donutbrowser/.github/workflows/lint-rs.yml

# Installs Rust and checks formatting + linting

name: Lint Rust

on:
  workflow_call:
  push:
    branches:
      - main
    tags:
      - "v*"
  pull_request:
    paths-ignore:
      - "src/**"
      - "package.json"
      - "pnpm-lock.yaml"
      - "yarn.lock"
      - "README.md"
      - ".github/workflows/lint-js.yml"
      - ".github/workflows/osv.yml"
      - "next.config.js"
      - "tailwind.config.js"
      - "tsconfig.json"
      - "biome.json"

permissions:
  contents: read

jobs:
  build:
    strategy:
      fail-fast: false
      matrix:
        os: [macos-latest, ubuntu-22.04, windows-latest]

    runs-on: ${{ matrix.os }}

    steps:
      - name: Disable git core.autocrlf on Windows
        if: matrix.os == 'windows-latest'
        run: git config --global core.autocrlf false

      - name: Checkout repository code
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2

      - name: Set up pnpm package manager
        uses: pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093 #v6.0.8
        with:
          run_install: false

      - name: Set up Node.js
        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f #v6.1.0
        with:
          node-version-file: .node-version
          cache: "pnpm"

      - name: Install Rust toolchain
        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 #master
        with:
          toolchain: stable
          components: rustfmt, clippy

      - name: Install cargo-audit
        run: cargo install cargo-audit

      - name: Install dependencies (Ubuntu only)
        if: matrix.os == 'ubuntu-22.04'
        run: |
          sudo apt-get update
          sudo apt install libwebkit2gtk-4.1-dev build-essential curl wget file libxdo-dev libssl-dev libayatana-appindicator3-dev librsvg2-dev openvpn

      - name: Install frontend dependencies
        run: pnpm install --frozen-lockfile

      - name: Build frontend
        run: pnpm next build

      - name: Get host target
        id: host_target
        shell: bash
        run: |
          HOST_TARGET=$(rustc -vV | sed -n 's|host: ||p')
          echo "target=${HOST_TARGET}" >> $GITHUB_OUTPUT
          echo "Host target: ${HOST_TARGET}"

      - name: Build sidecar binaries
        shell: bash
        working-directory: ./src-tauri
        run: |
          cargo build --bin donut-proxy --release
          cargo build --bin donut-daemon --release

      - name: Copy sidecar binaries to Tauri binaries
        shell: bash
        run: |
          mkdir -p src-tauri/binaries
          HOST_TARGET="${{ steps.host_target.outputs.target }}"
          if [[ "$HOST_TARGET" == *"windows"* ]]; then
            cp src-tauri/target/release/donut-proxy.exe src-tauri/binaries/donut-proxy-${HOST_TARGET}.exe
            cp src-tauri/target/release/donut-daemon.exe src-tauri/binaries/donut-daemon-${HOST_TARGET}.exe
          else
            cp src-tauri/target/release/donut-proxy src-tauri/binaries/donut-proxy-${HOST_TARGET}
            cp src-tauri/target/release/donut-daemon src-tauri/binaries/donut-daemon-${HOST_TARGET}
            chmod +x src-tauri/binaries/donut-proxy-${HOST_TARGET}
            chmod +x src-tauri/binaries/donut-daemon-${HOST_TARGET}
          fi

      - name: Run rustfmt check
        run: cargo fmt --all -- --check
        working-directory: src-tauri

      - name: Run clippy check and deny warnings
        run: cargo clippy --all-targets --all-features -- -D warnings -D clippy::all
        working-directory: src-tauri

      - name: Run test suite
        run: pnpm test

      - name: Run cargo audit security check
        run: cargo audit
        working-directory: src-tauri