From 2bbc704edd74847a93359cbc462a3e765bda8803 Mon Sep 17 00:00:00 2001
From: Andrew Brown <andrew.brown@intel.com>
Date: Thu, 26 Sep 2024 10:22:26 -0700
Subject: [PATCH] ci: run `rust-clippy`, send results to CodeQL (#161)

This adds a new analysis job to run Rust's code quality analyzer,
`rust-clippy`, and upload the JSON results to GitHub's CodeQL service.
This template was suggested by GitHub itself and I've modified it to fit
our repository; let's see how this goes.
---
 .github/workflows/codeql.yml | 35 +++++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index eefd1dc..c2beae4 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -71,3 +71,38 @@ jobs:
         uses: github/codeql-action/analyze@e8893c57a1f3a2b659b6b55564fdfdbbd2982911 # v3.24.0
         with:
           category: "/language:${{matrix.language}}"
+
+  analyze_rust:
+    name: Analyze (Rust)
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: rust
+    permissions:
+      contents: read
+      security-events: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - name: Install clippy
+        run: rustup component add clippy
+
+      - name: Install cargo-binstall
+        uses: cargo-bins/cargo-binstall@v1.10.6
+
+      - name: Install dependencies
+        run: cargo binstall --no-confirm clippy-sarif sarif-fmt
+
+      - name: Run clippy
+        run: |
+          cargo clippy --all-features --message-format=json > clippy.json
+          clippy-sarif --input clippy.json --output clippy.sarif
+          sarif-fmt --input clippy.sarif
+        continue-on-error: true
+
+      - name: Upload analysis
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: rust/clippy.sarif
+          wait-for-processing: true