.github/workflows/on-push.yaml

on:
  push:
    inputs:
      environment:
        required: false
        type: string
      toolchain:
        required: false
        type: string
        default: stable
      # do not publish unless said so
      publish_dry_run:
        required: false
        type: boolean
        default: true
      auditIgnore:
        required: false
        type: string
        default: ""
    secrets:
      CARGO_REGISTRY_TOKEN:
        description: crates.io access token
        required: false

jobs:
  audit:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      issues: write
    steps:
      - uses: actions/checkout@v4
      - uses: actions-rust-lang/audit@v1
        name: Audit Rust Dependencies
        with:
          # Comma separated list of issues to ignore (or configure in audit.toml)
          ignore: ${{ inputs.auditIgnore }}
      - uses: actions/cache@v4
        with:
          path: |
            ~/.cargo/registry
            ~/.cargo/git
            target
          key: ${{ runner.os }}-cargo-${{ github.ref_name }}-${{ hashFiles('**/Cargo.lock') }}
          restore-keys: |
            ${{ runner.os }}-cargo-${{ github.ref_name }}
  cargo-deny:
    name: "License check"
    runs-on: ubuntu-24.04
    steps:
      - uses: actions/checkout@v4
      - uses: EmbarkStudios/cargo-deny-action@v1
        with:
          command: check bans licenses sources
  check:
    name: Cargo Check
    runs-on: ubuntu-24.04
    steps:
      - uses: actions/checkout@v4
      - uses: actions-rs/toolchain@v1
        with:
          profile: minimal
          toolchain: ${{ inputs.toolchain }}
          override: true
      - uses: actions-rs/cargo@v1
        with:
          command: check

  test:
    name: Test Suite
    runs-on: ubuntu-24.04
    steps:
      - uses: actions/checkout@v4
      - uses: actions-rs/toolchain@v1
        with:
          profile: minimal
          toolchain: ${{ inputs.toolchain }}
          override: true
      - uses: actions-rs/cargo@v1
        with:
          command: test
      - uses: actions/cache@v4
        with:
          path: |
            ~/.cargo/registry
            ~/.cargo/git
            target
          key: ${{ runner.os }}-cargo-${{ github.ref_name }}-${{ hashFiles('**/Cargo.lock') }}
          restore-keys: |
            ${{ runner.os }}-cargo-${{ github.ref_name }}
  fmt:
    name: Rustfmt
    runs-on: ubuntu-24.04
    steps:
      - uses: actions/checkout@v4
      - uses: actions-rs/toolchain@v1
        with:
          profile: minimal
          toolchain: ${{ inputs.toolchain }}
          override: true
      - run: rustup component add rustfmt
      - uses: actions-rs/cargo@v1
        with:
          command: fmt
          args: --all -- --check

  clippy:
    name: Clippy
    runs-on: ubuntu-24.04
    steps:
      - uses: actions/checkout@v4
      - uses: actions-rs/toolchain@v1
        with:
          profile: minimal
          toolchain: ${{ inputs.toolchain }}
          override: true
      - run: rustup component add clippy
      - uses: actions-rs/cargo@v1
        with:
          command: clippy

  release:
    if: base_ref == 'main'
    needs: [cargo-deny, check, fmt, test, clippy, audit]
    runs-on: ubuntu-24.04
    environment: "release"

    steps:
      - uses: actions/checkout@v2

      - uses: actions-rs/toolchain@v1
        with:
          profile: minimal
          toolchain: ${{ inputs.toolchain }}
          override: true

      - name: Build project
        run: cargo build --release

      - uses: actions/cache@v4
        with:
          path: |
            ~/.cargo/registry
            ~/.cargo/git
            target
          key: ${{ runner.os }}-cargo-release-${{ github.ref_name }}-${{ hashFiles('**/Cargo.lock') }}
          restore-keys: |
            ${{ runner.os }}-cargo-release-${{ github.ref_name }}

      - name: Release
        run: |
          for crate in $(cargo metadata --format-version=1 --no-deps | jq -r '.packages[].manifest_path' | xargs dirname); do
            echo "Publishing crate $crate..."
            cd $crate
            cargo publish ${{ inputs.publish_dry_run && '--dry-run' || '' }}
            cd ..
          done
        env:
          CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }}