name: Clippy

on:
  push:
    branches: [main]
    paths:
      - 'Cargo.toml'
      - 'Cargo.lock'
      - '**.rs'
  pull_request:
    paths:
      - 'Cargo.toml'
      - 'Cargo.lock'
      - '**.rs'
  workflow_dispatch:

jobs:
  clippy:
    name: Run scan

    runs-on: ubuntu-latest

    permissions:
      security-events: write

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Install Rust
        uses: actions-rust-lang/setup-rust-toolchain@v1
        with:
          components: clippy

      - name: Install SARIF tools
        run: |
          cargo install clippy-sarif sarif-fmt

      - name: Fetch Cargo deps
        run: |
          cargo fetch --locked

      - name: Run Clippy
        continue-on-error: true
        run: |
          cargo clippy \
            --all-features \
            --all-targets \
            --message-format=json \
          | clippy-sarif | tee /tmp/clippy.sarif | sarif-fmt

      - name: Upload results
        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: /tmp/clippy.sarif
          wait-for-processing: true