👷 add test coverage and openssf scorecard

.github/workflows/scorecards.yml

@@ -0,0 +1,56 @@
+name: Scorecard analysis workflow
+on:
+  # Only the default branch is supported.
+  branch_protection_rule:
+  schedule:
+    # Weekly on Saturdays.
+    - cron: "30 1 * * 6"
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+# Declare default permissions as read only.
+permissions: read-all
+
+jobs:
+  analysis:
+    name: Scorecard analysis
+    runs-on: ubuntu-latest
+    permissions:
+      # Needed if using Code scanning alerts
+      security-events: write
+      # Needed for GitHub OIDC token if publish_results is true
+      id-token: write
+
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+        with:
+          persist-credentials: false
+
+      - name: "Run analysis"
+        uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
+        with:
+          results_file: results.sarif
+          results_format: sarif
+          # Publish the results for public repositories to enable scorecard badges. For more details, see
+          # https://github.com/ossf/scorecard-action#publishing-results.
+          # For private repositories, `publish_results` will automatically be set to `false`, regardless
+          # of the value entered here.
+          publish_results: true
+
+      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
+      # format to the repository Actions tab.
+      - name: "Upload artifact"
+        uses: actions/upload-artifact@1eb3cb2b3e0f29609092a73eb033bb759a334595 # v4.1.0
+        with:
+          name: SARIF file
+          path: results.sarif
+          retention-days: 30
+
+      # required for Code scanning alerts
+      - name: "Upload SARIF results to code scanning"
+        uses: github/codeql-action/upload-sarif@49abf0ba24d0b7953cb586944e918a0b92074c80 # v2.22.4
+        with:
+          sarif_file: results.sarif

.github/workflows/test.yml

@@ -22,6 +22,13 @@
       - uses: dtolnay/rust-toolchain@nightly
       - uses: Swatinem/rust-cache@v2
       - run: cargo test -- --nocapture
+      - name: Generate coverage report
+        run: cargo install cargo-tarpaulin && cargo tarpaulin --out Xml
+      - name: Upload coverage reports to Codecov
+        uses: codecov/codecov-action@v4.0.1
+        with:
+          files: ./coverage.xml
+          token: ${{ secrets.CODECOV_TOKEN }}
 
   clippy:
     runs-on: ubuntu-latest

README.md

@@ -1,6 +1,9 @@
 <div align="center">
 
-  [![Test Workflow Status](https://github.com/Bitcoin-Wildlife-Sanctuary/bitcoin-circle-stark/actions/workflows/test.yml/badge.svg)](https://github.com/Bitcoin-Wildlife-Sanctuary/bitcoin-circle-stark/actions/workflows/test.yml)
+<a href="https://github.com/Bitcoin-Wildlife-Sanctuary/bitcoin-circle-stark/actions/workflows/test.yml"><img alt="GitHub Workflow Status (with event)" src="https://img.shields.io/github/actions/workflow/status/Bitcoin-Wildlife-Sanctuary/bitcoin-circle-stark/test.yml?style=for-the-badge" height=30></a>
+<a href="https://securityscorecards.dev/viewer/?uri=github.com/Bitcoin-Wildlife-Sanctuary/bitcoin-circle-stark"><img alt="OpenSSF Scorecard Report" src="https://img.shields.io/ossf-scorecard/github.com/Bitcoin-Wildlife-Sanctuary/bitcoin-circle-stark?label=openssf%20scorecard&style=for-the-badge" height=30></a>
+<a href="https://github.com/Bitcoin-Wildlife-Sanctuary/bitcoin-circle-stark/blob/main/LICENSE"><img src="https://img.shields.io/github/license/Bitcoin-Wildlife-Sanctuary/bitcoin-circle-stark.svg?style=for-the-badge" alt="Project license" height="30"></a>
+<a href="https://twitter.com/bitcoinwildlife"><img src="https://img.shields.io/twitter/follow/bitcoinwildlife?style=for-the-badge&logo=twitter" alt="Follow bitcoinwildlife on Twitter" height="30"></a>
 
 </div>