ci: overhaul CI/CD pipeline and add tooling configs

- Add ci.yml: test matrix (ubuntu/macos/windows), lint, conventional commits check (cocogitto), cargo-deny, MSRV, and semver jobs - Add release.yml: tag-triggered publish to crates.io + GitHub release - Remove stale rust.yml and rust-clippy.yml workflows - Add deny.toml for cargo-deny license/advisory/ban/source checks - Add cog.toml for cocogitto conventional commits and changelog generation - Add Justfile with test, check, fmt, commits, release, push-tag targets - Add CHANGELOG.md seed file - Add PULL_REQUEST_TEMPLATE.md with conventional commits checklist - Update dependabot.yml: weekly schedule with grouped patch/minor updates
2026-06-05 15:26:53 -04:00 · 2026-05-13 14:16:08 -04:00
parent 01ef25b953
commit 52910538df
10 changed files with 521 additions and 192 deletions
@@ -0,0 +1,44 @@
+# cargo-deny configuration
+# https://embarkstudios.github.io/cargo-deny/
+
+[graph]
+# Check all targets, not just the host.
+all-features = true
+
+# ---------------------------------------------------------------------------
+# Licenses
+# ---------------------------------------------------------------------------
+[licenses]
+# Minimum confidence threshold for license detection (0.0 – 1.0).
+confidence-threshold = 0.8
+
+# Licenses we explicitly permit across the entire dependency tree.
+allow = [
+    "MIT",
+    "Apache-2.0",
+    "Unicode-3.0",
+]
+
+# ---------------------------------------------------------------------------
+# Security advisories
+# ---------------------------------------------------------------------------
+[advisories]
+# Deny crates with known security vulnerabilities.
+version = 2
+
+# ---------------------------------------------------------------------------
+# Crate bans
+# ---------------------------------------------------------------------------
+[bans]
+# Deny multiple versions of the same crate (can cause bloat and confusion).
+multiple-versions = "warn"
+# Deny wildcard dependencies.
+wildcards = "deny"
+
+# ---------------------------------------------------------------------------
+# Crate sources
+# ---------------------------------------------------------------------------
+[sources]
+# Only allow crates from crates.io.
+unknown-registry = "deny"
+unknown-git = "deny"