mirrors/zizmor
1
0
Fork 0
mirror of https://github.com/zizmorcore/zizmor.git synced 2025-12-23 08:47:33 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

chore(docs): improve the dev docs a bit (#1050)

Browse source 
* chore(docs): update some dev instructions

* chore(docs): document the benchmarking components
This commit is contained in:
William Woodruff 2025-07-31 19:38:10 -04:00 committed by GitHub
parent 0dcd6eba53
commit acd227abd6
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 31 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

33
docs/development.md
View file

@ -170,6 +170,34 @@ GH_TOKEN=$(gh auth token) cargo insta test --force-update-snapshots --features o
See [insta's documentation] for more details.
## Benchmarking
`zizmor` currently uses [hyperfine](https://github.org/sharkdp/hyperfine)
for command-line benchmarking.
Benchmarks are stored in the top-level `bench/` directory, and can be
run locally with:
```bash
# run all benchmarks
make bench
```
We currently run benchmarks in the CI and report their results
to [Bencher](https://bencher.dev/). See
[our project page](https://bencher.dev/console/projects/zizmor/plots)
on Bencher for results and trends.
### Adding new benchmarks
`zizmor` currently orchestrates benchmarks with `bench/benchmark.py`,
which wraps `hyperfine` to add a planning phase.
Take a look at `bench/benchmarks.json` for the current benchmarks.
Observe that each benchmark tells `benchmark.py` how to retrieve its
input as well as provides a `stencil` that the benchmark runner will
expand to run the benchmark.
## Building the website
`zizmor`'s website is built with [MkDocs](https://www.mkdocs.org/), which
@ -293,8 +321,9 @@ The general procedure for adding a new audit can be described as:
- You may want to use both the `AuditState` and `github_api::Client` to get the job done
- Assign the proper `location` when creating a `Finding`, grabbing it from the
proper `Workflow`, `Job` or `Step` instance
- Register `MyNewAudit` in the known audits at `crates/zizmor/src/main.rs`
- Add proper integration tests covering some scenarios at `tests/acceptance.rs`
- Add `MyNewAudit` to `AuditRegistry::default_audits` in `crates/zizmor/src/registry.rs`
- Add proper integration tests covering some scenarios to the snapshot tests
in `crates/zizmor/tests/integration/snapshot.rs`
- Add proper docs for this new audit at `docs/audits`. Take care to add your new
heading in alpha order relative to the other audit headings. Please include
relevant public information about the underlying vulnerability