mgrs 0.4.2 - Docs.rs

name: Build Windows Binary

on:
  push:
    branches: [ main ]
  pull_request:
    branches: [ main ]
  release:
    types: [ published ]

permissions:
  contents: write

jobs:
  security-checks:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

    - name: Install Rust
      uses: dtolnay/rust-toolchain@78c6b5541adb5849f5d72d15da722aedb26327ca # stable

    - name: Install cargo-audit
      run: cargo install cargo-audit

    - name: Run security audit
      run: cargo audit

    - name: Install pinact
      run: |
        wget -O - https://github.com/suzuki-shunsuke/pinact/releases/latest/download/pinact_linux_amd64.tar.gz | tar -xz
        sudo mv pinact /usr/local/bin/

    - name: Verify actions are pinned
      run: pinact run

  build-windows:
    runs-on: windows-latest
    needs: security-checks

    steps:
    - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

    - name: Setup Rust
      uses: dtolnay/rust-toolchain@78c6b5541adb5849f5d72d15da722aedb26327ca # stable
      with:
        targets: x86_64-pc-windows-msvc

    - name: Cache cargo registry
      uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
      with:
        path: ~/.cargo/registry
        key: ${{ runner.os }}-cargo-registry-${{ hashFiles('**/Cargo.lock') }}

    - name: Cache cargo index
      uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
      with:
        path: ~/.cargo/git
        key: ${{ runner.os }}-cargo-index-${{ hashFiles('**/Cargo.lock') }}

    - name: Cache target directory
      uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
      with:
        path: target
        key: ${{ runner.os }}-cargo-build-target-${{ hashFiles('**/Cargo.lock') }}

    - name: Build Windows binary
      run: cargo build --release --target x86_64-pc-windows-msvc

    - name: Package Windows binary
      run: Compress-Archive -Path target/x86_64-pc-windows-msvc/release/mgrs.exe -DestinationPath mgrs-x86_64-pc-windows-msvc.zip
      shell: pwsh

    - name: Upload Windows binary
      uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
      with:
        name: mgrs-windows-x64
        path: mgrs-x86_64-pc-windows-msvc.zip

    - name: Upload to release
      if: github.event_name == 'release'
      run: |
        gh release upload ${{ github.event.release.tag_name }} mgrs-x86_64-pc-windows-msvc.zip --clobber
      env:
        GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}