openidconnect 4.0.1

name: CI

# Controls when the workflow will run
on:
  # Triggers the workflow on push or pull request events but only for the main branch
  push: {}
  pull_request: {}
  schedule:
    # Run daily to catch breakages in new Rust versions as well as new cargo audit findings.
    - cron: '0 16 * * *'

  # Allows you to run this workflow manually from the Actions tab
  workflow_dispatch:

env:
  CARGO_TERM_COLOR: always

# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
  # This workflow contains a single job called "build"
  test:
    # The type of runner that the job will run on
    runs-on: ${{ matrix.rust_os.os }}

    strategy:
      fail-fast: false
      matrix:
        rust_os:
          - { rust: 1.65.0, os: ubuntu-22.04 }
          - { rust: stable, os: ubuntu-22.04 }
          - { rust: beta, os: ubuntu-22.04 }
          - { rust: nightly, os: ubuntu-22.04 }

    env:
      CARGO_NET_GIT_FETCH_WITH_CLI: "true"

    # Steps represent a sequence of tasks that will be executed as part of the job
    steps:
      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
      - uses: actions/checkout@v2

      - name: Print git branch name
        run: git rev-parse --abbrev-ref HEAD

      - run: git show-ref | grep $(git rev-parse HEAD)

      - name: Install Rust toolchain
        uses: actions-rs/toolchain@v1
        with:
          toolchain: ${{ matrix.rust_os.rust }}
          override: true
          components: clippy, rustfmt
          target: wasm32-unknown-unknown

      # Newer dependency versions may not support rustc 1.65, so we use a Cargo.lock file for those
      # builds.
      - name: Use Rust 1.65 lockfile
        if: ${{ matrix.rust_os.rust == '1.65.0' }}
        run: |
          cp Cargo-1.65.lock Cargo.lock
          echo "CARGO_LOCKED=--locked" >> $GITHUB_ENV

      - name: Run tests
        run: cargo ${CARGO_LOCKED} test --tests --examples
      - name: Doc tests
        run: |
          cargo ${CARGO_LOCKED} test --doc
          cargo ${CARGO_LOCKED} test --doc --no-default-features
          cargo ${CARGO_LOCKED} test --doc --all-features
      - name: Test with all features enabled
        run: cargo ${CARGO_LOCKED} test --all-features

      - name: Check fmt
        if: ${{ matrix.rust_os.rust == '1.65.0' }}
        run: cargo ${CARGO_LOCKED} fmt --all -- --check

      - name: Clippy
        if: ${{ matrix.rust_os.rust == '1.65.0' }}
        run: cargo ${CARGO_LOCKED} clippy --all --all-features -- --deny warnings

      - name: Audit
        if: ${{ matrix.rust_os.rust == 'stable' }}
        run: |
          cargo install --force cargo-audit
          # The chrono thread safety issue doesn't affect this crate since the crate does not rely
          # on the system's local time zone, only UTC. See:
          # https://github.com/chronotope/chrono/issues/499#issuecomment-946388161
          # FIXME(ramosbugs/openidconnect-rs#140): upgrade `rsa` once fix for RUSTSEC-2023-0071 is
          # available.
          cargo ${CARGO_LOCKED} audit \
            --ignore RUSTSEC-2020-0159 \
            --ignore RUSTSEC-2023-0071

      - name: Check WASM build
        run: cargo ${CARGO_LOCKED} check --target wasm32-unknown-unknown

  coverage:
    runs-on: ubuntu-latest
    container:
      image: xd009642/tarpaulin:0.32.0
      options: --security-opt seccomp=unconfined
    steps:
      - uses: actions/checkout@v2
      - name: Generate code coverage
        run: |
          cargo ${CARGO_LOCKED} tarpaulin --verbose --all-features --timeout 120 --out Xml
      - name: Upload to codecov.io
        uses: codecov/codecov-action@v3
        with:
          fail_ci_if_error: false