Optimize GitHub Actions Workflow for Code Quality and Security

.github/workflows/check_security_vulnerability.yml

@@ -1,27 +1,37 @@
-# This workflow uses actions that are not certified by GitHub.
-# They are provided by a third-party and are governed by
-# separate terms of service, privacy policy, and support
-# documentation.
-
-name: Check Security Vulnerability
+name: Code Quality and Security
 
 on:
   pull_request:
   push:
     branches:
       - main
+  schedule:
+    - cron: '0 0 * * 0' # Run every Sunday at 00:00 (midnight)
 
 jobs:
-  lint:
-    name: DevSkim
+
+  shared-setup:
+    name: Shared Setup
     runs-on: ubuntu-latest
+    outputs:
+      checkout_ref: ${{ steps.checkout.outputs.ref }}
+    steps:
+      - name: Checkout code
+        id: checkout
+        uses: actions/checkout@v4
+
+  devskim:
+    name: DevSkim Security Scan
+    needs: shared-setup
     permissions:
       actions: read
       contents: read
       security-events: write
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
+        with:
+          ref: ${{ needs.shared-setup.outputs.checkout_ref }}
 
       - name: Run DevSkim scanner
         uses: microsoft/DevSkim-Action@v1
@@ -30,3 +40,49 @@ jobs:
         uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: devskim-results.sarif
+
+  rust-clippy:
+    name: Rust Clippy Analysis
+    needs: shared-setup
+    permissions:
+      contents: read
+      security-events: write
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ needs.shared-setup.outputs.checkout_ref }}
+
+      - name: Cache Rust toolchain
+        uses: actions/cache@v3
+        with:
+          path: |
+            ~/.cargo/bin/
+            ~/.cargo/registry/index/
+            ~/.cargo/registry/cache/
+            ~/.cargo/git/db/
+          key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
+
+      - name: Install Rust toolchain
+        uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af #@v1
+        with:
+          profile: minimal
+          toolchain: stable
+          components: clippy
+          override: true
+
+      - name: Install required cargo
+        run: cargo install clippy-sarif sarif-fmt
+
+      - name: Run rust-clippy
+        run:
+          cargo clippy
+          --all-features
+          --message-format=json | clippy-sarif | tee rust-clippy-results.sarif | sarif-fmt
+        continue-on-error: true
+
+      - name: Upload Clippy analysis results to GitHub
+        uses: github/codeql-action/upload-sarif@v1
+        with:
+          sarif_file: rust-clippy-results.sarif
+          wait-for-processing: true