firezone/.github/workflows/_rust.yml

name: Rust
on:
  workflow_call:

defaults:
  run:
    working-directory: ./rust

permissions:
  contents: 'read'
  id-token: 'write'

jobs:
  static-analysis:
    strategy:
      fail-fast: false
      matrix:
        runs-on:
          # We only need to run static analysis checks per OS family
          - ubuntu-22.04
          - macos-13
          - windows-2022
        # TODO: https://github.com/rust-lang/cargo/issues/5220
        include:
          - runs-on: ubuntu-22.04
            packages: # Intentionally blank as a package catch-all linter
          - runs-on: macos-13
            packages: -p connlib-client-apple
          - runs-on: windows-2022
            packages: -p connlib-client-shared -p firezone-windows-client
    runs-on: ${{ matrix.runs-on }}
    steps:
      - uses: actions/checkout@v4
      - uses: ./.github/actions/setup-rust
      - run: cargo fmt -- --check
      - run: |
          cargo doc --all-features --no-deps --document-private-items ${{ matrix.packages }}
        env:
          RUSTDOCFLAGS: "-D warnings"
      - run: |
          cargo clippy --all-targets --all-features ${{ matrix.packages }} -- -D warnings

  test:
    strategy:
      fail-fast: false
      matrix:
        # TODO: https://github.com/rust-lang/cargo/issues/5220
        include:
          - runs-on: ubuntu-20.04
            packages: -p firezone-linux-client -p firezone-gateway -p connlib-client-android
          - runs-on: ubuntu-22.04
            packages: -p firezone-linux-client -p firezone-gateway -p connlib-client-android
          - runs-on: macos-12
            packages: -p connlib-client-apple
          - runs-on: macos-13
            packages: -p connlib-client-apple
          - runs-on: windows-2019
            packages: -p firezone-windows-client -p connlib-client-shared
          - runs-on: windows-2022
            packages: -p firezone-windows-client -p connlib-client-shared
    runs-on: ${{ matrix.runs-on }}
    steps:
      - uses: actions/checkout@v4
      - uses: ./.github/actions/setup-rust
      - run: cargo test --all-features ${{ matrix.packages }}

  # This should be identical to `build-push-windows-release-artifacts` in `cd.yml` except for the permissions, needs, and uploading step
  # TODO: Get rid of "temp" and figure out what to do with this
  build-tauri:
    runs-on: windows-2019
    defaults:
      run:
        working-directory: ./rust
    strategy:
      fail-fast: false
      # The matrix is 1x1 to match the style of build-push-linux-release-artifacts
      # In the future we could try to cross-compile aarch64-windows here.
      matrix:
        name:
          - package: firezone-windows-client
            artifact: windows-client
    env:
      BINARY_DEST_PATH: windows-client
    steps:
      - uses: actions/checkout@v4
      - uses: ./.github/actions/setup-rust
        with:
          targets: x86_64-pc-windows-msvc
      - name: Build release binaries
        run: |
          npm install -g @tauri-apps/cli

          # NPM installs tauri-cli to somewhere in $PATH
          tauri build

          # Used for release artifact
          # In release mode the name comes from tauri.conf.json
          cp "target/release/Firezone Windows Client.exe" "windows-client-x64.exe"

      - name: Save Windows client
        uses: actions/upload-artifact@v4
        with:
          name: windows-client-x64
          path: ${{ github.workspace }}/rust/windows-client-x64.exe
      - name: Save Windows installer
        uses: actions/upload-artifact@v4
        with:
          name: windows-client-x64-msi
          path: ${{ github.workspace }}/rust/target/release/bundle/msi

  smoke-test-relay:
    runs-on: ubuntu-22.04
    defaults:
      run:
        working-directory: ./rust/relay
    steps:
      - uses: actions/checkout@v4
      - uses: ./.github/actions/setup-rust
      - run: ./run_smoke_test.sh