Fix failing GitHub workflows and optimize for speed

.claude/settings.local.json

@@ -1,15 +1,21 @@
-{
-  "permissions": {
-    "allow": [
-      "Bash(git merge:*)",
-      "Bash(dotnet build:*)",
-      "Bash(cat:*)",
-      "Bash(dotnet test:*)",
-      "Bash(VSTEST_CONNECTION_TIMEOUT=180 dotnet test:*)",
-      "Bash(export VSTEST_CONNECTION_TIMEOUT=180)",
-      "Bash(find:*)"
-    ],
-    "deny": [],
-    "ask": []
-  }
-}
+{
+  "permissions": {
+    "allow": [
+      "Bash(git merge:*)",
+      "Bash(dotnet build:*)",
+      "Bash(cat:*)",
+      "Bash(dotnet test:*)",
+      "Bash(VSTEST_CONNECTION_TIMEOUT=180 dotnet test:*)",
+      "Bash(export VSTEST_CONNECTION_TIMEOUT=180)",
+      "Bash(find:*)",
+      "Bash(xargs ls:*)",
+      "Bash(gh run view:*)",
+      "Bash(cargo fmt:*)",
+      "Bash(cargo check:*)",
+      "Bash(git checkout:*)",
+      "Bash(git add:*)"
+    ],
+    "deny": [],
+    "ask": []
+  }
+}

.github/workflows/dotnet.yml

@@ -1,50 +1,73 @@
-# This workflow will build and test .NET projects
+# .NET Build and Test workflow
+# Optimized with matrix strategy and path-based triggers
 
 name: .NET
 
 on:
   push:
     branches: ["main"]
+    paths:
+      - 'src/adguard-api-dotnet/**'
+      - 'src/rules-compiler-dotnet/**'
+      - '.github/workflows/dotnet.yml'
   pull_request:
     branches: ["main"]
+    paths:
+      - 'src/adguard-api-dotnet/**'
+      - 'src/rules-compiler-dotnet/**'
+      - '.github/workflows/dotnet.yml'
+
+env:
+  DOTNET_NOLOGO: true
+  DOTNET_CLI_TELEMETRY_OPTOUT: true
+  DOTNET_SKIP_FIRST_TIME_EXPERIENCE: true
 
 jobs:
-  build-api-client:
-    name: Build API Client
+  build:
+    name: ${{ matrix.name }}
     runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - name: Build API Client
+            path: src/adguard-api-dotnet
+            solution: AdGuard.ApiClient.slnx
+            filter: "FullyQualifiedName!~Integration"
+          - name: Build Rules Compiler
+            path: src/rules-compiler-dotnet
+            solution: RulesCompiler.slnx
+            filter: ""
+
     defaults:
       run:
-        working-directory: ./src/adguard-api-dotnet
+        working-directory: ${{ matrix.path }}
 
     steps:
       - uses: actions/checkout@v4
+
       - name: Setup .NET
         uses: actions/setup-dotnet@v4
         with:
           dotnet-version: 10.0.x
-      - name: Restore dependencies
-        run: dotnet restore AdGuard.ApiClient.slnx
-      - name: Build
-        run: dotnet build AdGuard.ApiClient.slnx --no-restore
-      - name: Test
-        run: dotnet test AdGuard.ApiClient.slnx --no-build --verbosity normal --filter "FullyQualifiedName!~Integration"
-
-  build-rules-compiler:
-    name: Build Rules Compiler
-    runs-on: ubuntu-latest
-    defaults:
-      run:
-        working-directory: ./src/rules-compiler-dotnet
 
-    steps:
-      - uses: actions/checkout@v4
-      - name: Setup .NET
-        uses: actions/setup-dotnet@v4
+      - name: Cache NuGet packages
+        uses: actions/cache@v4
         with:
-          dotnet-version: 10.0.x
+          path: ~/.nuget/packages
+          key: ${{ runner.os }}-nuget-${{ hashFiles('**/*.csproj', '**/*.slnx') }}
+          restore-keys: ${{ runner.os }}-nuget-
+
       - name: Restore dependencies
-        run: dotnet restore RulesCompiler.slnx
+        run: dotnet restore ${{ matrix.solution }}
+
       - name: Build
-        run: dotnet build RulesCompiler.slnx --no-restore
+        run: dotnet build ${{ matrix.solution }} --no-restore -c Release
+
       - name: Test
-        run: dotnet test RulesCompiler.slnx --no-build --verbosity normal
+        run: |
+          if [ -n "${{ matrix.filter }}" ]; then
+            dotnet test ${{ matrix.solution }} --no-build -c Release --verbosity normal --filter "${{ matrix.filter }}"
+          else
+            dotnet test ${{ matrix.solution }} --no-build -c Release --verbosity normal
+          fi

.github/workflows/rust-clippy.yml

@@ -1,46 +1,55 @@
+# Rust Build, Test and Security Analysis workflow
+# Optimized with better caching, path-based triggers, and consolidated jobs
+
 name: Rust CI
 
 on:
   push:
-    branches: [ "main" ]
+    branches: ["main"]
+    paths:
+      - 'src/rules-compiler-rust/**'
+      - 'src/adguard-validation/**'
+      - 'Cargo.toml'
+      - 'Cargo.lock'
+      - '.github/workflows/rust-clippy.yml'
   pull_request:
-    branches: [ "main" ]
+    branches: ["main"]
+    paths:
+      - 'src/rules-compiler-rust/**'
+      - 'src/adguard-validation/**'
+      - 'Cargo.toml'
+      - 'Cargo.lock'
+      - '.github/workflows/rust-clippy.yml'
   schedule:
-    - cron: '24 0 * * 6'
+    - cron: '24 0 * * 6'  # Weekly security scan on Saturday
+
+env:
+  CARGO_TERM_COLOR: always
+  CARGO_INCREMENTAL: 0
+  RUST_BACKTRACE: short
 
 jobs:
-  rust-workspace-build-and-test:
-    name: Build and Test Rust Workspace
+  build-and-test:
+    name: Build and Test
     runs-on: ubuntu-latest
     steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0  # Full history needed for analysis
+      - uses: actions/checkout@v4
 
       - name: Install Rust toolchain
         uses: actions-rust-lang/setup-rust-toolchain@v1
         with:
-          toolchain: "1.83"
+          toolchain: stable
           components: rustfmt, clippy
 
-      - name: Cache cargo registry
-        uses: actions/cache@v4
-        with:
-          path: ~/.cargo/registry
-          key: ${{ runner.os }}-cargo-registry-${{ hashFiles('**/Cargo.lock') }}
-
-      - name: Cache cargo index
+      - name: Cache Cargo
         uses: actions/cache@v4
         with:
-          path: ~/.cargo/git
-          key: ${{ runner.os }}-cargo-index-${{ hashFiles('**/Cargo.lock') }}
-
-      - name: Cache cargo build
-        uses: actions/cache@v4
-        with:
-          path: target
-          key: ${{ runner.os }}-cargo-build-target-${{ hashFiles('**/Cargo.lock') }}
+          path: |
+            ~/.cargo/registry
+            ~/.cargo/git
+            target
+          key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
+          restore-keys: ${{ runner.os }}-cargo-
 
       - name: Check formatting
         run: cargo fmt --all -- --check
@@ -54,39 +63,47 @@ jobs:
       - name: Run clippy
         run: |
           # Run clippy on non-generated packages only
-          # Exclude adguard-api-lib and adguard-api-cli as they are OpenAPI-generated code
-          # Note: Using -W clippy::all instead of -D warnings to allow pedantic/nursery warnings
-          cargo clippy -p rules-compiler -p adguard-validation-core -p adguard-validation-cli --all-features -- -W clippy::all -W clippy::correctness -W clippy::suspicious
+          cargo clippy -p rules-compiler -p adguard-validation-core -p adguard-validation-cli \
+            --all-features -- -W clippy::all -W clippy::correctness -W clippy::suspicious
 
-  rust-clippy-analyze:
-    name: Run rust-clippy security analysis
+  security-analysis:
+    name: Security Analysis
     runs-on: ubuntu-latest
+    if: github.event_name == 'schedule' || github.event_name == 'push'
     permissions:
       contents: read
       security-events: write
       actions: read
+
     steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
+      - uses: actions/checkout@v4
 
       - name: Install Rust toolchain
         uses: actions-rust-lang/setup-rust-toolchain@v1
         with:
-          toolchain: "1.83"
+          toolchain: stable
           components: clippy
 
-      - name: Install required cargo tools
+      - name: Cache Cargo
+        uses: actions/cache@v4
+        with:
+          path: |
+            ~/.cargo/registry
+            ~/.cargo/git
+            target
+          key: ${{ runner.os }}-cargo-security-${{ hashFiles('**/Cargo.lock') }}
+          restore-keys: ${{ runner.os }}-cargo-security-
+
+      - name: Install SARIF tools
         run: cargo install clippy-sarif sarif-fmt
 
-      - name: Run rust-clippy on workspace
+      - name: Run clippy for security analysis
         run: |
-          # Run clippy on non-generated packages only
-          cargo clippy -p rules-compiler -p adguard-validation-core -p adguard-validation-cli --all-features --message-format=json | clippy-sarif | tee rust-clippy-results.sarif | sarif-fmt
+          cargo clippy -p rules-compiler -p adguard-validation-core -p adguard-validation-cli \
+            --all-features --message-format=json | clippy-sarif | tee rust-clippy-results.sarif | sarif-fmt
         continue-on-error: true
 
-      - name: Upload analysis results to GitHub
+      - name: Upload SARIF results
         uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: rust-clippy-results.sarif