rusty_paseto 0.10.0

on:
  push:
    branches:
      - main
    tags:
      - 'v*.*.*'
  pull_request:
  workflow_dispatch:
    inputs:
      tag:
        description: 'Tag to release (e.g., v0.8.0)'
        required: true
        type: string
name: Continuous integration
permissions:
  contents: read
jobs:
  default-features:
    name: Default Features (batteries_included + v4)
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - uses: actions-rs/toolchain@v1
        with:
          profile: minimal
          toolchain: stable
          override: true
          components: clippy
      - name: Install nextest
        uses: taiki-e/install-action@nextest
      - name: Clippy (default features)
        uses: actions-rs/cargo@v1
        with:
          command: clippy
          args: -- -D warnings
      - name: Test (default features)
        run: cargo nextest run
  test:
    name: Test Suite
    runs-on: ubuntu-latest
    strategy:
      matrix:
        feature:
          - v1_local
          - v1_public_insecure
          - v2_local
          - v2_public
          - v3_local
          - v3_public
          - v4_local
          - v4_public
    steps:
      - uses: actions/checkout@v2
      - uses: actions-rs/toolchain@v1
        with:
          profile: minimal
          toolchain: stable
          override: true
      - name: Install nextest
        uses: taiki-e/install-action@nextest
      - name: Run tests
        run: cargo nextest run --no-default-features --features ${{ matrix.feature }}
  clippy:
    name: Clippy
    runs-on: ubuntu-latest
    strategy:
      matrix:
        feature:
          - v1_local
          - v1_public_insecure
          - v2_local
          - v2_public
          - v3_local
          - v3_public
          - v4_local
          - v4_public
    steps:
      - uses: actions/checkout@v2
      - uses: actions-rs/toolchain@v1
        with:
          profile: minimal
          toolchain: stable
          override: true
          components: clippy
      - uses: actions-rs/cargo@v1
        with:
          command: clippy
          args: --no-default-features --features ${{ matrix.feature }} -- -D warnings
  audit:
    name: Security Audit
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - uses: actions-rs/toolchain@v1
        with:
          profile: minimal
          toolchain: stable
          override: true
      - run: cargo install cargo-audit
      - uses: actions-rs/audit-check@v1.2.0
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
      - run: cargo audit

  release:
    name: Create Release
    runs-on: ubuntu-latest
    permissions:
      contents: write
    if: startsWith(github.ref, 'refs/tags/v') || github.event_name == 'workflow_dispatch'
    needs: [default-features, test, clippy, audit]
    steps:
      - uses: actions/checkout@v3
        with:
          ref: ${{ github.event.inputs.tag || github.ref }}
      - uses: actions-rs/toolchain@v1
        with:
          profile: minimal
          toolchain: stable
          override: true
      - name: Build release binary
        run: cargo build --release
      - name: Create Release
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
            TAG_NAME="${{ github.event.inputs.tag }}"
          else
            TAG_NAME=${GITHUB_REF#refs/tags/}
          fi
          gh release create "$TAG_NAME" \
            --title "Release $TAG_NAME" \
            --notes "See [CHANGELOG](https://github.com/${{ github.repository }}/blob/main/CHANGELOG.md) for details." \
            --draft=false \
            --prerelease=false \
            CHANGELOG.md