ci.yml

name: CI

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]

env:
  CARGO_TERM_COLOR: always
  RUSTFLAGS: -D warnings

jobs:
  fmt:
    name: Format
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v6
      - uses: dtolnay/rust-toolchain@stable
        with:
          toolchain: "1.95.0"
          components: rustfmt
      - run: cargo fmt --all -- --check

  clippy:
    name: Clippy
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v6
      - uses: dtolnay/rust-toolchain@stable
        with:
          toolchain: "1.95.0"
          components: clippy
      - uses: Swatinem/rust-cache@v2
        with:
          prefix-key: v1-rust
      - run: cargo clippy --workspace -- -D warnings

  test:
    name: Test
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v6
      - uses: dtolnay/rust-toolchain@stable
        with:
          toolchain: "1.95.0"
      - uses: Swatinem/rust-cache@v2
        with:
          prefix-key: v1-rust
      - uses: taiki-e/install-action@nextest
      - run: cargo nextest run --workspace

  changes:
    name: Detect dependency changes
    runs-on: ubuntu-latest
    outputs:
      deps: ${{ steps.filter.outputs.deps }}
    steps:
      - uses: actions/checkout@v6
      - uses: dorny/paths-filter@v3
        id: filter
        with:
          filters: |
            deps:
              - 'Cargo.toml'
              - 'Cargo.lock'
              - 'crates/*/Cargo.toml'

  audit:
    name: Security Audit
    runs-on: ubuntu-latest
    needs: changes
    if: needs.changes.outputs.deps == 'true'
    continue-on-error: true
    steps:
      - uses: actions/checkout@v6
      - uses: rustsec/audit-check@v2
        with:
          token: ${{ secrets.GITHUB_TOKEN }}