name: CI on: push: branches: [main] pull_request: workflow_dispatch: jobs: build: name: Build strategy: fail-fast: false matrix: os: [ubuntu-latest, macos-latest, windows-latest] runs-on: ${{ matrix.os }} steps: - name: Checkout repository uses: actions/checkout@v4 - name: Install Rust uses: dtolnay/rust-toolchain@stable with: toolchain: stable components: clippy - name: Setup Rust cache uses: Swatinem/rust-cache@v2 - name: Run build run: cargo build --locked --release clippy: name: Run Clippy scan runs-on: ubuntu-latest permissions: security-events: write steps: - name: Checkout repository uses: actions/checkout@v4 - name: Install Nix uses: DeterminateSystems/nix-installer-action@v10 - name: Setup Nix cache uses: DeterminateSystems/magic-nix-cache-action@v4 - name: Setup Rust cache uses: Swatinem/rust-cache@v2 - name: Install SARIF tools run: | nix profile install \ --inputs-from ./nix/dev \ github:getchoo/nix-exprs#{clippy-sarif,sarif-fmt} - name: Fetch Cargo deps run: | nix develop ./nix/dev#ci --command \ cargo fetch --locked - name: Run Clippy continue-on-error: true run: | nix develop ./nix/dev#ci --command \ cargo clippy \ --all-features \ --all-targets \ --message-format=json \ | clippy-sarif | tee /tmp/clippy.sarif | sarif-fmt - name: Upload results uses: github/codeql-action/upload-sarif@v3 with: sarif_file: /tmp/clippy.sarif wait-for-processing: true format: name: Check formatting runs-on: ubuntu-latest steps: - name: Checkout repository uses: actions/checkout@v4 - name: Install Nix uses: DeterminateSystems/nix-installer-action@v10 - name: Setup Nix cache uses: DeterminateSystems/magic-nix-cache-action@v4 - name: Run treefmt run: | pushd nix/dev nix fmt popd git diff --color=always --exit-code release-gate: name: CI Release Gate needs: [build, format] runs-on: ubuntu-latest steps: - name: Exit with result run: echo "We're good to go!"