name: CI

permissions:
  contents: read

on:
  pull_request:
  push:
    branches:
      - master
  schedule:
    - cron: '0 2 * * 0'

env:
  CARGO_INCREMENTAL: 0
  CARGO_NET_GIT_FETCH_WITH_CLI: true
  CARGO_NET_RETRY: 10
  CARGO_TERM_COLOR: always
  RUST_BACKTRACE: 1
  RUSTFLAGS: -D warnings
  RUSTDOCFLAGS: -D warnings
  RUSTUP_MAX_RETRIES: 10

defaults:
  run:
    shell: bash

jobs:
  test:
    runs-on: ${{ matrix.os }}
    strategy:
      fail-fast: false
      matrix:
        os: [ubuntu-latest]
        rust: [nightly, beta, stable]
    steps:
      - uses: actions/checkout@v3
      - name: Install Rust
        run: rustup update ${{ matrix.rust }} && rustup default ${{ matrix.rust }}
      - run: rustup target add thumbv7m-none-eabi
      - name: Install cargo-hack
        uses: taiki-e/install-action@cargo-hack
      - run: cargo build --all --all-features --all-targets
      - run: cargo hack build --feature-powerset --no-dev-deps
      - run: cargo hack build --feature-powerset --no-dev-deps --target thumbv7m-none-eabi
      - run: cargo test

  msrv:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        # When updating this, the reminder to update the minimum supported
        # Rust version in Cargo.toml.
        rust: ['1.36']
    steps:
      - uses: actions/checkout@v3
      - name: Install Rust
        run: rustup update ${{ matrix.rust }} && rustup default ${{ matrix.rust }}
      - run: cargo build

  clippy:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Install Rust
        run: rustup update stable
      - run: cargo clippy --all-features --all-targets

  fmt:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Install Rust
        run: rustup update stable
      - run: cargo fmt --all --check

  miri:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Install Rust
        run: rustup toolchain install nightly --component miri && rustup default nightly
      - run: cargo miri test
        env:
          MIRIFLAGS: -Zmiri-strict-provenance -Zmiri-symbolic-alignment-check -Zmiri-disable-isolation
          RUSTFLAGS: ${{ env.RUSTFLAGS }} -Z randomize-layout

  security_audit:
    permissions:
      checks: write
      contents: read
      issues: write
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      # https://github.com/rustsec/audit-check/issues/2
      - uses: rustsec/audit-check@master
        with:
          token: ${{ secrets.GITHUB_TOKEN }}