[build] add code coverage report to workflow summary#167
Merged
Conversation
* Snapshot from main: 12/11/2025, top-level folder name update, and various fixes for actions * trigger actions on dev
* snapshot from main: 1/5/2026 * various action fixes * fix setup step in windows action * update install-symcrypt.ps1 * fix install_symcrypt xtask * add copyright to install-symcrypt.ps1
* Add toml formatting support * Force LF line endings for TOML files so taplo works fine on Windows * Move location of .gitattributes
* snapshot from main: 1/8/26 055aa926e * Remove symcrypt from SDK completely * Remove symcrypt from actions * update taplo.toml
* add stages to precheck xtask * update actions to use precheck stages
* add audit xtask * fix audit version number & fmt error * fix RUSTSEC-2024-0436, deny warnings in audit xtask, and remove unused paste dependencies
* Merge native api * [BUILD] Remove Native API Build & Test in pipelines * [feat] ECC KeyGen and one-shot and streaming Sign/Verify native API (#22) * ECC KeyGen Native API * ECC Sign/Verify one-shot native API * ECC Sign/Verify streaming native API * Moving dispatch to FFI boundary * Moving key generation to specific modules * Added HMAC support in napi (#23) * Added HMAC support in napi * added HMAC tests * fixed clippy warning * Added Key Convertion from HsmGenericSecret key into Aes or Hmac * [feat] RSA wrapping keypair gen + SHA one-shot + SHA streaming native API (#26) * RSA key unwrapping key pair generation * SHA one-shot native api * SHA streaming native api * [fix] Fixed HMAC Verify Context (#27) * Added HMAC support in napi * added HMAC tests * fixed clippy warning * Added Key Convertion from HsmGenericSecret key into Aes or Hmac * Added HMAC Verify Context * Validate AES Key Properties (#28) * initial key properties check * Added key prop test cases * added HsmKeyPropFlags check * Addressing review comments * added test to validate token AES key gen * [feat] HMAC one-shot and streaming native API (#29) HMAC one-shot and streaming native API * Ecc key prop validation (#31) * added key prop validation for ECC * added rust doc comments * Fixed clippy warning --------- Co-authored-by: Rajesh Gali <rajeshgali@microsoft.com> * Validate RSA properties (#32) Co-authored-by: Rajesh Gali <rajeshgali@microsoft.com> * Implement cpp code formatting check/fix via xtask fmt * Fix clippy errors * [build] Add cpp code formatting checks (#34) * Implement cpp code formatting check/fix via xtask fmt * Fix clippy errors * Fix audit violation for atty * Check Generic Secret Key properties (#33) Co-authored-by: Rajesh Gali <rajeshgali@microsoft.com> * [feat] Key Unwrap, RSA Encrypt/Decrypt, RSA Sign/Verify Native API (#35) * Remove audit.toml and fix typo in cargo xtask main * Fix windows build break * [build] Cleanup for merge to devi This commit contains following 1. Delete old api folder 2. Rename napi folder to api 3. Integrate OpenSSL Provider into the build system * Fix build break * Disable clang-format in pipeline * Fix build break in ossl provider * Implement Key Unmasking for AES, ECC & RSA Keys (#36) This pull request implements key unmasking functionality for AES, ECC, and RSA keys, allowing keys to be reconstructed from their masked representation. The PR also includes API renaming (RsaAesKeywrap → RsaAesKeyWrap) and removes unused key property functions. Changes: Implements key unmasking traits and algorithms for AES, ECC, and RSA keys Adds masked key parsing infrastructure to extract key properties from masked key blobs Refactors existing tests and adds comprehensive unmask tests for all key types Renames algorithm identifier from RsaAesKeywrap to RsaAesKeyWrap across codebase Removes unused key property flags and methods (PRIVATE, MODIFIABLE, COPYABLE, DESTROYABLE, ALWAYS_SENSITIVE, NEVER_EXTRACTABLE) Updates check_supported_flags to allow SENSITIVE, EXTRACTABLE, and LOCAL flags universally * [feat] RSA Sign/Verify Streaming Native API * [feat] Add key unmasking and property API enhancements (#37) * [feat] Add key unmasking and property API enhancements This commit implements key unmasking capabilities for AES, RSA, and ECC keys, allowing keys to be restored from their masked (encrypted) state. It also standardizes key property handling and updates the native C API to support these features. Key changes: - Add azihsm_key_unmask() for symmetric keys (AES) - Add azihsm_key_unmask_pair() for asymmetric key pairs (RSA, ECC) - Implement unmask operations in algo modules (aes, rsa, ecc) - Rename azihsm_keypair_unwrap to azihsm_key_unwrap_pair for consistency - Enhance azihsm_key_get_prop to support all key types - Refactor shared_types.rs to use zerocopy derives and remove TryFrom impls - Simplify error handling in masked_key.rs (use return instead of Err?) - Update key property IDs to match revised documentation - Add copy_to_key_prop helper for property buffer management - Add comprehensive tests for key unmasking operations - Update documentation to reflect new key property IDs * Fix OSSL Provider * [refactor] Rename AZIHSM_ERROR to AZIHSM_STATUS --------- Co-authored-by: Vishal Mhatre <38512878+mhatrevi@users.noreply.github.com> Co-authored-by: Rajesh Gali <g.rajesh@live.com> Co-authored-by: Rajesh Gali <rajeshgali@microsoft.com> Co-authored-by: Vishal Mhatre <vishal.mhatre@gmail.com>
Signed-off-by: Christian Walter <christian.walter@9elements.com>
Key Attestation Native API
* Adding copilot-instructions.md * Resolve copilot PR feedback * Resolve PR feedback
* install cargo-llvm-cov in setup xtask * add coverage xtask & enable in actions * update coverage report location in actions * fix fmt errors * merge branch 'dev' into users/v-davidz/add_cargo-llvm-cov & fix windows 'os error 3' * attempt fix of missing cobertura_sdk.xml artifact on ubuntu * remove console coverage report, fix exclusion of xtask coverage data, & debug missing coverage artifacts on ubuntu * fix ./target/report location & remove debug step in actions * disable code coverage stage in local precheck
* Update copilot instructions * Update .github/copilot-instructions.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* add check to validate device returned key props * fixed clippy warning * updated keybit len in CPP HMAC SH512 test * Added ECDH Device property checks * addressing copilot comments * Addressing review comments --------- Co-authored-by: Rajesh Gali <rajeshgali@microsoft.com>
* Initial plan * Update fmt command to use nightly toolchain Co-authored-by: jaygmsft <22506014+jaygmsft@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: jaygmsft <22506014+jaygmsft@users.noreply.github.com> Co-authored-by: Jayant Gandhi <jayg@microsoft.com>
* Initial plan * Remove duplicate copyright line from hash_sign_tests.rs Co-authored-by: jaygmsft <22506014+jaygmsft@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: jaygmsft <22506014+jaygmsft@users.noreply.github.com>
* Initial plan * Add copilot-setup-steps.yml for GitHub Copilot coding agent Co-authored-by: jaygmsft <22506014+jaygmsft@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: jaygmsft <22506014+jaygmsft@users.noreply.github.com>
This commit adds sha1, sha256, sha384 and sha512 dgst operation. Signed-off-by: Christian Walter <christian.walter@9elements.com>
* fix: CodeQL Fixes Signed-off-by: Christian Walter <christian.walter@9elements.com> * feat: add NO_FOLLOW to open Signed-off-by: Christian Walter <christian.walter@9elements.com> --------- Signed-off-by: Christian Walter <christian.walter@9elements.com>
zimmy87
changed the title
Contributor
There was a problem hiding this comment.
Pull request overview
Adds an xtask subcommand to generate a Markdown code coverage summary and publishes it into the GitHub Actions workflow summary as part of CI reporting.
Changes:
- Generate an
llvm-covJSON summary report alongside existing Cobertura/XML and HTML outputs. - Add a new
xtask coverage-report(andprecheck --coverage-report) command to render a Markdown table from the JSON report. - Update CI workflow to invoke the new coverage summary step.
Reviewed changes
Copilot reviewed 7 out of 7 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| xtask/src/precheck.rs | Adds --coverage-report stage and runs it in precheck flow. |
| xtask/src/main.rs | Registers the new CoverageReport subcommand/module. |
| xtask/src/coverage_report.rs | New implementation that reads sdk-cov.json and writes a Markdown summary. |
| xtask/src/coverage.rs | Adds generation of sdk-cov.json via cargo llvm-cov report --json --summary-only. |
| xtask/Cargo.toml | Adds jzon dependency for JSON parsing in xtask. |
| Cargo.toml | Adds workspace version pin for jzon. |
| .github/workflows/rust.yml | Invokes cargo xtask precheck --coverage-report in Ubuntu/Windows jobs. |
jaygmsft
approved these changes
Feb 25, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.