name: clippy

on:
  push:
    branches: [main]
  pull_request:
  workflow_dispatch:

jobs:
  clippy:
    runs-on: ubuntu-latest

    permissions:
      security-events: write

    steps:
      - uses: actions/checkout@v4

      - name: install rust
        uses: dtolnay/rust-toolchain@stable
        with:
          toolchain: stable
          components: clippy

      - name: setup rust cache
        uses: Swatinem/rust-cache@v2

      - name: install sarif tools
        run: cargo install clippy-sarif sarif-fmt

      - name: fetch cargo deps
        run: cargo fetch --locked

      - name: run clippy
        continue-on-error: true
        run: |
          set -euxo pipefail

          cargo clippy \
            --all-features \
            --all-targets \
            --message-format=json \
          | clippy-sarif | tee /tmp/clippy.sarif | sarif-fmt

      - name: upload results
        uses: github/codeql-action/upload-sarif@v2
        with:
          sarif_file: /tmp/clippy.sarif
          wait-for-processing: true