ci: setup workflows

[Rindrics]

PR Type

Enhancement, Tests

---

Description

• Add comprehensive CI/CD workflows for automated testing and releases

  • CI workflow with code quality checks, multi-platform testing, and release builds
  • Release workflow for building and publishing binaries across multiple targets
  • Tagpr workflow for automated version tagging and release management

• Configure Dependabot for automated dependency updates

• Apply code formatting and style improvements across all source files

  • Reorganize imports alphabetically
  • Reformat function signatures and method calls for consistency
  • Fix test assertion syntax error in zip.rs

• Add new test for password uniqueness in compression functionality

---

Diagram Walkthrough

flowchart LR
  A["Source Code"] -->|"Code Quality Checks"| B["CI Workflow"]
  B -->|"Multi-platform Tests"| C["Test Results"]
  B -->|"Release Build"| D["Build Artifacts"]
  E["Git Tags"] -->|"Trigger"| F["Release Workflow"]
  F -->|"Build Binaries"| G["Release Assets"]
  H["Main Branch"] -->|"Trigger"| I["Tagpr Workflow"]
  I -->|"Auto-tag & Release"| E
  J["Dependencies"] -->|"Monitor"| K["Dependabot"]
  K -->|"Create PRs"| L["Dependency Updates"]

Loading

File Walkthrough

	Relevant files
Formatting	4 files config.rs Format function signatures and struct initialization          +25/-12  sender.rs Reformat trait method signature to single line                      +1/-5      sendgrid.rs Reorganize imports and reformat method signatures                +5/-10    main.rs Reorganize imports and reformat async method calls              +10/-12
Formatting, bug fix	1 files zip.rs Reorganize imports, reformat code, fix test assertion        +32/-19
Configuration changes	2 files dependabot.yml Add Dependabot configuration for dependency updates            +13/-0    .tagpr Add tagpr configuration for release automation                      +8/-0
Enhancement	3 files ci.yml Add comprehensive CI workflow for testing and quality checks +98/-0    release.yml Add release workflow for multi-platform binary builds        +134/-0  tagpr.yml Add tagpr workflow for automated version tagging                  +31/-0

---

[qodo-free-for-open-source-projects]

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
🔴	API key logging Description: The SendGrid API key, protocol, and from address are printed to stdout in plaintext, potentially exposing sensitive credentials in logs, console output, or CI/CD pipelines. config.rs [38-41] Referred Code println!("SendGrid Configuration:"); println!(" API Key: {}", api_key); println!(" Protocol: {:?}", protocol); println!(" From Address: {}", from_address);
⚪	Sensitive credential exposure Description: The SENDGRID_API_KEY secret is exposed in test environment variables with a fallback to a hardcoded dummy value, which could lead to accidental use of real credentials in CI logs or test outputs if the secret is set. ci.yml [75-75] Referred Code SENDGRID_API_KEY: ${{ secrets.SENDGRID_API_KEY || 'dummy_key_for_ci_testing' }} EMAIL_FROM_ADDRESS: ci-test@example.com
Ticket Compliance
⚪	🎫 No ticket provided Create ticket/issue
Codebase Duplication Compliance
⚪	Codebase context is not defined Follow the guide to enable codebase context checks.
Custom Compliance
🟢	Generic: Comprehensive Audit Trails Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Meaningful Naming and Self-Documenting Code Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Robust Error Handling and Edge Case Management Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
🔴	Generic: Secure Error Handling Objective: To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. Status: API Key Exposure: The SendGrid API key is printed to stdout in plaintext, exposing sensitive credentials in logs Referred Code println!("SendGrid Configuration:"); println!(" API Key: {}", api_key); Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Logging Practices Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. Status: Sensitive Data Logging: The API key is logged to stdout, exposing sensitive credentials that should never appear in logs Referred Code println!("SendGrid Configuration:"); println!(" API Key: {}", api_key); Learn more about managing compliance generic rules or creating your own custom rules
⚪	Generic: Security-First Input Validation and Data Handling Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities Status: Hardcoded Fallback Credential: A fallback dummy API key is provided in the CI workflow which may mask missing credential validation Referred Code SENDGRID_API_KEY: ${{ secrets.SENDGRID_API_KEY || 'dummy_key_for_ci_testing' }} EMAIL_FROM_ADDRESS: ci-test@example.com Learn more about managing compliance generic rules or creating your own custom rules
Update

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

[qodo-free-for-open-source-projects]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
General	Install stable version of cross-compilation tool Install the cross tool from crates.io (cargo install cross) instead of from its git repository to ensure a stable version is used in the release workflow. .github/workflows/release.yml [83-85] - name: Install cross (if needed) if: matrix.use-cross - run: cargo install cross --git https://github.com/cross-rs/cross + run: cargo install cross Apply / Chat Suggestion importance[1-10]: 7 __ Why: This is a valid and important suggestion that improves the reliability of the release workflow by avoiding potentially unstable code from the master branch of a dependency.	Medium
	Pin action to a stable version To improve workflow stability, change the dtolnay/rust-toolchain action version from @master to @stable in the test job. .github/workflows/ci.yml [58-61] - name: Install Rust toolchain - uses: dtolnay/rust-toolchain@master + uses: dtolnay/rust-toolchain@stable with: toolchain: ${{ matrix.rust }} Apply / Chat Suggestion importance[1-10]: 6 __ Why: The suggestion correctly identifies the use of @master as a potential source of instability in the CI workflow and recommends pinning to @stable, which is a best practice for reproducibility.	Low
Update