chore: v1.0.0 release changes

Author: thedoublejay

.cargo/config.toml

@@ -0,0 +1,3 @@
+[alias]
+ck = "check --all-features --all-targets --locked"
+lint = "clippy --all-targets --all-features -- --deny warnings"

.config/nextest.toml

@@ -0,0 +1,17 @@
+[store]
+dir = "target/nextest"
+
+[profile.default]
+fail-fast = false
+retries = 1
+slow-timeout = { period = "30s", terminate-after = 2 }
+status-level = "all"
+final-status-level = "slow"
+
+[profile.stress]
+fail-fast = true
+retries = 0
+test-threads = 4
+slow-timeout = { period = "30s", terminate-after = 2 }
+status-level = "fail"
+final-status-level = "slow"

.editorconfig

@@ -0,0 +1,22 @@
+root = true
+
+[*]
+charset = utf-8
+end_of_line = lf
+insert_final_newline = true
+trim_trailing_whitespace = true
+
+[*.rs]
+indent_style = space
+indent_size = 4
+
+[*.toml]
+indent_style = space
+indent_size = 4
+
+[*.{yml,yaml}]
+indent_style = space
+indent_size = 2
+
+[*.md]
+trim_trailing_whitespace = false

.github/workflows/ci.yml

@@ -0,0 +1,107 @@
+name: CI
+
+permissions:
+  contents: read
+
+on:
+  pull_request:
+  push:
+    branches: [main]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}
+  cancel-in-progress: true
+
+env:
+  RUST_BACKTRACE: 1
+
+jobs:
+  lint:
+    name: Lint
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6.0.2
+      # Pinned to a specific SHA (was dtolnay/rust-toolchain@master, 2026-04-15).
+      - uses: dtolnay/rust-toolchain@3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9
+        with:
+          toolchain: 1.94.1
+          components: clippy, rustfmt
+      - uses: Swatinem/rust-cache@v2.8.1
+      - name: Check formatting
+        run: cargo fmt --all --check
+      - name: Clippy
+        run: cargo clippy --all-targets --all-features -- -D warnings
+      - name: Spell check
+        uses: crate-ci/typos@v1.40.0
+
+  deny:
+    name: Cargo Deny
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6.0.2
+      - uses: taiki-e/install-action@v2
+        with:
+          tool: cargo-deny
+      - run: cargo deny check
+
+  unused-deps:
+    name: Unused Dependencies
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6.0.2
+      # Pinned to a specific SHA (was dtolnay/rust-toolchain@master, 2026-04-15).
+      - uses: dtolnay/rust-toolchain@3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9
+        with:
+          toolchain: 1.94.1
+      - uses: taiki-e/install-action@v2
+        with:
+          tool: cargo-shear
+      - run: cargo shear
+
+  test:
+    name: Test (macOS)
+    runs-on: macos-latest
+    steps:
+      - uses: actions/checkout@v6.0.2
+      # Pinned to a specific SHA (was dtolnay/rust-toolchain@master, 2026-04-15).
+      - uses: dtolnay/rust-toolchain@3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9
+        with:
+          toolchain: 1.94.1
+      - uses: Swatinem/rust-cache@v2.8.1
+        with:
+          save-if: ${{ github.ref == 'refs/heads/main' }}
+      - uses: taiki-e/install-action@v2
+        with:
+          tool: cargo-nextest
+      - run: cargo nextest run --all-features
+
+  mvcc-stress:
+    name: MVCC Stress
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6.0.2
+      # Pinned to a specific SHA (was dtolnay/rust-toolchain@master, 2026-04-15).
+      - uses: dtolnay/rust-toolchain@3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9
+        with:
+          toolchain: 1.94.1
+      - uses: Swatinem/rust-cache@v2.8.1
+      - uses: taiki-e/install-action@v2
+        with:
+          tool: cargo-nextest
+      - name: Run MVCC consistency 100x
+        run: |
+          for run in $(seq 1 100); do
+            cargo nextest run --profile stress --test mvcc_consistency
+          done
+
+  msrv:
+    name: MSRV Check
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6.0.2
+      # Pinned to a specific SHA (was dtolnay/rust-toolchain@master, 2026-04-15).
+      - uses: dtolnay/rust-toolchain@3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9
+        with:
+          toolchain: 1.94.1
+      - uses: Swatinem/rust-cache@v2.8.1
+      - run: cargo check --all-features --locked

.github/workflows/release.yml

@@ -0,0 +1,149 @@
+name: Release
+
+on:
+  push:
+    # GitHub Actions tag filters are glob patterns (per the filter-pattern
+    # cheat sheet), not regex. `v*.*.*` matches `v<digits>.<digits>.<digits>`
+    # tags like `v1.0.0` without relying on the `+` quantifier, which is easy
+    # to misread as a literal `+`.
+    tags: ["v*.*.*"]
+
+permissions:
+  contents: write
+
+jobs:
+  verify:
+    name: Verify Release Tag
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6.0.2
+      - uses: dtolnay/rust-toolchain@3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9
+        with:
+          toolchain: 1.94.1
+          components: clippy, rustfmt
+      - uses: Swatinem/rust-cache@v2.8.1
+      - uses: taiki-e/install-action@v2
+        with:
+          tool: cargo-nextest
+      - uses: taiki-e/install-action@v2
+        with:
+          tool: cargo-deny
+      - uses: taiki-e/install-action@v2
+        with:
+          tool: cargo-shear
+      - name: Check formatting
+        run: cargo fmt --all --check
+      - name: Clippy
+        run: cargo clippy --all-targets --all-features -- -D warnings
+      - name: Cargo Deny
+        run: cargo deny check
+      - name: Unused dependencies
+        run: cargo shear
+      - name: Nextest
+        run: cargo nextest run --all-features
+
+  build:
+    name: Build (${{ matrix.target }})
+    needs: verify
+    runs-on: ${{ matrix.os }}
+    permissions:
+      contents: write
+      attestations: write
+      id-token: write
+    strategy:
+      fail-fast: false
+      matrix:
+        # macOS-only by design for the initial public release scope.
+        include:
+          - target: x86_64-apple-darwin
+            os: macos-latest
+          - target: aarch64-apple-darwin
+            os: macos-latest
+    env:
+      REF_NAME: ${{ github.ref_name }}
+      TARGET: ${{ matrix.target }}
+    steps:
+      - uses: actions/checkout@v6.0.2
+      # Pinned to a specific SHA (was dtolnay/rust-toolchain@master, 2026-04-15)
+      # to avoid a supply-chain vector under `attestations: write` + `id-token: write`.
+      - uses: dtolnay/rust-toolchain@3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9
+        with:
+          toolchain: 1.94.1
+          targets: ${{ matrix.target }}
+      - uses: Swatinem/rust-cache@v2.8.1
+      - name: Build
+        shell: bash
+        # `--locked` ensures the release binary is built against the exact
+        # dependency graph captured in Cargo.lock; a tag build must not silently
+        # resolve a different graph if a manifest changed.
+        run: cargo build --release --locked --target "$TARGET" -p gather-step
+      - name: Smoke test binary — version
+        shell: bash
+        run: "./target/${TARGET}/release/gather-step --version"
+      - name: Smoke test binary — help
+        shell: bash
+        run: "./target/${TARGET}/release/gather-step --help"
+      - name: Smoke test binary — index + status against embedded fixture
+        shell: bash
+        run: |
+          set -euo pipefail
+          fixture=$(mktemp -d)
+          mkdir -p "$fixture/repos/smoke/src"
+          cat > "$fixture/gather-step.config.yaml" <<'YAML'
+          repos:
+            - name: smoke
+              path: repos/smoke
+          indexing:
+            workspace_concurrency: 1
+          YAML
+          cat > "$fixture/repos/smoke/package.json" <<'JSON'
+          { "name": "smoke", "dependencies": { "@nestjs/core": "^11.0.0" } }
+          JSON
+          cat > "$fixture/repos/smoke/src/smoke.ts" <<'TS'
+          export function smokeFn(): number { return 1; }
+          TS
+          "./target/${TARGET}/release/gather-step" \
+            --workspace "$fixture" --json index
+          "./target/${TARGET}/release/gather-step" \
+            --workspace "$fixture" --json status
+          rm -rf "$fixture"
+      - name: Package archive
+        shell: bash
+        run: |
+          mkdir -p dist
+          cp "target/${TARGET}/release/gather-step" "dist/gather-step-${TARGET}"
+          tar -C dist -czf "dist/gather-step-${REF_NAME}-${TARGET}.tar.gz" "gather-step-${TARGET}"
+      - name: Upload archive artifact
+        uses: actions/upload-artifact@v7.0.1
+        with:
+          name: gather-step-${{ matrix.target }}
+          path: dist/gather-step-${{ github.ref_name }}-${{ matrix.target }}.tar.gz
+      # Attest the archive so users can verify the downloaded release bundle.
+      - name: Attest archive provenance
+        uses: actions/attest-build-provenance@v4.1.0
+        with:
+          subject-path: dist/gather-step-${{ github.ref_name }}-${{ matrix.target }}.tar.gz
+      # Attest the binary directly so `gh attestation verify` works on the
+      # extracted binary too, not only on the archive bundle.
+      - name: Attest binary provenance
+        uses: actions/attest-build-provenance@v4.1.0
+        with:
+          subject-path: dist/gather-step-${{ matrix.target }}
+
+  release:
+    name: Publish Release
+    needs: build
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - name: Download build artifacts
+        uses: actions/download-artifact@v5
+        with:
+          path: dist
+          merge-multiple: true
+      - name: Publish GitHub release
+        uses: softprops/action-gh-release@v2.5.0
+        with:
+          draft: true
+          files: dist/*.tar.gz

.gitignore

@@ -0,0 +1,23 @@
+# Rust
+/target
+*.rs.bk
+rust_out
+
+# JavaScript / Astro / Starlight
+node_modules/
+dist/
+.astro/
+
+# Editors
+.idea/
+.vscode/
+*.swp
+
+# OS
+.DS_Store
+
+# Local profile config (never commit)
+.gather-step.local.yaml
+
+# Generated indexer state — test artifacts, CLI runs, etc.
+.gather-step/