error-forge 0.9.8

name: CI

on:
  push:
    branches: [ main ]
  pull_request:
    branches: [ main ]

jobs:
  build-test:
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
        os: [ubuntu-latest, macos-latest, windows-latest]
        features:
          - ""
          - derive
          - serde
          - console
          - backtrace
          - "derive serde"
          - "derive console"
          - "derive backtrace"
          - "derive serde console backtrace"

    steps:
      - uses: actions/checkout@v4

      - name: Install Rust
        uses: dtolnay/rust-toolchain@stable

      - name: Run tests
        run: |
          echo "Testing with features: ${{ matrix.features }}"
          cargo test --workspace --no-default-features --features "${{ matrix.features }}"

  full-build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Install Rust
        uses: dtolnay/rust-toolchain@stable
      - name: Check all features
        run: cargo check --workspace --all-features
      - name: Clippy check
        run: cargo clippy --workspace --all-features -- -D warnings

  docs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Install Rust
        uses: dtolnay/rust-toolchain@stable
      - name: Check documentation
        env:
          RUSTDOCFLAGS: -D warnings
        run: cargo doc --workspace --all-features --no-deps

  # MSRV verification. `rust-version` in `Cargo.toml` declares the
  # floor; this job builds on that exact toolchain to catch any
  # accidental use of newer-than-MSRV APIs.
  msrv:
    name: MSRV (Rust 1.81)
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: dtolnay/rust-toolchain@1.81.0
      - name: Build (all features)
        run: cargo build --workspace --all-features

  # Security advisory scan. Runs `cargo audit` against the RustSec
  # database on every push so deprecated / vulnerable transitive
  # crates surface immediately.
  #
  # `permissions.checks: write` is required because
  # `rustsec/audit-check` posts findings as GitHub Check Runs, which
  # the default workflow token cannot write. Without this block the
  # action fails with "Resource not accessible by integration"
  # immediately after running.
  audit:
    name: cargo audit
    runs-on: ubuntu-latest
    permissions:
      contents: read
      checks: write
    steps:
      - uses: actions/checkout@v4
      - uses: rustsec/audit-check@v1.4.1
        with:
          token: ${{ secrets.GITHUB_TOKEN }}