.github/workflows/ci.yml

name: CI

on:
  push:
    branches:
      - main
      - v0.1.x
      - v0.2.x
      - v0.3.x
      - v0.4.x
      - v0.5.x
      - v0.6.x
  pull_request:
    branches:
      - main
      - v0.1.x
      - v0.2.x
      - v0.3.x
      - v0.4.x
      - v0.5.x
      - v0.6.x
  schedule:
    - cron: "58 7 * * 3"

jobs:
  fmt:
    runs-on: ubuntu-20.04
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          submodules: recursive

      - name: Setup Rust
        uses: ./.github/actions/setup-rust
        with:
          toolchain: nightly
          components: rustfmt

      - run: cargo fmt --all -- --check

  lint:
    strategy:
      fail-fast: false
      matrix:
        toolchain:
          - "1.56"
          - stable
          - nightly
        versions:
          - ""
          - "-Zminimal-versions"

    runs-on: ubuntu-20.04
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          submodules: recursive

      - name: Setup Rust
        uses: ./.github/actions/setup-rust
        with:
          toolchain: ${{ matrix.toolchain }}
          components: clippy

      - name: Update lockfile
        env:
          RUSTC_BOOTSTRAP: 1
        run: cargo generate-lockfile ${{ matrix.versions }}

      - run: cargo check --workspace --all-targets
      - run: cargo clippy --workspace --all-targets -- -D warnings

  clippy-pedantic:
    runs-on: ubuntu-20.04
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          submodules: recursive

      - name: Setup Rust
        uses: ./.github/actions/setup-rust
        with:
          components: clippy

      - run: cargo clippy --workspace --all-targets -- -D clippy::pedantic

  test:
    runs-on: ubuntu-20.04
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          submodules: recursive

      - name: Setup Rust
        uses: ./.github/actions/setup-rust
        with:
          components: clippy

      - run: cargo check --workspace --all-targets
      - run: cargo clippy --workspace --all-targets -- -D warnings
      - run: cargo test --workspace --all-targets
      - run: cargo run --package current-time
      - run: cd testing && cargo test

  miri:
    name: "Miri"
    runs-on: ubuntu-20.04
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          submodules: recursive

      - name: Setup Rust
        uses: ./.github/actions/setup-rust
        with:
          toolchain: nightly
          components: miri

      - name: Test (tzdb)
        run: cargo miri test --workspace --all-targets

      - name: Test (testing)
        run: cd testing && cargo miri test --workspace --all-targets

  cross-miri:
    strategy:
      fail-fast: false
      matrix:
        target:
          - aarch64-unknown-linux-gnu
          - i586-unknown-linux-gnu
          - powerpc-unknown-linux-gnu
          - powerpc64-unknown-linux-gnu
          - powerpc64le-unknown-linux-gnu

    runs-on: ubuntu-20.04
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          submodules: recursive

      - name: Setup Rust
        uses: ./.github/actions/setup-rust
        with:
          toolchain: nightly
          components: miri
          target: ${{ matrix.target }}

      - name: Test
        run: cargo miri test --workspace --target ${{ matrix.target }}

  doc:
    runs-on: ubuntu-20.04
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          submodules: recursive

      - name: Setup Rust
        uses: ./.github/actions/setup-rust
        with:
          toolchain: nightly
          components: rust-docs

      - run: cargo doc --workspace --all-features --no-deps
        env:
          RUSTDOCFLAGS: -D warnings --cfg docsrs

  audit:
    runs-on: ubuntu-20.04
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          submodules: recursive

      - name: Setup Rust
        uses: ./.github/actions/setup-rust

      - name: Audit
        uses: actions-rs/audit-check@v1
        with:
          token: ${{ secrets.GITHUB_TOKEN }}

  devskim:
    name: DevSkim
    runs-on: ubuntu-20.04
    permissions:
      actions: read
      contents: read
      security-events: write
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
        with:
          submodules: recursive

      - name: Run DevSkim scanner
        uses: microsoft/DevSkim-Action@v1

      - name: Upload DevSkim scan results to GitHub Security tab
        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: devskim-results.sarif