Develop

.github/workflows/build-test.yml

@@ -0,0 +1,24 @@
+name: Build & Test
+
+on:
+  pull_request:
+    branches: [main]
+  push:
+    branches: [main]
+
+jobs:
+  build:
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os: [ubuntu-latest, windows-latest, macos-latest]
+        rust: [stable, beta]
+    steps:
+      - uses: actions/checkout@v3
+      - uses: dtolnay/rust-toolchain@stable
+        with:
+          toolchain: ${{ matrix.rust }}
+      - name: Build
+        run: cargo build --all-features
+      - name: Run tests
+        run: cargo test --all-features

.github/workflows/lint.yml

@@ -0,0 +1,19 @@
+name: Lint
+
+on:
+  pull_request:
+    branches: [main]
+
+jobs:
+  clippy:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: dtolnay/rust-toolchain@stable
+        with:
+          toolchain: stable
+          components: clippy, rustfmt
+      - name: Rustfmt Check
+        run: cargo fmt -- --check
+      - name: Clippy Check
+        run: cargo clippy --all-targets --all-features -- -D warnings

.github/workflows/release.yml

@@ -0,0 +1,128 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - "v[0-9]+.[0-9]+.[0-9]+*"
+      - "dev-v[0-9]+.[0-9]+.[0-9]+*"
+
+jobs:
+  build_and_test:
+    name: Build and Test
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: dtolnay/rust-toolchain@stable
+        with:
+          toolchain: stable
+      - name: Build
+        run: cargo build --all-features --release
+      - name: Run tests
+        run: cargo test --all-features
+
+  build_release:
+    name: Build Release Binaries
+    needs: build_and_test
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        include:
+          - os: ubuntu-latest
+            artifact_name: rustybox
+            asset_name: rustybox-linux-amd64
+            target: x86_64-unknown-linux-gnu
+          # - os: windows-latest
+          #   artifact_name: rustybox.exe
+          #   asset_name: rustybox-windows-amd64.exe
+          #   target: x86_64-pc-windows-msvc
+          - os: macos-latest
+            artifact_name: rustybox
+            asset_name: rustybox-macos-amd64
+            target: x86_64-apple-darwin
+          - os: macos-latest
+            artifact_name: rustybox
+            asset_name: rustybox-macos-arm64
+            target: aarch64-apple-darwin
+
+    steps:
+      - uses: actions/checkout@v3
+      - uses: dtolnay/rust-toolchain@stable
+        with:
+          toolchain: stable
+          targets: ${{ matrix.target }}
+
+      - name: Install cross-compilation dependencies
+        if: matrix.target == 'aarch64-unknown-linux-gnu'
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y gcc-aarch64-linux-gnu
+
+      - name: Build binary
+        run: cargo build --release --target ${{ matrix.target }}
+
+      - name: Prepare binary
+        shell: bash
+        run: |
+          mkdir -p release
+          if [ "${{ matrix.os }}" = "windows-latest" ]; then
+            cp target/${{ matrix.target }}/release/${{ matrix.artifact_name }} release/${{ matrix.asset_name }}
+          else
+            cp target/${{ matrix.target }}/release/${{ matrix.artifact_name }} release/${{ matrix.asset_name }}
+            chmod +x release/${{ matrix.asset_name }}
+          fi
+
+      - name: Upload artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ matrix.asset_name }}
+          path: release/${{ matrix.asset_name }}
+          if-no-files-found: error
+
+  create_release:
+    name: Create GitHub Release
+    needs: build_release
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Download all artifacts
+        uses: actions/download-artifact@v4
+        with:
+          path: artifacts
+
+      - name: Check if development release
+        id: check_dev
+        run: |
+          if [[ "${{ github.ref_name }}" == dev-* ]]; then
+            echo "is_dev=true" >> $GITHUB_OUTPUT
+          else
+            echo "is_dev=false" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Create Release
+        id: create_release
+        uses: softprops/action-gh-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          tag_name: ${{ github.ref_name }}
+          name: ${{ steps.check_dev.outputs.is_dev == 'true' && format('Development Release {0}', github.ref_name) || format('Release {0}', github.ref_name) }}
+          body: |
+            ## Binary Downloads
+
+            The following binaries are available for this release:
+            * Linux (amd64)
+            * macOS (amd64)
+            * macOS (arm64)
+
+            ${{ steps.check_dev.outputs.is_dev == 'true' && '⚠️ This is a development release from the develop branch and may contain unstable features.' || '' }}
+          draft: false
+          prerelease: ${{ steps.check_dev.outputs.is_dev }}
+          files: |
+            artifacts/rustybox-linux-amd64/rustybox-linux-amd64
+            artifacts/rustybox-macos-amd64/rustybox-macos-amd64
+            artifacts/rustybox-macos-arm64/rustybox-macos-arm64

.github/workflows/sast.yml

@@ -0,0 +1,15 @@
+name: Static Analysis
+
+on:
+  pull_request:
+    branches: [main]
+
+jobs:
+  sast:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Install cargo-deny
+        run: cargo install --locked cargo-deny
+      - name: Run cargo-deny
+        run: cargo deny check bans licenses sources

.github/workflows/security-audit.yml

@@ -0,0 +1,17 @@
+name: Cargo Audit
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  audit:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Install cargo-audit
+        run: cargo install cargo-audit --locked
+      - name: Run cargo audit
+        run: cargo audit