chore(ci): externalize workflow scripts and relocate main flow doc (#722)

* feat: Add GitHub Actions workflows for security audits, CodeQL analysis, contributor updates, performance benchmarks, integration tests, fuzz testing, and reusable Rust build jobs - Implemented `sec-audit.yml` for Rust package security audits using `rustsec/audit-check` and `cargo-deny-action`. - Created `sec-codeql.yml` for CodeQL analysis scheduled twice daily. - Added `sync-contributors.yml` to update the NOTICE file with new contributors automatically. - Introduced `test-benchmarks.yml` for performance benchmarks using Criterion. - Established `test-e2e.yml` for running integration and end-to-end tests. - Developed `test-fuzz.yml` for fuzz testing with configurable runtime. - Created `test-rust-build.yml` as a reusable job for executing Rust commands with customizable parameters. - Documented main branch delivery flows in `main-branch-flow.md` for clarity on CI/CD processes. * ci(workflows): update workflow scripts and rename for clarity; remove obsolete lint feedback script * chore(ci): externalize workflow scripts and relocate main flow doc
2026-02-17 19:48:37 -05:00 · 2026-02-17 19:48:37 -05:00 · 69a3b54968
commit 69a3b54968
parent 41da46e2b2
34 changed files with 2090 additions and 1777 deletions
--- a/.github/workflows/sec-codeql.yml
+++ b/.github/workflows/sec-codeql.yml
@ -0,0 +1,39 @@
+name: CodeQL Analysis
+
+on:
+    schedule:
+        - cron: "0 6,18 * * *" # Twice daily at 6am and 6pm UTC
+    workflow_dispatch:
+
+concurrency:
+    group: codeql-${{ github.ref }}
+    cancel-in-progress: true
+
+permissions:
+    contents: read
+    security-events: write
+    actions: read
+
+jobs:
+    codeql:
+        name: CodeQL Analysis
+        runs-on: blacksmith-2vcpu-ubuntu-2404
+        timeout-minutes: 30
+        steps:
+            - name: Checkout repository
+              uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
+
+            - name: Initialize CodeQL
+              uses: github/codeql-action/init@9e907b5e64f6b83e7804b09294d44122997950d6 # v4
+              with:
+                  languages: rust
+                  config-file: ./.github/codeql/codeql-config.yml
+
+            - name: Set up Rust
+              uses: dtolnay/rust-toolchain@631a55b12751854ce901bb631d5902ceb48146f7 # stable
+
+            - name: Build
+              run: cargo build --workspace --all-targets
+
+            - name: Perform CodeQL Analysis
+              uses: github/codeql-action/analyze@9e907b5e64f6b83e7804b09294d44122997950d6 # v4