chore: Makefile

Signed-off-by: Alexis Delain <quiet.syscall@proton.me>

Author: QuietSyscall

Makefile

@@ -0,0 +1,174 @@
+# rclib Makefile
+# Thorough code checking and development automation
+
+CI := 1
+
+# -------- Utility macros --------
+define ensure_tool
+	@command -v $(1) >/dev/null || (echo "Installing $(1)..." && cargo install $(1))
+endef
+
+# Show the help message with list of commands (default target)
+help:
+	@echo "rclib Development Commands"
+	@echo "=========================="
+	@echo ""
+	@echo "Code Formatting:"
+	@echo "  make fmt          - Check code formatting"
+	@echo "  make dev-fmt      - Auto-fix code formatting"
+	@echo ""
+	@echo "Code Quality:"
+	@echo "  make clippy       - Run clippy linter"
+	@echo "  make lint         - Check for compile warnings"
+	@echo "  make dev-clippy   - Auto-fix clippy warnings"
+	@echo ""
+	@echo "Code Safety:"
+	@echo "  make kani         - Run Kani verifier for safety checks"
+	@echo "  make geiger       - Run Geiger scanner for unsafe code"
+	@echo "  make safety       - Run all code safety checks"
+	@echo ""
+	@echo "Security:"
+	@echo "  make deny         - Check licenses and dependencies"
+	@echo "  make security     - Run all security checks"
+	@echo ""
+	@echo "Tests:"
+	@echo "  make test         - Run all tests"
+	@echo "  make test-lib     - Run library tests only"
+	@echo "  make test-int     - Run integration tests only"
+	@echo ""
+	@echo "Coverage:"
+	@echo "  make coverage     - Generate code coverage report (HTML)"
+	@echo "  make coverage-text - Generate code coverage report (text)"
+	@echo ""
+	@echo "Development:"
+	@echo "  make dev          - Auto-fix formatting and clippy, then test"
+	@echo "  make dev-test     - Run tests in development mode"
+	@echo ""
+	@echo "Build:"
+	@echo "  make build        - Make a release build"
+	@echo "  make run          - Run the dummyjson-cli example"
+	@echo ""
+	@echo "Main Targets:"
+	@echo "  make check        - Run all quality checks"
+	@echo "  make ci           - Run CI pipeline"
+	@echo "  make all          - Run all checks, tests, and build"
+
+# -------- Code formatting --------
+.PHONY: fmt
+
+# Check code formatting
+fmt:
+	cargo fmt --all -- --check
+
+# -------- Code quality --------
+.PHONY: clippy lint
+
+# Run clippy linter
+clippy:
+	cargo clippy --workspace --all-targets --all-features -- -D warnings -D clippy::perf
+
+# Check there are no compile time warnings
+lint:
+	RUSTFLAGS="-D warnings" cargo check --workspace --all-targets --all-features
+
+# -------- Code safety checks --------
+.PHONY: kani geiger safety
+
+# The Kani Rust Verifier for checking safety of the code
+kani:
+	@command -v kani >/dev/null || \
+		(echo "Installing Kani verifier..." && \
+		 cargo install --locked kani-verifier)
+	cargo kani --workspace --all-features
+
+# Run Geiger scanner for unsafe code in dependencies
+geiger:
+	$(call ensure_tool,cargo-geiger)
+	cargo geiger --all-features
+
+# Run all code safety checks
+safety: clippy lint
+	@echo "OK. Rust Safety Pipeline complete"
+
+# -------- Code security checks --------
+.PHONY: deny security
+
+# Check licenses and dependencies
+deny:
+	$(call ensure_tool,cargo-deny)
+	cargo deny check
+
+# Run all security checks
+security: deny
+	@echo "OK. Rust Security Pipeline complete"
+
+# -------- Development and auto fix --------
+.PHONY: dev dev-fmt dev-clippy dev-test
+
+# Run tests in development mode
+dev-test:
+	cargo test --workspace
+
+# Auto-fix code formatting
+dev-fmt:
+	cargo fmt --all
+
+# Auto-fix clippy warnings
+dev-clippy:
+	cargo clippy --workspace --all-targets --fix --allow-dirty
+
+# Auto-fix formatting and clippy warnings
+dev: dev-fmt dev-clippy dev-test
+
+# -------- Tests --------
+.PHONY: test test-lib test-int
+
+# Run all tests
+test:
+	cargo test --workspace
+
+# Run library tests only
+test-lib:
+	cargo test -p rclib --lib
+
+# Run integration tests only
+test-int:
+	cargo test -p rclib --test integration_tests
+
+# -------- Code coverage --------
+.PHONY: coverage coverage-text
+
+# Generate code coverage report (HTML)
+coverage:
+	@command -v cargo-llvm-cov >/dev/null || (echo "Installing cargo-llvm-cov..." && cargo install cargo-llvm-cov)
+	cargo llvm-cov --workspace --html
+	@echo "Coverage report generated at target/llvm-cov/html/index.html"
+
+# Generate code coverage report (text)
+coverage-text:
+	@command -v cargo-llvm-cov >/dev/null || (echo "Installing cargo-llvm-cov..." && cargo install cargo-llvm-cov)
+	cargo llvm-cov --workspace
+
+# -------- Build --------
+.PHONY: build run
+
+# Make a release build using stable toolchain
+build:
+	cargo +stable build --release
+
+# Run the dummyjson-cli example
+run:
+	cargo run -p dummyjson-cli -- --help
+
+# -------- Main targets --------
+.PHONY: check ci all
+
+# Run all quality checks
+check: fmt clippy lint test security
+
+# Run CI pipeline
+ci: check
+
+# Run all necessary quality checks and tests and then build the release binary
+all: check build
+	@echo "All checks passed and release binary built successfully"

deny.toml

@@ -0,0 +1,133 @@
+# cargo-deny configuration for security, licenses, bans, and sources.
+# Docs: https://embarkstudios.github.io/cargo-deny/
+
+################################################################################
+# Dependency graph construction
+################################################################################
+[graph]
+# Optionally restrict targets to check (kept commented by default).
+# targets = [
+#   "x86_64-unknown-linux-gnu",
+#   { triple = "wasm32-unknown-unknown", features = ["atomics"] },
+# ]
+# all-features = true
+# exclude-dev = true
+# exclude-unpublished = false
+
+################################################################################
+# Security advisories (RustSec)
+################################################################################
+[advisories]
+# Local clone/cache of the RustSec advisory DB
+db-path = ".cargo/advisory-db"
+# Upstream advisory DBs to use
+db-urls = ["https://github.com/RustSec/advisory-db"]
+
+# How to treat "unmaintained" advisories:
+# one of: "all" | "workspace" | "transitive" | "none"
+# (This is NOT a severity level; it scopes where the rule applies.)
+unmaintained = "workspace"
+
+# Yanked crate versions still use classic lint levels.
+# one of: "deny" | "warn" | "allow"
+yanked = "warn"
+
+# List of advisory IDs to ignore (RUSTSEC-YYYY-XXXX, etc.)
+ignore = [
+  # "RUSTSEC-0000-0000",
+]
+
+# Note:
+# - Modern cargo-deny versions treat vulnerabilities as hard errors by default.
+# - If you must silence a specific vuln, add its ID to `ignore` above.
+
+################################################################################
+# License policy
+################################################################################
+[licenses]
+# Allow-list of SPDX license IDs
+allow = [
+  "MIT",
+  "Apache-2.0",
+  "Apache-2.0 WITH LLVM-exception",
+  "BSD-2-Clause",
+  "BSD-3-Clause",
+  "BSL-1.0",
+  "ISC",
+  "Unicode-3.0",
+  "CDLA-Permissive-2.0",
+  "MPL-2.0",
+  "Zlib"
+]
+
+# Confidence threshold (0.0..1.0) for license text detection
+confidence-threshold = 0.8
+
+# Per-crate exceptions (license(s) allowed only for a specific crate/version)
+exceptions = [
+  # { name = "some-crate", version = "*", allow = ["Zlib"] },
+]
+
+# Private workspace crates handling
+[licenses.private]
+# If true, ignore unpublished/private workspace crates for license checks
+ignore = false
+# Private registries considered "published" for the rule above
+registries = [
+  # "https://example.com/registry",
+]
+
+################################################################################
+# Duplicate versions / wildcards / bans
+################################################################################
+[bans]
+# Multiple versions of the same crate in the graph
+multiple-versions = "warn"
+
+# Version wildcards like "*"
+wildcards = "allow"
+
+# How to highlight in dot graphs when multiple versions are present
+# "lowest-version" | "simplest-path" | "all"
+highlight = "all"
+
+# Default lint level for `default-features` on workspace deps (requires the
+# `workspace-dependencies` feature in cargo-deny to take effect)
+workspace-default-features = "allow"
+
+# Allow-list of specific crates (use carefully)
+allow = [
+  # { name = "ansi_term", version = "=0.11.0" },
+]
+
+# Deny-list of specific crates (optionally with version ranges/wrappers)
+deny = [
+  # { name = "some-bad-crate", version = "*", wrappers = [] },
+]
+
+# Skip specific crate versions when checking for duplicates
+skip = [
+  # { name = "ansi_term", version = "=0.11.0" },
+]
+
+# Remove a crate subtree entirely from the graph for checks (stronger than skip)
+skip-tree = [
+  # { name = "ansi_term", version = "=0.11.0", depth = 1 },
+]
+
+################################################################################
+# Allowed sources (registries and git)
+################################################################################
+[sources]
+# Non-allowed registry encountered
+unknown-registry = "warn"
+
+# Non-allowed git source encountered
+unknown-git = "warn"
+
+# Allowed crate registries (empty list => none allowed)
+# Default crates.io index:
+allow-registry = ["https://github.com/rust-lang/crates.io-index"]
+
+# Allowed git repositories (empty => none)
+allow-git = []