From 1fcdbfd7a0067fc3040a313c07942f139f75f727 Mon Sep 17 00:00:00 2001
From: Ryan Jordan <ryjordan@gmail.com>
Date: Mon, 28 Jul 2025 12:24:13 -0500
Subject: [PATCH] feat: implement CI/CD pipeline for automated testing and
 quality checks

- Add GitHub Actions workflow with multi-platform and multi-version testing
- Configure automated code quality checks (clippy, fmt, audit)
- Implement dependency caching for faster builds
- Add branch protection rules documentation

Closes #11
---
 .github/branch-protection.md |  29 ++++++++
 .github/workflows/ci.yml     | 134 +++++++++++++++++++++++++++++++++++
 2 files changed, 163 insertions(+)
 create mode 100644 .github/branch-protection.md
 create mode 100644 .github/workflows/ci.yml

diff --git a/.github/branch-protection.md b/.github/branch-protection.md
new file mode 100644
index 0000000..a2f2925
--- /dev/null
+++ b/.github/branch-protection.md
@@ -0,0 +1,29 @@
+# Branch Protection Rules
+
+To complete the CI/CD setup, configure the following branch protection rules for the `main` branch:
+
+## Required Settings
+
+1. **Navigate to**: Settings → Branches → Add rule
+2. **Branch name pattern**: `main`
+3. **Enable these protections**:
+   - ✅ Require a pull request before merging
+     - ✅ Require approvals: 1
+     - ✅ Dismiss stale pull request approvals when new commits are pushed
+   - ✅ Require status checks to pass before merging
+     - ✅ Require branches to be up to date before merging
+     - **Required status checks**:
+       - `Test Suite (ubuntu-latest, stable)`
+       - `Test Suite (windows-latest, stable)`
+       - `Test Suite (macos-latest, stable)`
+       - `Rustfmt`
+       - `Clippy`
+       - `Security Audit`
+       - `Check`
+   - ✅ Require conversation resolution before merging
+   - ✅ Include administrators (optional, but recommended)
+
+## Notes
+- The CI workflow must run at least once before status checks appear in the selection list
+- Consider making the beta and nightly tests non-required to prevent breaking changes from blocking PRs
+- The status check names must match exactly as they appear after the first CI run
\ No newline at end of file
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
new file mode 100644
index 0000000..dc7d7d6
--- /dev/null
+++ b/.github/workflows/ci.yml
@@ -0,0 +1,134 @@
+name: CI
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+
+env:
+  CARGO_TERM_COLOR: always
+
+jobs:
+  test:
+    name: Test Suite
+    runs-on: ${{ matrix.os }}
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu-latest, windows-latest, macos-latest]
+        rust: [stable, beta, nightly]
+    steps:
+      - uses: actions/checkout@v4
+      
+      - name: Install Rust
+        uses: dtolnay/rust-toolchain@master
+        with:
+          toolchain: ${{ matrix.rust }}
+          components: rustfmt, clippy
+      
+      - name: Cache cargo registry
+        uses: actions/cache@v4
+        with:
+          path: |
+            ~/.cargo/bin/
+            ~/.cargo/registry/index/
+            ~/.cargo/registry/cache/
+            ~/.cargo/git/db/
+            target/
+          key: ${{ runner.os }}-cargo-${{ matrix.rust }}-${{ hashFiles('**/Cargo.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-cargo-${{ matrix.rust }}-
+            ${{ runner.os }}-cargo-
+      
+      - name: Build
+        run: cargo build --verbose
+      
+      - name: Run tests
+        run: cargo test --verbose
+      
+      - name: Build release
+        run: cargo build --release --verbose
+
+  fmt:
+    name: Rustfmt
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      
+      - name: Install Rust
+        uses: dtolnay/rust-toolchain@stable
+        with:
+          components: rustfmt
+      
+      - name: Check formatting
+        run: cargo fmt --all -- --check
+
+  clippy:
+    name: Clippy
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      
+      - name: Install Rust
+        uses: dtolnay/rust-toolchain@stable
+        with:
+          components: clippy
+      
+      - name: Cache cargo registry
+        uses: actions/cache@v4
+        with:
+          path: |
+            ~/.cargo/bin/
+            ~/.cargo/registry/index/
+            ~/.cargo/registry/cache/
+            ~/.cargo/git/db/
+            target/
+          key: ${{ runner.os }}-cargo-clippy-${{ hashFiles('**/Cargo.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-cargo-clippy-
+            ${{ runner.os }}-cargo-
+      
+      - name: Run clippy
+        run: cargo clippy -- -D warnings
+
+  audit:
+    name: Security Audit
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      
+      - name: Install Rust
+        uses: dtolnay/rust-toolchain@stable
+      
+      - name: Install cargo-audit
+        run: cargo install cargo-audit
+      
+      - name: Run security audit
+        run: cargo audit
+
+  check:
+    name: Check
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      
+      - name: Install Rust
+        uses: dtolnay/rust-toolchain@stable
+      
+      - name: Cache cargo registry
+        uses: actions/cache@v4
+        with:
+          path: |
+            ~/.cargo/bin/
+            ~/.cargo/registry/index/
+            ~/.cargo/registry/cache/
+            ~/.cargo/git/db/
+            target/
+          key: ${{ runner.os }}-cargo-check-${{ hashFiles('**/Cargo.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-cargo-check-
+            ${{ runner.os }}-cargo-
+      
+      - name: Run check
+        run: cargo check --verbose
\ No newline at end of file