memory-mcp 0.10.1

name: CI

on:
  workflow_dispatch:
  push:
    branches: [main]
  pull_request:
    branches: [main]

concurrency:
  group: ci-${{ github.ref }}
  cancel-in-progress: ${{ github.event_name == 'pull_request' }}

permissions: {}

env:
  REGISTRY: ghcr.io
  IMAGE: butterflyskies/memory-mcp

jobs:
  test:
    runs-on: ubuntu-latest
    permissions:
      contents: read
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      - name: Install system dependencies
        run: sudo apt-get update && sudo apt-get install -y libdbus-1-dev pkg-config
      - uses: dtolnay/rust-toolchain@3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9 # master (2026-03-27)
        with:
          toolchain: stable
      - uses: Swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4 # v2.9.1
      - name: Install cargo-nextest
        run: |
          curl -fsSL "https://github.com/nextest-rs/nextest/releases/download/cargo-nextest-0.9.131/cargo-nextest-0.9.131-x86_64-unknown-linux-gnu.tar.gz" \
            -o /tmp/cargo-nextest.tar.gz
          echo "8e38b16299864c9f597c9a1e2caf25b7e8b598ffc659ec014c2c735a9befd8fa  /tmp/cargo-nextest.tar.gz" | sha256sum -c -
          tar xzf /tmp/cargo-nextest.tar.gz -C /usr/local/bin
      - run: cargo fmt --check
      - run: cargo clippy --workspace -- -D warnings
      - run: cargo clippy --workspace --features k8s -- -D warnings
      - run: cargo clippy --workspace --features otlp -- -D warnings
      - run: cargo clippy --workspace --features native-certs -- -D warnings
      - run: cargo clippy --workspace --all-features -- -D warnings
      - name: Verify no opentelemetry in default build
        run: |
          cargo tree 2>&1 | grep -i opentelemetry && \
            { echo "ERROR: opentelemetry appeared in default build tree" >&2; exit 1; } || \
            echo "OK: opentelemetry not present in default build"
      - run: cargo nextest run --workspace --no-fail-fast
      - run: cargo nextest run --workspace --no-fail-fast --features k8s
      - run: cargo nextest run --workspace --no-fail-fast --features otlp
      - run: cargo nextest run --workspace --no-fail-fast --all-features

  # Catch cross-platform compilation failures before they reach the release pipeline.
  # Mirrors the release.yml publish-binaries matrix (minus Windows — see #42).
  cross-compile:
    strategy:
      fail-fast: false
      matrix:
        include:
          - target: x86_64-unknown-linux-gnu
            os: ubuntu-latest
          - target: universal-apple-darwin
            os: macos-latest
    runs-on: ${{ matrix.os }}
    permissions:
      contents: read
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      - name: Install system dependencies
        if: matrix.os == 'ubuntu-latest'
        run: sudo apt-get update && sudo apt-get install -y libdbus-1-dev pkg-config
      - uses: dtolnay/rust-toolchain@3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9 # master (2026-03-27)
        with:
          toolchain: stable
      - uses: Swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4 # v2.9.1
        with:
          key: ${{ matrix.target }}
      - run: cargo build --features k8s

  # Verify the declared MSRV (Cargo.toml rust-version) still compiles.
  msrv:
    runs-on: ubuntu-latest
    permissions:
      contents: read
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      - name: Install system dependencies
        run: sudo apt-get update && sudo apt-get install -y libdbus-1-dev pkg-config
      - uses: dtolnay/rust-toolchain@3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9 # master (2026-03-27)
        with:
          toolchain: "1.88"
      - uses: Swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4 # v2.9.1
        with:
          key: msrv
      - run: cargo check --workspace --all-features

  audit:
    runs-on: ubuntu-latest
    permissions:
      contents: read
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      - uses: EmbarkStudios/cargo-deny-action@91bf2b620e09e18d6eb78b92e7861937469acedb # v2.0.17
        with:
          command: check

  semver-checks:
    runs-on: ubuntu-latest
    if: github.event_name == 'pull_request'
    permissions:
      contents: read
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      - name: Install system dependencies
        run: sudo apt-get update && sudo apt-get install -y libdbus-1-dev pkg-config
      - uses: dtolnay/rust-toolchain@3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9 # master (2026-03-27)
        with:
          toolchain: stable
      - uses: Swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4 # v2.9.1
        with:
          key: semver
      - uses: obi1kenobi/cargo-semver-checks-action@6b69fcf40e9b5fb17adeb57e4b6ecd020649a239 # v2.9
      - uses: obi1kenobi/cargo-semver-checks-action@6b69fcf40e9b5fb17adeb57e4b6ecd020649a239 # v2.9
        with:
          feature-group: only-explicit-features
          features: k8s

  build:
    needs: [test, audit, semver-checks, cross-compile, msrv]
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write
      id-token: write
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      - uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
      - uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Docker meta
        id: meta
        uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0
        with:
          images: ${{ env.REGISTRY }}/${{ env.IMAGE }}
          tags: |
            type=ref,event=branch
            type=sha,prefix=sha-,format=long
            type=raw,value=latest,enable={{is_default_branch}}
      - uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0
        with:
          context: .
          push: ${{ github.event_name != 'pull_request' }}
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          provenance: true
          sbom: true
          cache-from: type=gha
          cache-to: type=gha,mode=max