detect-coding-agent 0.1.0

name: ci build

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]

env:
  CARGO_TERM_COLOR: always

jobs:
  fmt-clippy-test:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        toolchain: [stable, 1.92.0]

    steps:
      - uses: actions/checkout@v6
      - name: Install Rust
        uses: dtolnay/rust-toolchain@master
        with:
          toolchain: ${{ matrix.toolchain }}
          components: rustfmt, clippy
      - name: Format check
        run: cargo fmt --all --check
      - name: Clippy
        run: cargo clippy --workspace --all-targets -- -D warnings
      - name: Clippy (all features)
        run: cargo clippy --workspace --all-targets --all-features -- -D warnings
      - name: Build
        run: cargo build --workspace --verbose
      - name: Test
        run: cargo test --workspace --verbose

  dependencies:
    name: Dependency Submission
    runs-on: ubuntu-latest
    if: github.event_name == 'push' && github.ref == 'refs/heads/main'
    permissions:
      contents: write
    steps:
      - name: Checkout
        uses: actions/checkout@v6

      - name: Install Rust
        uses: dtolnay/rust-toolchain@stable

      - name: Cache Cargo artifacts
        uses: Swatinem/rust-cache@v2

      - name: Install cargo-sbom
        uses: psastras/sbom-rs/actions/install-cargo-sbom@cargo-sbom-v0.10.0

      - name: Generate SBOM
        run: cargo-sbom --output-format=spdx_json_2_3 > sbom.json

      - name: Upload SBOM as artifact
        uses: actions/upload-artifact@v4
        with:
          name: sbom
          path: sbom.json

      - name: Submit dependencies to GitHub
        uses: advanced-security/spdx-dependency-submission-action@v0.2.0
        with:
          filePath: sbom.json