From 65fc5d5ed7e272c3b7a639ffb4efc9c753437187 Mon Sep 17 00:00:00 2001
From: seth <getchoo@tuta.io>
Date: Sun, 3 Dec 2023 04:16:57 -0500
Subject: [PATCH] ci: add clippy/rustfmt checks

Signed-off-by: seth <getchoo@tuta.io>
---
 .github/workflows/check.yml | 68 +++++++++++++++++++++++++++++++++++++
 .github/workflows/lint.yml  | 25 --------------
 2 files changed, 68 insertions(+), 25 deletions(-)
 create mode 100644 .github/workflows/check.yml
 delete mode 100644 .github/workflows/lint.yml

diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml
new file mode 100644
index 0000000..6b27d70
--- /dev/null
+++ b/.github/workflows/check.yml
@@ -0,0 +1,68 @@
+name: Check
+
+on:
+  push:
+    branches: ['main']
+  pull_request:
+
+jobs:
+  rustfmt:
+    name: Run rustfmt
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install Rust
+        uses: dtolnay/rust-toolchain@stable
+        with:
+          toolchain: stable
+          components: rustfmt
+
+      - name: Setup Rust cache
+        uses: Swatinem/rust-cache@v2
+
+      - name: Run rustfmt
+        run: cargo fmt --all -- --check
+
+  clippy:
+    name: Run Clippy scan
+    runs-on: ubuntu-latest
+
+    permissions:
+      security-events: write
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install Rust
+        uses: dtolnay/rust-toolchain@stable
+        with:
+          toolchain: stable
+          components: clippy
+
+      - name: Setup Rust cache
+        uses: Swatinem/rust-cache@v2
+
+      - name: Install SARIF tools
+        run: cargo install clippy-sarif sarif-fmt
+
+      - name: Fetch Cargo deps
+        run: cargo fetch --locked
+
+      - name: Run Clippy
+        continue-on-error: true
+        run: |
+          set -euxo pipefail
+
+          cargo clippy \
+            --all-features \
+            --all-targets \
+            --message-format=json \
+          | clippy-sarif | tee /tmp/clippy.sarif | sarif-fmt
+
+      - name: Upload results
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: /tmp/clippy.sarif
+          wait-for-processing: true
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
deleted file mode 100644
index a7a80ce..0000000
--- a/.github/workflows/lint.yml
+++ /dev/null
@@ -1,25 +0,0 @@
-name: Lint
-
-on:
-  push:
-    branches: ['main']
-  pull_request:
-    branches: ['main']
-
-jobs:
-  lint:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
-      - name: Install Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: 20
-      - name: Install pnpm
-        uses: pnpm/action-setup@v2
-
-      - name: Install dependencies
-        run: pnpm install
-      - name: Lint
-        run: pnpm run lint