ci: add Codecov Test Analytics via cargo-nextest

[twangodev]

Generate JUnit XML with cargo-nextest and upload it to Codecov Test Analytics.

Summary by CodeRabbit

• Chores
  • Enhanced CI/CD pipeline to use nextest for improved test execution and reporting.
  • Integrated Codecov Test Analytics for better test visibility and tracking in continuous integration.
  • Configured JUnit test result output for CI workflows to enable detailed test analytics.

[coderabbitai]

Warning

Review limit reached

@twangodev, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 47 minutes and 23 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 91d62d57-f72b-487a-b4b8-6b9bf21eb811

📥 Commits

Reviewing files that changed from the base of the PR and between d1ffb1b and 6733c6d.

📒 Files selected for processing (1)

• .github/workflows/rust.yml

📝 Walkthrough

Walkthrough

The PR adds Nextest configuration for JUnit test output and updates the GitHub Actions CI workflow to install Nextest, run tests with a dedicated ci profile, and upload JUnit results to Codecov Test Analytics on Ubuntu runners, replacing the previous cargo test invocation.

Changes

Nextest and Codecov Integration

Layer / File(s)	Summary
Nextest JUnit configuration .config/nextest.toml	Nextest ci profile is configured with a JUnit output block targeting junit.xml for test result collection.
CI workflow Nextest and Codecov integration .github/workflows/rust.yml	GitHub Actions workflow adds Nextest installation, replaces cargo test with cargo nextest run --profile ci, and introduces a conditional Codecov test-results upload step that publishes the generated target/nextest/ci/junit.xml on ubuntu-latest.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 A rabbit hops through test results bright,
Nextest dashes left and right,
JUnit XML shines like morning dew,
Codecov learns what tests can do! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'ci: add Codecov Test Analytics via cargo-nextest' directly and accurately summarizes the main change: integrating Codecov Test Analytics using cargo-nextest for CI.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch ci/codecov-test-analytics

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

.github/workflows/rust.yml (1)

49-66: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Set explicit least-privilege permissions for the test job.

This job currently relies on default token permissions. Declare minimal permissions explicitly to prevent over-privileged defaults.

Suggested change

   test:
     name: Test (${{ matrix.os }})
     needs: [setup, fmt, clippy, msrv]
     runs-on: ${{ matrix.os }}
+    permissions:
+      contents: read

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/rust.yml around lines 49 - 66, The test job "test" relies
on default token permissions; add an explicit least-privilege permissions block
at the job level (under the job named "test") to avoid over‑privileged
defaults—for example add permissions: contents: read (and only other minimal
scopes you actually need, avoid write scopes). Place this permissions mapping
directly under the test job declaration so the job (and steps like checkout and
running cargo nextest) run with minimal rights and the Codecov upload still uses
the provided secret token.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/rust.yml:
- Line 59: The workflow uses tag-based action refs
(taiki-e/install-action@nextest and codecov/test-results-action@v1); replace
those with immutable commit SHAs: find the corresponding GitHub Action
repositories (taiki-e/install-action and codecov/test-results-action), copy the
exact commit SHA you want to pin from their default branch, and update the uses
lines to taiki-e/install-action@<commit-sha> and
codecov/test-results-action@<commit-sha>; ensure both occurrences in the
rust.yml are updated and optionally add a short comment with the pinned SHA and
date.

---

Outside diff comments:
In @.github/workflows/rust.yml:
- Around line 49-66: The test job "test" relies on default token permissions;
add an explicit least-privilege permissions block at the job level (under the
job named "test") to avoid over‑privileged defaults—for example add permissions:
contents: read (and only other minimal scopes you actually need, avoid write
scopes). Place this permissions mapping directly under the test job declaration
so the job (and steps like checkout and running cargo nextest) run with minimal
rights and the Codecov upload still uses the provided secret token.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 599f63d0-31ba-42fa-b2b8-177c9d0df3c4

📥 Commits

Reviewing files that changed from the base of the PR and between 3569d2d and d1ffb1b.

📒 Files selected for processing (2)

• .config/nextest.toml
• .github/workflows/rust.yml

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ All tests successful. No failed tests found.