feat: kinda curious how clippy will pan out

Author: blitss

.github/workflows/ci.yaml

@@ -43,7 +43,7 @@ jobs:
           PGRX_VERSION=$(cargo metadata --format-version 1 | jq -r '.packages[]|select(.name=="pgrx")|.version')
           cargo install --locked --version=$PGRX_VERSION cargo-pgrx --debug --force
           cargo pgrx init --pg14 $(which pg_config)
-      - name: Install TypeID/PRQL
+      - name: Install TypeID/pgrx
         run: |
           cargo pgrx install --no-default-features --release --sudo
       - name: Start PostgreSQL
@@ -63,19 +63,4 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v4
       - name: Run rustfmt
-        run: cargo fmt -- --check
-  rust-clippy:
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        pg: [ "16" ]
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-      - name: Install cargo-pgrx
-        run: |
-          PGRX_VERSION=$(cargo metadata --format-version 1 | jq -r '.packages[]|select(.name=="pgrx")|.version')
-          cargo install --locked --version=$PGRX_VERSION cargo-pgrx --debug --force
-          cargo pgrx init --pg${{ matrix.pg }} download
-      - name: Run clippy
-        run: cargo clippy --all-targets --no-default-features --features pg${{ matrix.pg }} -- -D warnings
+        run: cargo fmt -- --check

.github/workflows/clippy.yaml

@@ -0,0 +1,66 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+# rust-clippy is a tool that runs a bunch of lints to catch common
+# mistakes in your Rust code and help improve your Rust code.
+# More details at https://github.com/rust-lang/rust-clippy
+# and https://rust-lang.github.io/rust-clippy/
+
+name: rust-clippy analyze
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ "main" ]
+  schedule:
+    - cron: '20 14 * * 5'
+
+jobs:
+  rust-clippy-analyze:
+    name: Run rust-clippy analyzing
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        pg: [ "16" ]
+    permissions:
+      contents: read
+      security-events: write
+      actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Install Rust toolchain
+        uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af #@v1
+        with:
+          profile: minimal
+          toolchain: stable
+          components: clippy
+          override: true
+
+
+      - name: Install cargo-pgrx
+        run: |
+          PGRX_VERSION=$(cargo metadata --format-version 1 | jq -r '.packages[]|select(.name=="pgrx")|.version')
+          cargo install --locked --version=$PGRX_VERSION cargo-pgrx --debug --force
+          cargo pgrx init --pg${{ matrix.pg }} download
+          
+      - name: Install required cargo
+        run: cargo install clippy-sarif sarif-fmt
+
+      - name: Run rust-clippy
+        run:
+          cargo clippy
+          --all-features
+          --message-format=json | clippy-sarif | tee rust-clippy-results.sarif | sarif-fmt
+        continue-on-error: true
+
+      - name: Upload analysis results to GitHub
+        uses: github/codeql-action/upload-sarif@v1
+        with:
+          sarif_file: rust-clippy-results.sarif
+          wait-for-processing: true