From a4b5f813e9f2cd0a34a248bf2b3457a2665306ed Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= <sandro.jaeckel@sap.com>
Date: Tue, 13 Aug 2024 15:24:29 +0200
Subject: [PATCH] Add github workflows & cargo audit

---
 .github/workflows/checks.yaml | 58 +++++++++++++++++++++++++++++++++++
 .github/workflows/ci.yaml     | 41 +++++++++++++++++++++++++
 shell.nix                     |  1 +
 3 files changed, 100 insertions(+)
 create mode 100644 .github/workflows/checks.yaml
 create mode 100644 .github/workflows/ci.yaml

diff --git a/.github/workflows/checks.yaml b/.github/workflows/checks.yaml
new file mode 100644
index 0000000..722f387
--- /dev/null
+++ b/.github/workflows/checks.yaml
@@ -0,0 +1,58 @@
+name: Checks
+"on":
+  push:
+    branches:
+      - master
+  pull_request:
+    branches:
+      - '*'
+
+# https://github.com/rustsec/audit-check#granular-permissions
+github-token:
+  action-input:
+    input: token
+    is-default: false
+  permissions:
+    issues: write
+    issues-reason: to create issues
+    checks: write
+    checks-reason: to create check
+
+permissions:
+  checks: write
+  contents: read
+
+env:
+  RUSTFLAGS: "-Dwarnings"
+
+jobs:
+  checks:
+    name: Checks
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+      - uses: actions-rs/toolchain@v1
+        with:
+          components: clippy
+          toolchain: stable
+      - uses: Swatinem/rust-cache@v1
+      # - name: Dependency Licenses Review
+      #   run: make check-dependency-licenses
+      - name: Run cargo audit
+        uses: rustsec/audit-check@v1.4.1
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+      # https://doc.rust-lang.org/stable/clippy/continuous_integration/github_actions.html
+      - name: Run Clippy
+        run: cargo clippy --all-targets --all-features
+      - name: Check for spelling errors
+        uses: reviewdog/action-misspell@v1
+        with:
+          exclude: ./vendor/*
+          fail_on_error: true
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          ignore: importas
+          reporter: github-check
+      # - name: Check if source code files have license header
+      #   run: make check-license-headers
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
new file mode 100644
index 0000000..de4c802
--- /dev/null
+++ b/.github/workflows/ci.yaml
@@ -0,0 +1,41 @@
+name: CI
+"on":
+  push:
+    branches:
+      - master
+    paths-ignore:
+      - '**.md'
+  pull_request:
+    branches:
+      - '*'
+    paths-ignore:
+      - '**.md'
+permissions:
+  contents: read
+jobs:
+  build:
+    name: Build & Lint
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+      - uses: actions-rs/toolchain@v1
+        with:
+          toolchain: stable
+      - uses: Swatinem/rust-cache@v1
+      - name: Build all binaries
+        run: cargo build --locked
+
+  test:
+    name: Test
+    needs:
+      - build
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+      - uses: actions-rs/toolchain@v1
+        with:
+          toolchain: stable
+      - uses: Swatinem/rust-cache@v1
+      - run: cargo test --locked --all-features
diff --git a/shell.nix b/shell.nix
index 82de47c..908153a 100644
--- a/shell.nix
+++ b/shell.nix
@@ -5,6 +5,7 @@ with pkgs;
 mkShell {
   nativeBuildInputs = [
     cargo
+    cargo-audit
     clippy
     pkg-config
     rustc