delaunay 0.7.6 - Docs.rs

# Advanced Clippy analysis with SARIF output for security integration
# Note: Basic clippy checks are also run in the main CI workflow

name: "Clippy Security Analysis"

on:
  pull_request:
    branches: ["main"]
  schedule:
    - cron: "17 22 * * 0" # Weekly on Sunday
  workflow_dispatch:
  # Run on main branch pushes for security scanning
  push:
    branches: ["main"]

# Security: Define minimal required permissions
permissions:
  contents: read
  security-events: write
  actions: read

jobs:
  clippy-sarif:
    name: Clippy SARIF Analysis
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

      - name: Install Rust toolchain
        uses: actions-rust-lang/setup-rust-toolchain@2b1f5e9b395427c92ee4e3331786ca3c37afe2d7 # v1.16.0
        with:
          cache: true
          # toolchain, components, etc. are specified in rust-toolchain.toml

      - name: Cache clippy tools
        uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
        with:
          path: ~/.cargo/bin/clippy-sarif
          key: clippy-sarif-${{ runner.os }}

      - name: Install clippy-sarif tools
        run: |
          if ! command -v clippy-sarif &> /dev/null; then
            cargo install clippy-sarif sarif-fmt --locked
          fi

      - name: Run clippy with SARIF output
        run: |
          cargo clippy \
            --workspace \
            --all-targets \
            --all-features \
            --message-format=json \
            -- -W clippy::pedantic -W clippy::nursery | \
            clippy-sarif | \
            tee rust-clippy-results.sarif | \
            sarif-fmt
        continue-on-error: true

      - name: Upload SARIF results
        uses: github/codeql-action/upload-sarif@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4
        with:
          sarif_file: rust-clippy-results.sarif
          category: "clippy"
          wait-for-processing: true