolated_package_builds.rs
  • crates/xtask/src/main.rs

@github-actions

github-actions Bot commented Jun 29, 2026

Copy link
Copy Markdown

🔍 Container Scan Summary

Service Total Critical High Medium Low Other
boot-artifacts-aarch64 3 0 0 3 0 0
boot-artifacts-x86_64 3 0 0 3 0 0
forge-admin-cli-x86_64 285 6 25 103 7 144
machine-validation-runner 748 30 189 272 36 221
machine_validation 748 30 189 272 36 221
machine_validation-aarch64 748 30 189 272 36 221
nvmetal-carbide 748 30 189 272 36 221
TOTAL 3283 126 781 1197 151 1028

Per-CVE detail lives in the per-service grype-* artifacts (JSON + SARIF). Severity counts only — no CVE IDs published here.

@poroh

poroh commented Jun 29, 2026

Copy link
Copy Markdown
Contributor Author

@coderabbitai full_review

@coderabbitai

coderabbitai Bot commented Jun 29, 2026

Copy link
Copy Markdown
Contributor

@poroh Re-running a full review of PR #2963 with emphasis on correctness, fallback safety, performance, and maintainability.

✅ Action performed

Full review finished.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@AGENTS.md`:
- Around line 129-137: Clarify the maintenance guidance for is_global_path() in
crates/xtask/src/affected_packages.rs by replacing the vague phrase with
explicit categories of shared paths; spell out which kinds of generated or
configuration directories should be treated as global, and keep the existing
examples of root Cargo files, Cargo.lock, cargo-make files, Rust toolchain
config, .cargo/, CI config, custom lint/xtask code, and include/ aligned with
that list. Make the wording unambiguous so contributors can tell when a newly
introduced shared directory must be added, and preserve the fallback rule that
any path not safely attributable to exactly one workspace package should select
the full workspace.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: fa5e3d37-e6f3-494b-846b-2f824b5f1ca4

📥 Commits

Reviewing files that changed from the base of the PR and between 0082abd and 375e302.

📒 Files selected for processing (7)
  • .github/workflows/ci.yaml
  • AGENTS.md
  • Makefile
  • Makefile.toml
  • crates/xtask/src/affected_packages.rs
  • crates/xtask/src/isolated_package_builds.rs
  • crates/xtask/src/main.rs

Comment thread AGENTS.md
Comment on lines +129 to +137
When reviewing changes that add, remove, rename, or repurpose shared Rust build
inputs, verify that `is_global_path()` in
`crates/xtask/src/affected_packages.rs` remains up to date. Currently matched
shared inputs include the root Cargo files and `Cargo.lock`, cargo-make files,
Rust toolchain configuration, `.cargo/`, CI configuration, custom lint and xtask
code, and `include/`. Add any newly introduced or repurposed shared generated or
configuration directories to the predicate. If a changed path cannot be mapped
safely to exactly one workspace package, affected-package selection must fall
back to the full workspace.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win

Clarify the directory categories in this guidance.

Line 134’s shared generated or configuration directories is ambiguous, so the is_global_path() maintenance rule is easy to misread. Please spell the categories out explicitly.

✏️ Proposed fix
- Rust toolchain configuration, `.cargo/`, CI configuration, custom lint and xtask
- code, and `include/`. Add any newly introduced or repurposed shared generated or
- configuration directories to the predicate.
+ Rust toolchain configuration, `.cargo/`, CI configuration, custom lint and xtask
+ code, and `include/`. Add any newly introduced or repurposed shared
+ generated/configuration directories to the predicate.

As per path instructions, review Markdown for correctness, clarity, spelling, grammar, working links, and whether commands/examples are realistic and safe.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
When reviewing changes that add, remove, rename, or repurpose shared Rust build
inputs, verify that `is_global_path()` in
`crates/xtask/src/affected_packages.rs` remains up to date. Currently matched
shared inputs include the root Cargo files and `Cargo.lock`, cargo-make files,
Rust toolchain configuration, `.cargo/`, CI configuration, custom lint and xtask
code, and `include/`. Add any newly introduced or repurposed shared generated or
configuration directories to the predicate. If a changed path cannot be mapped
safely to exactly one workspace package, affected-package selection must fall
back to the full workspace.
When reviewing changes that add, remove, rename, or repurpose shared Rust build
inputs, verify that `is_global_path()` in
`crates/xtask/src/affected_packages.rs` remains up to date. Currently matched
shared inputs include the root Cargo files and `Cargo.lock`, cargo-make files,
Rust toolchain configuration, `.cargo/`, CI configuration, custom lint and xtask
code, and `include/`. Add any newly introduced or repurposed shared
generated/configuration directories to the predicate. If a changed path cannot be mapped
safely to exactly one workspace package, affected-package selection must fall
back to the full workspace.
🧰 Tools
🪛 LanguageTool

[grammar] ~134-~134: Use a hyphen to join words.
Context: ...ny newly introduced or repurposed shared generated or configuration directories t...

(QB_NEW_EN_HYPHEN)

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@AGENTS.md` around lines 129 - 137, Clarify the maintenance guidance for
is_global_path() in crates/xtask/src/affected_packages.rs by replacing the vague
phrase with explicit categories of shared paths; spell out which kinds of
generated or configuration directories should be treated as global, and keep the
existing examples of root Cargo files, Cargo.lock, cargo-make files, Rust
toolchain config, .cargo/, CI config, custom lint/xtask code, and include/
aligned with that list. Make the wording unambiguous so contributors can tell
when a newly introduced shared directory must be added, and preserve the
fallback rule that any path not safely attributable to exactly one workspace
package should select the full workspace.

Sources: Path instructions, Linters/SAST tools

@poroh

poroh commented Jun 29, 2026

Copy link
Copy Markdown
Contributor Author

We decided not to make things more complex than needed and just remove check isolated packages from lint-police job: #2984

@poroh poroh closed this Jun 29, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant