ci: Update CI workflow with matrix strategy, security checks, and linting rules adjustments

2026-06-06 19:35:13 +02:00 · 2025-06-25 00:49:29 +02:00 · 2025-06-25 00:49:29 +02:00 · a614e157b3
commit a614e157b3
parent 24689be6f7
2 changed files with 48 additions and 34 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -2,22 +2,37 @@ name: CI

 on:
  push:
-    branches: [ "master" ]
+    branches: [main]
  pull_request:
-    branches: [ "master" ]
-
-env:
-  CARGO_TERM_COLOR: always
+    branches: [main]

 jobs:
  test:
    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        rust: [stable, beta]
    steps:
-    - uses: actions/checkout@v4
-    - uses: Swatinem/rust-cache@v2
-    - name: Build
-      run: cargo build
-    - name: Run linter
-      run: cargo clippy --all-targets --all-features -- -D warnings
-    - name: Run tests
-      run: cargo test --verbose
+      - uses: actions/checkout@v4
+      - uses: actions-rs/toolchain@v1
+        with:
+          toolchain: ${{ matrix.rust }}
+          components: clippy, rustfmt
+      - uses: Swatinem/rust-cache@v2
+
+      - name: Format check
+        run: cargo fmt --all -- --check
+
+      - name: Lint (Clippy)
+        run: cargo clippy --all-targets --all-features -- -D warnings
+
+      - name: Build & Test
+        run: cargo test --all-features --verbose
+
+      - name: Security audit
+        uses: actions-rs/audit-check@v1
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: License & advisory checks
+        uses: EmbarkStudios/cargo-deny-action@v2
--- a/src/patterns/mod.rs
+++ b/src/patterns/mod.rs
@ -59,8 +59,7 @@ impl FromStr for Severity {
 }

 /// One AST pattern with a tree-sitter query and meta-data.
-#[derive(Debug, Clone, Serialize)]
-#[derive(PartialEq)]
+#[derive(Debug, Clone, Serialize, PartialEq)]
 pub struct Pattern {
    /// Unique identifier (snake-case preferred).
    pub id: &'static str,
@ -117,32 +116,32 @@ pub fn load(lang: &str) -> Vec<Pattern> {

 #[test]
 fn severity_as_db_str_roundtrip() {
-  for &s in &[Severity::High, Severity::Medium, Severity::Low] {
-    let db = s.as_db_str();
-    assert!(matches!(db, "HIGH" | "MEDIUM" | "LOW"));
-    
-    assert_eq!(db.parse::<Severity>().unwrap(), s);
-    assert_eq!(db.to_lowercase().parse::<Severity>().unwrap(), s);
-  }
+    for &s in &[Severity::High, Severity::Medium, Severity::Low] {
+        let db = s.as_db_str();
+        assert!(matches!(db, "HIGH" | "MEDIUM" | "LOW"));
+
+        assert_eq!(db.parse::<Severity>().unwrap(), s);
+        assert_eq!(db.to_lowercase().parse::<Severity>().unwrap(), s);
+    }
 }

 #[test]
 fn severity_display_contains_uppercase_name() {
-  assert!(Severity::High.to_string().contains("HIGH"));
-  assert!(Severity::Medium.to_string().contains("MEDIUM"));
-  assert!(Severity::Low.to_string().contains("LOW"));
+    assert!(Severity::High.to_string().contains("HIGH"));
+    assert!(Severity::Medium.to_string().contains("MEDIUM"));
+    assert!(Severity::Low.to_string().contains("LOW"));
 }

 #[test]
 fn load_returns_correct_pattern_slices() {
-  let rust = load("rust");
-  assert!(!rust.is_empty(), "Rust patterns should be loaded");
+    let rust = load("rust");
+    assert!(!rust.is_empty(), "Rust patterns should be loaded");

-  let ts   = load("typescript");
-  let tsx  = load("tsx");
-  assert_eq!(ts, tsx, "alias ‘tsx’ must map to TypeScript patterns");
-  
-  assert_eq!(load("RUST"), rust);
-  
-  assert!(load("brainfuck").is_empty());
+    let ts = load("typescript");
+    let tsx = load("tsx");
+    assert_eq!(ts, tsx, "alias ‘tsx’ must map to TypeScript patterns");
+
+    assert_eq!(load("RUST"), rust);
+
+    assert!(load("brainfuck").is_empty());
 }