backend-rust-checks.yaml

name: (Backend) Rust checks (security, clippy, rustfmt)
on:
  push:
    branches: [ 'main' ]
    paths:
      - 'backend/**'
  pull_request:
    paths:
      - 'backend/**'

# Set default working directory
defaults:
  run:
    working-directory: ./backend  # Change the working directory to /backend

jobs:
  security_audit:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      # cargo audit
      - name: Install cargo-audit
        run: cargo install --force cargo-audit
      - name: Run cargo-audit
        run: cargo audit --ignore RUSTSEC-2023-0071 # Marvin attack (RSA) crate. Being worked on.

  clippy:
    env:
      RUSTFLAGS: "-Dwarnings"
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Run Clippy
        run: RUSTFLAGS="-Dwarnings" cargo clippy

  formatting:
    runs-on: ubuntu-latest
    permissions: write-all
    steps:
      - uses: actions/checkout@v4
      - run: echo "date=$(date -d '1 month ago' +'%Y-%m-%d')" >> $GITHUB_ENV
      - uses: dtolnay/rust-toolchain@master
        with:
          toolchain: nightly-${{ env.date }}
          components: rustfmt
      - uses: LoliGothick/rustfmt-check@master
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          toolchain: nightly-${{ env.date }}
          flags: --all
          args: --config-path=./backend/rustfmt.toml
          working-directory: ./backend

  benchmarks:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Run benchmarks
        run: cargo bench