name: Clippy

on:
  push:
    paths:
      - 'Cargo.toml'
      - 'Cargo.lock'
      - '**.rs'
    branches: [main]
  pull_request:
    paths:
      - 'Cargo.toml'
      - 'Cargo.lock'
      - '**.rs'
  workflow_dispatch:

jobs:
  clippy:
    name: Run scan

    runs-on: ubuntu-latest

    permissions:
      security-events: write

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Install Rust
        uses: dtolnay/rust-toolchain@stable
        with:
          components: "clippy"

      - name: Setup Rust cache
        uses: Swatinem/rust-cache@v2

      - name: Install SARIF tools
        run: |
          cargo install clippy-sarif sarif-fmt

      - name: Fetch Cargo deps
        run: |
          cargo fetch --locked

      - name: Run Clippy
        continue-on-error: true
        run: |
          cargo clippy \
            --all-features \
            --all-targets \
            --message-format=json \
          | clippy-sarif | tee /tmp/clippy.sarif | sarif-fmt

      - name: Upload results
        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: /tmp/clippy.sarif
          wait-for-processing: true