.github/workflows/rust.yml

name: CI

on:
  push:
    branches:
      - main
  pull_request:
  schedule:
    - cron: "32 4 * * 5"

permissions:
  contents: read
  pages: write
  id-token: write

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

jobs:
  Fmt:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Install rust
        uses: dtolnay/rust-toolchain@master
        with:
          toolchain: nightly
          components: rustfmt

      - name: fmt
        run: cargo fmt -- --check

  CargoSort:
    name: Check order in Cargo.toml
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: taiki-e/install-action@v2
        with:
          tool: cargo-sort
      - run: cargo sort --workspace --grouped --check --check-format

  Build:
    needs:
      - Fmt
      - CargoSort
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Install rust
        uses: dtolnay/rust-toolchain@master
        with:
          toolchain: stable

      - uses: Swatinem/rust-cache@v2

      - name: Compile project
        run: cargo build --bench template-benchmark --release

  Clippy:
    needs:
      - Fmt
      - CargoSort
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Install rust
        uses: dtolnay/rust-toolchain@master
        with:
          toolchain: stable
          components: clippy

      - uses: Swatinem/rust-cache@v2

      - name: clippy
        run: cargo clippy -- -D warnings

  Audit:
    needs:
      - Fmt
      - CargoSort
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Audit
        uses: actions-rs/audit-check@v1
        with:
          token: ${{ secrets.GITHUB_TOKEN }}

  DevSkim:
    needs:
      - Fmt
      - CargoSort
    runs-on: ubuntu-20.04
    permissions:
      actions: read
      contents: read
      security-events: write
    steps:
      - uses: actions/checkout@v4

      - name: Run DevSkim scanner
        uses: microsoft/DevSkim-Action@v1

      - name: Upload DevSkim scan results to GitHub Security tab
        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: devskim-results.sarif

  deploy:
    if: github.ref == 'refs/heads/main'
    needs:
      - Build
      - Clippy
      - Audit
      - DevSkim
    environment:
      name: github-pages
      url: ${{ steps.deployment.outputs.page_url }}
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Install dependencies
        run: sudo apt install -y gnuplot inkscape scour wkhtmltopdf xvfb

      - name: Install rust
        uses: dtolnay/rust-toolchain@master
        with:
          toolchain: stable

      - uses: Swatinem/rust-cache@v2

      - name: Remove any stale results
        run: rm -rf target/criterion

      - name: Run benchmarks
        run: cargo bench --bench template-benchmark

      - name: Fixup paths
        run: sed -e 's,href="../,href=",' < target/criterion/report/index.html > target/criterion/index.html

      - name: Generate table
        run: ./generate-table.py

      - name: Upload artifact
        uses: actions/upload-pages-artifact@v3
        with:
          path: 'target/criterion'

      - name: Deploy to GitHub Pages
        id: deployment
        uses: actions/deploy-pages@v4