name: Check

on:
  push:
    branches: ['main']
  pull_request:

jobs:
  rustfmt:
    name: Run rustfmt
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v4

      - name: Install Rust
        uses: dtolnay/rust-toolchain@stable
        with:
          toolchain: stable
          components: rustfmt

      - name: Setup Rust cache
        uses: Swatinem/rust-cache@v2

      - name: Run rustfmt
        run: cargo fmt --all -- --check

  clippy:
    name: Run Clippy scan
    runs-on: ubuntu-latest

    permissions:
      security-events: write

    steps:
      - uses: actions/checkout@v4

      - name: Install Rust
        uses: dtolnay/rust-toolchain@stable
        with:
          toolchain: stable
          components: clippy

      - name: Setup Rust cache
        uses: Swatinem/rust-cache@v2

      - name: Install SARIF tools
        run: cargo install clippy-sarif sarif-fmt

      - name: Fetch Cargo deps
        run: cargo fetch --locked

      - name: Run Clippy
        continue-on-error: true
        run: |
          set -euo pipefail

          cargo clippy \
            --all-features \
            --all-targets \
            --message-format=json \
          | clippy-sarif | tee /tmp/clippy.sarif | sarif-fmt

      - name: Upload results
        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: /tmp/clippy.sarif
          wait-for-processing: true