From 00974c679a0339d5d226cd106fd9b9ca0877b354 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20NEDJAR?= <sebastien@nedjar.com>
Date: Tue, 28 Apr 2026 12:03:58 +0200
Subject: [PATCH 1/2] build: validate PRs and mirror release matrix in CI
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Three issues with the previous CI:

- Triggered only on push-to-main and workflow_dispatch, so PRs were
  never validated before merge — code only got verified after it had
  already landed. PR #5 was effectively merged unchecked.

- Built on ubuntu-latest (currently ubuntu-24.04) while releases
  target both ubuntu-22.04 and ubuntu-24.04. A version-specific
  glibc/libudev issue could break the release without warning.

- No clippy or rustfmt at all, so style and obvious bugs went
  uncaught.

Add `pull_request` trigger, build matrix on the same OSes the release
matrix uses, and a separate lint job running clippy + fmt. The lint
job is `continue-on-error: true` for now because the codebase has 41
clippy warnings and isn't currently fmt-clean — making them blocking
would force a large cleanup PR. They'll show up in the checks tab so
maintainers see the trend, and a follow-up PR can flip them to
blocking once the warnings are addressed.
---
 .github/workflows/ci.yaml | 38 ++++++++++++++++++++++++++++++++++----
 1 file changed, 34 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 894af11..67e8881 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -5,11 +5,18 @@ on:
   push:
     branches:
         - main
+  pull_request:
+    branches:
+        - main
 
 jobs:
-  ci:
-    name: "C.I"
-    runs-on: ubuntu-latest
+  build:
+    name: "Build (${{matrix.os}})"
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu-22.04, ubuntu-24.04]
+    runs-on: ${{matrix.os}}
     steps:
       - uses: actions/checkout@v4
 
@@ -19,5 +26,28 @@ jobs:
       - name: Install Rust
         run: curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
 
-      - name: Build ubuntu version
+      - name: Build
         run: cargo build --release --locked
+
+  lint:
+    name: "Lint (informational)"
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install packages
+        run: sudo apt install libatk1.0-dev pkg-config libgtk-3-dev libudev-dev
+
+      - name: Install Rust + clippy + rustfmt
+        run: |
+          curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
+          "$HOME/.cargo/bin/rustup" component add clippy rustfmt
+          echo "$HOME/.cargo/bin" >> "$GITHUB_PATH"
+
+      - name: cargo fmt --check
+        continue-on-error: true
+        run: cargo fmt --all -- --check
+
+      - name: cargo clippy
+        continue-on-error: true
+        run: cargo clippy --release --locked --all-targets

From 0384285b9f88b72bdaf7384734860a4c657b86ca Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20NEDJAR?= <sebastien@nedjar.com>
Date: Tue, 28 Apr 2026 12:12:01 +0200
Subject: [PATCH 2/2] build: harden CI workflow per Copilot review
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Three issues flagged on PR #12:

- apt installs lacked `-y` and didn't refresh the index, so they could
  block on a prompt or hit a stale cache. Switched to
  `apt-get update` + `apt-get install -y` for both jobs.

- The build job ran `curl ... | sh -s -- -y` to install Rust but never
  exported `$HOME/.cargo/bin` to `GITHUB_PATH`. Subsequent steps were
  silently using whatever cargo the runner had pre-installed instead
  of the freshly installed toolchain — coincidentally fine, but wrong.

- Piping a remote script into sh ties CI to an unpinned external
  endpoint at every run. Both jobs now use `dtolnay/rust-toolchain@stable`,
  the de-facto standard action used by the Rust project itself.

Net effect: CI is shorter, reproducible, and consistent across both
build and lint jobs.
---
 .github/workflows/ci.yaml | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 67e8881..da43567 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -21,10 +21,12 @@ jobs:
       - uses: actions/checkout@v4
 
       - name: Install packages
-        run: sudo apt install libatk1.0-dev pkg-config libgtk-3-dev libudev-dev
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y libatk1.0-dev pkg-config libgtk-3-dev libudev-dev
 
       - name: Install Rust
-        run: curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
+        uses: dtolnay/rust-toolchain@stable
 
       - name: Build
         run: cargo build --release --locked
@@ -36,13 +38,14 @@ jobs:
       - uses: actions/checkout@v4
 
       - name: Install packages
-        run: sudo apt install libatk1.0-dev pkg-config libgtk-3-dev libudev-dev
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y libatk1.0-dev pkg-config libgtk-3-dev libudev-dev
 
       - name: Install Rust + clippy + rustfmt
-        run: |
-          curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
-          "$HOME/.cargo/bin/rustup" component add clippy rustfmt
-          echo "$HOME/.cargo/bin" >> "$GITHUB_PATH"
+        uses: dtolnay/rust-toolchain@stable
+        with:
+          components: clippy, rustfmt
 
       - name: cargo fmt --check
         continue-on-error: true