forge-pfx 0.1.1

name: CI

on:
  pull_request:
    branches: [ main ]

env:
  CARGO_TERM_COLOR: always
  RUST_BACKTRACE: 1

jobs:
  test:
    name: Test Suite
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
        os: [ubuntu-latest, windows-latest, macos-latest]
        rust: [stable, nightly]
        exclude:
          # Reduce CI load by only testing beta on Ubuntu
          - os: windows-latest
            rust: nightly
          - os: macos-latest
            rust: nightly

    steps:
    - name: Checkout code
      uses: actions/checkout@v4

    - name: Install Rust toolchain
      uses: actions-rust-lang/setup-rust-toolchain@v1
      with:
        toolchain: ${{ matrix.rust }}
        components: rustfmt, clippy

    - name: Install OpenSSL (Ubuntu)
      if: matrix.os == 'ubuntu-latest'
      run: |
        sudo apt-get update
        sudo apt-get install -y pkg-config libssl-dev

    - name: Install OpenSSL (macOS)
      if: matrix.os == 'macos-latest'
      run: |
        brew install openssl pkg-config
        echo "OPENSSL_ROOT_DIR=$(brew --prefix openssl)" >> $GITHUB_ENV

    - name: Install OpenSSL (Windows)
      if: matrix.os == 'windows-latest'
      run: |
        vcpkg install openssl:x64-windows-static
        echo "OPENSSL_DIR=C:\vcpkg\installed\x64-windows-static" >> $env:GITHUB_ENV
        echo "OPENSSL_LIB_DIR=C:\vcpkg\installed\x64-windows-static\lib" >> $env:GITHUB_ENV
        echo "OPENSSL_INCLUDE_DIR=C:\vcpkg\installed\x64-windows-static\include" >> $env:GITHUB_ENV
        echo "OPENSSL_STATIC=1" >> $env:GITHUB_ENV
        echo "VCPKGRS_DYNAMIC=0" >> $env:GITHUB_ENV

    - name: Check formatting
      if: matrix.rust == 'stable' && matrix.os == 'ubuntu-latest'
      run: cargo fmt --all -- --check

    - name: Run clippy
      if: matrix.rust == 'stable'
      run: cargo clippy --all-targets --all-features -- -D warnings

    - name: Build
      run: cargo build --verbose

    - name: Run tests
      run: cargo test --verbose

    - name: Run integration tests
      run: cargo test --test integration_tests --verbose

  security:
    name: Security Audit
    runs-on: ubuntu-latest
    steps:
    - name: Checkout code
      uses: actions/checkout@v4

    - name: Install Rust toolchain
      uses: actions-rust-lang/setup-rust-toolchain@v1
      with:
        toolchain: stable

    - name: Install cargo-audit
      run: cargo install cargo-audit

    - name: Run security audit
      run: cargo audit

# TODO: Add coverage at a later date
#   coverage:
#     name: Code Coverage
#     runs-on: ubuntu-latest
#     steps:
#     - name: Checkout code
#       uses: actions/checkout@v4

#     - name: Install Rust toolchain
#       uses: actions-rust-lang/setup-rust-toolchain@v1
#       with:
#         toolchain: stable

#     - name: Install OpenSSL
#       run: |
#         sudo apt-get update
#         sudo apt-get install -y pkg-config libssl-dev

#     - name: Install cargo-tarpaulin
#       run: cargo install cargo-tarpaulin

#     - name: Generate code coverage
#       run: cargo tarpaulin --verbose --all-features --workspace --timeout 120 --out xml

#     - name: Upload coverage to Codecov
#       uses: codecov/codecov-action@v4
#       with:
#         file: ./cobertura.xml
#         fail_ci_if_error: false

  msrv:
    name: Minimum Supported Rust Version
    runs-on: ubuntu-latest
    steps:
    - name: Checkout code
      uses: actions/checkout@v4

    - name: Install MSRV Rust toolchain
      uses: actions-rust-lang/setup-rust-toolchain@v1
      with:
        toolchain: 1.85.0

    - name: Install OpenSSL
      run: |
        sudo apt-get update
        sudo apt-get install -y pkg-config libssl-dev

    - name: Check MSRV
      run: cargo check --all-features