builddiag checks the build contract of a Rust repository and emits:
- a versioned JSON report (machine-friendly)
- a compact Markdown summary (PR comment friendly)
- optional GitHub Actions annotations
It is designed to be fast and offline by default: it reads manifests and policy files; it does not run cargo commands.
From this repo:
cargo install --path crates/builddiag-clibuilddiag checkArtifacts default to artifacts/builddiag/:
report.jsoncomment.md
To emit GitHub annotations:
builddiag check --annotations githubbuilddiag check \
--out artifacts/builddiag/report.json \
--md artifacts/builddiag/comment.mdThe easiest way to integrate builddiag into your CI is using the reusable workflow:
jobs:
builddiag:
uses: EffortlessMetrics/builddiag/.github/workflows/builddiag.yml@main
with:
profile: oss # oss, team, or strict
fail_on: error # error, warn, or never
post_comment: true # Post PR comment with findings
permissions:
pull-requests: write # Required for PR comments- name: Install builddiag
uses: taiki-e/install-action@v2
with:
tool: builddiag
- name: builddiag (repo truth)
run: |
builddiag check \
--out artifacts/builddiag/report.json \
--md artifacts/builddiag/comment.md \
--annotations githubbuilddiag can be used as a pre-commit hook to validate your build contract before commits:
# .pre-commit-config.yaml
repos:
- repo: https://github.com/EffortlessMetrics/builddiag
rev: main # or a specific version tag
hooks:
- id: builddiagAvailable hook variants:
| Hook ID | Profile | Description |
|---|---|---|
builddiag |
oss | Default open-source profile (warn-heavy) |
builddiag-team |
team | Team profile with stronger gating |
builddiag-strict |
strict | Strict profile with maximum enforcement |
The hook triggers on changes to Cargo.toml, rust-toolchain.toml, or builddiag.toml.
Install pre-commit and set up the hooks:
pip install pre-commit
pre-commit installbuilddiag can output diagnostics in a format compatible with VS Code and other editors:
builddiag check --format diagnosticsThis outputs findings in JSON Lines format compatible with VS Code's problem matcher. You can configure a VS Code task to run builddiag and display findings in the Problems panel.
Example .vscode/tasks.json:
{
"version": "2.0.0",
"tasks": [
{
"label": "builddiag",
"type": "shell",
"command": "builddiag",
"args": ["check", "--format", "diagnostics"],
"problemMatcher": {
"owner": "builddiag",
"fileLocation": ["relative", "${workspaceFolder}"],
"pattern": {
"regexp": "^(.*):(\\d+):(\\d+):\\s+(error|warning|info):\\s+\\[(.+)\\]\\s+(.*)$",
"file": 1,
"line": 2,
"column": 3,
"severity": 4,
"code": 5,
"message": 6
}
}
}
]
}builddiag supports three output formats via --format:
| Format | Schema | Use Case |
|---|---|---|
builddiag (default) |
builddiag.report.v1 |
Native format for direct consumption |
sensor |
sensor.report.v1 |
Cockpit CI governance bus envelope |
diagnostics |
N/A | IDE-compatible path:line:col: severity: message lines |
The sensor format wraps the native report in a Cockpit-compatible envelope with structured verdicts, fingerprinted findings, capability tracking, and artifact references.
builddiag check --format sensor --out report.jsonThe --artifacts-dir flag writes a complete artifact bundle suitable for CI archival:
builddiag check --artifacts-dir artifacts/builddiagThis produces:
artifacts/builddiag/
├── report.json # sensor.report.v1 envelope
├── comment.md # Markdown summary (PR comment)
└── extras/
└── payload.json # builddiag.report.v1 native payload
When --artifacts-dir is set, --format, --out, and --md are overridden automatically.
For Cockpit CI governance pipelines, use cockpit mode for a single-flag experience:
- name: builddiag (cockpit mode)
run: builddiag check --mode cockpitThis automatically produces the canonical artifact tree at artifacts/builddiag/:
report.json— sensor.report.v1 envelopecomment.md— PR summaryextras/payload.json— builddiag.report.v1 (native payload)
Cockpit mode exits 0 whenever a report is written (even on policy violations or tool errors), so downstream systems can read the verdict from the report JSON.
The --mode flag controls exit code semantics:
| Mode | Exit 0 | Exit 1 | Exit 2 |
|---|---|---|---|
standard (default) |
Pass or Warn (when fail_on=error) | Runtime error | Policy violation |
cockpit |
Report written successfully | Catastrophic failure (no report) | N/A |
Cockpit mode is designed for CI pipelines where the downstream system reads the report JSON to determine pass/fail. Even on policy violations or tool errors, builddiag writes an error receipt and exits 0 so the pipeline can continue.
builddiag check --mode cockpit --artifacts-dir artifacts/builddiagProfiles configure check severities as presets. Select with --profile or in config:
| Profile | Philosophy | Typical Use |
|---|---|---|
oss (default) |
Warn-heavy, low friction | Open source projects, wide adoption |
team |
Stronger gating | Organizational repos with discipline |
strict |
All checks at error severity | Release discipline, CI/CD gates |
Profile severity matrix
| Check | oss | team | strict |
|---|---|---|---|
rust.msrv_defined |
warn | warn | error |
rust.msrv_consistent |
error | error | error |
rust.toolchain_pinning |
info | warn | error |
rust.toolchain_msrv_relation |
warn | error | error |
rust.edition_deprecations |
info | warn | error |
workspace.resolver_v2 |
info | warn | error |
workspace.edition_consistent |
warn | error | error |
workspace.member_ordering |
info | info | error |
workspace.publish_ready |
info | warn | error |
deps.* |
info | warn | error |
deps.security_advisory |
skip | warn | error |
tools.* |
skip | warn | error |
Optional config file:
builddiag check --config builddiag.tomlIf no config is provided, sensible defaults are used.
Use builddiag-core to embed builddiag in your own tools:
[dependencies]
builddiag-core = "0.2"use builddiag_core::{Settings, run};
let settings = Settings::default();
let result = run(&settings)?;
println!("Verdict: {:?}", result.report.verdict);See docs/integration.md for substrate bridge and advanced patterns.
cargo run -p xtask -- schemaMIT OR Apache-2.0