.github/workflows/ci.yml - third_party/github/OpenPRoT/openprot - Git at Google

 # Licensed under the Apache-2.0 license

 name: CI

 on:
   push:
     branches: [ main, develop ]
   pull_request:
     branches: [ main ]

 env:
   CARGO_TERM_COLOR: always
   RUST_BACKTRACE: 1

 jobs:
   test:
     name: Test
     runs-on: ubuntu-latest
     strategy:
       matrix:
         rust:
           - stable
           - beta
           - nightly
     steps:
     - uses: actions/checkout@v5

     - name: Install Rust toolchain
       uses: dtolnay/rust-toolchain@master
       with:
         toolchain: ${{ matrix.rust }}
         components: clippy, rustfmt

     - name: Cache cargo registry
       uses: actions/cache@v4
       with:
         path: |
           ~/.cargo/registry
           ~/.cargo/git
           target
         key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}

     - name: Check formatting
       run: cargo xtask fmt --check

     - name: Run clippy
       run: cargo xtask clippy

     - name: Run tests
       run: cargo xtask test

     - name: Build
       run: cargo xtask build

   build-targets:
     name: Build Targets
     runs-on: ubuntu-latest
     strategy:
       matrix:
         target:
           - x86_64-unknown-linux-gnu
     steps:
     - uses: actions/checkout@v5

     - name: Install Rust toolchain
       uses: dtolnay/rust-toolchain@master
       with:
         toolchain: nightly-2025-02-15
         targets: ${{ matrix.target }}
         components: clippy, rust-src, llvm-tools, rustfmt, rustc-dev

     - name: Cache cargo registry
       uses: actions/cache@v4
       with:
         path: |
           ~/.cargo/registry
           ~/.cargo/git
           target
         key: ${{ runner.os }}-${{ matrix.target }}-cargo-${{ hashFiles('**/Cargo.lock') }}

     - name: Build for target
       run: cargo build --target ${{ matrix.target }}

   security-audit:
     name: Security Audit
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v5

     - name: Install Rust toolchain
       uses: dtolnay/rust-toolchain@stable
       with:
         components: clippy

     - name: Cache cargo registry
       uses: actions/cache@v4
       with:
         path: |
           ~/.cargo/registry
           ~/.cargo/git
           target
         key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}

     - name: Install cargo-audit
       run: cargo install cargo-audit --locked

     - name: Install cargo-deny
       run: cargo install cargo-deny --version 0.18.3 --locked

     - name: Run security audit
       run: cargo audit

     - name: Run cargo deny checks
       run: cargo xtask deny

     - name: Run security-focused clippy lints
       run: |
         cargo clippy --all-targets --all-features --workspace --exclude openprot-platform-mock -- \
           -D warnings \
           -W clippy::arithmetic_side_effects \
           -W clippy::float_arithmetic \
           -W clippy::indexing_slicing \
           -W clippy::unwrap_used \
           -W clippy::expect_used \
           -W clippy::panic \
           -W clippy::mem_forget \
           -W clippy::multiple_unsafe_ops_per_block \
           -W clippy::undocumented_unsafe_blocks \
           -A clippy::assertions_on_constants \
           -A clippy::needless_return

     - name: Run strict security lints on non-test code
       run: |
         cargo clippy --lib --bins --workspace --exclude openprot-platform-mock -- \
           -D warnings \
           -D clippy::arithmetic_side_effects \
           -D clippy::float_arithmetic \
           -D clippy::indexing_slicing \
           -D clippy::unwrap_used \
           -D clippy::expect_used \
           -D clippy::panic \
           -D clippy::mem_forget \
           -D clippy::multiple_unsafe_ops_per_block \
           -D clippy::undocumented_unsafe_blocks \
           -D clippy::assertions_on_constants

     - name: Run semgrep security scan
       uses: returntocorp/semgrep-action@v1
       with:
         config: p/rust
	# Licensed under the Apache-2.0 license

	name: CI

	on:
	push:
	branches: [ main, develop ]
	pull_request:
	branches: [ main ]

	env:
	CARGO_TERM_COLOR: always
	RUST_BACKTRACE: 1

	jobs:
	test:
	name: Test
	runs-on: ubuntu-latest
	strategy:
	matrix:
	rust:
	- stable
	- beta
	- nightly
	steps:
	- uses: actions/checkout@v5

	- name: Install Rust toolchain
	uses: dtolnay/rust-toolchain@master
	with:
	toolchain: ${{ matrix.rust }}
	components: clippy, rustfmt

	- name: Cache cargo registry
	uses: actions/cache@v4
	with:
	path: \|
	~/.cargo/registry
	~/.cargo/git
	target
	key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}

	- name: Check formatting
	run: cargo xtask fmt --check

	- name: Run clippy
	run: cargo xtask clippy

	- name: Run tests
	run: cargo xtask test

	- name: Build
	run: cargo xtask build

	build-targets:
	name: Build Targets
	runs-on: ubuntu-latest
	strategy:
	matrix:
	target:
	- x86_64-unknown-linux-gnu
	steps:
	- uses: actions/checkout@v5

	- name: Install Rust toolchain
	uses: dtolnay/rust-toolchain@master
	with:
	toolchain: nightly-2025-02-15
	targets: ${{ matrix.target }}
	components: clippy, rust-src, llvm-tools, rustfmt, rustc-dev

	- name: Cache cargo registry
	uses: actions/cache@v4
	with:
	path: \|
	~/.cargo/registry
	~/.cargo/git
	target
	key: ${{ runner.os }}-${{ matrix.target }}-cargo-${{ hashFiles('**/Cargo.lock') }}

	- name: Build for target
	run: cargo build --target ${{ matrix.target }}

	security-audit:
	name: Security Audit
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v5

	- name: Install Rust toolchain
	uses: dtolnay/rust-toolchain@stable
	with:
	components: clippy

	- name: Cache cargo registry
	uses: actions/cache@v4
	with:
	path: \|
	~/.cargo/registry
	~/.cargo/git
	target
	key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}

	- name: Install cargo-audit
	run: cargo install cargo-audit --locked

	- name: Install cargo-deny
	run: cargo install cargo-deny --version 0.18.3 --locked

	- name: Run security audit
	run: cargo audit

	- name: Run cargo deny checks
	run: cargo xtask deny

	- name: Run security-focused clippy lints
	run: \|
	cargo clippy --all-targets --all-features --workspace --exclude openprot-platform-mock -- \
	-D warnings \
	-W clippy::arithmetic_side_effects \
	-W clippy::float_arithmetic \
	-W clippy::indexing_slicing \
	-W clippy::unwrap_used \
	-W clippy::expect_used \
	-W clippy::panic \
	-W clippy::mem_forget \
	-W clippy::multiple_unsafe_ops_per_block \
	-W clippy::undocumented_unsafe_blocks \
	-A clippy::assertions_on_constants \
	-A clippy::needless_return

	- name: Run strict security lints on non-test code
	run: \|
	cargo clippy --lib --bins --workspace --exclude openprot-platform-mock -- \
	-D warnings \
	-D clippy::arithmetic_side_effects \
	-D clippy::float_arithmetic \
	-D clippy::indexing_slicing \
	-D clippy::unwrap_used \
	-D clippy::expect_used \
	-D clippy::panic \
	-D clippy::mem_forget \
	-D clippy::multiple_unsafe_ops_per_block \
	-D clippy::undocumented_unsafe_blocks \
	-D clippy::assertions_on_constants

	- name: Run semgrep security scan
	uses: returntocorp/semgrep-action@v1
	with:
	config: p/rust