name: Code Quality
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
permissions:
contents: read
actions: read
security-events: write
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
code-quality:
runs-on: ubuntu-latest
container: ghcr.io/loonghao/rust-toolkit:security-audit
steps:
- uses: actions/checkout@v4
- name: Check Rust version
shell: bash
run: |
echo "🦀 Checking Rust version..."
rustc --version
echo "📦 Cargo version:"
cargo --version
- name: Check formatting
shell: bash
run: |
echo "🎨 Checking code formatting..."
cargo fmt --all --check
- name: Run clippy with pedantic rules
shell: bash
run: |
echo "📎 Running clippy lints with pedantic rules..."
cargo clippy --all-targets --all-features -- -D warnings -D clippy::pedantic -A clippy::too_many_lines -A clippy::uninlined_format_args -A clippy::format_push_string -A clippy::needless_raw_string_hashes -A clippy::cast_precision_loss -A clippy::cast_lossless
- name: Check documentation
shell: bash
env:
RUSTDOCFLAGS: -D warnings
run: |
echo "📚 Checking documentation..."
cargo doc --no-deps --document-private-items --workspace
- name: Run security audit
shell: bash
run: |
echo "🔒 Running security audit..."
if command -v cargo-audit &> /dev/null; then
cargo audit
else
echo "⚠️ cargo-audit not available in this image"
fi