ci: update CI workflows for Rust project

- add new Cargo Build & Test workflow with lint, security audit, and multi-toolchain build/test jobs
- add new Release Crates workflow for automated publishing to crates.io on tags and GitHub releases
- remove outdated rust.yml and release.yml workflows to consolidate CI configurations
- update ghcr.yml to use checkout action v5 for compatibility
- align all workflows with current best practices for CI/CD automation

Signed-off-by: mingcheng <[email protected]>

Author: mingcheng

.github/workflows/cargo.yml

@@ -0,0 +1,122 @@
+#!#
+# Copyright (c) 2025 Hangzhou Guanwaii Technology Co., Ltd.
+#
+# This source code is licensed under the MIT License,
+# which is located in the LICENSE file in the source tree's root directory.
+#
+# File: rust.yml
+# Author: mingcheng <[email protected]>
+# File Created: 2025-03-05 11:10:40
+#
+# Modified By: mingcheng <[email protected]>
+# Last Modified: 2025-10-22 00:33:40
+##
+
+name: Cargo Build & Test
+
+on:
+  push:
+    branches:
+      - main
+      - master
+      - develop
+      - "feature/**"
+  pull_request:
+    branches:
+      - main
+      - master
+      - develop
+  workflow_dispatch:
+
+env:
+  CARGO_TERM_COLOR: always
+  RUST_BACKTRACE: 1
+
+jobs:
+  # Code quality checks (clippy and rustfmt)
+  lint:
+    name: Lint (clippy & rustfmt)
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - name: Install Rust
+        uses: dtolnay/rust-toolchain@stable
+        with:
+          toolchain: stable
+
+      - name: Rust cache
+        uses: Swatinem/rust-cache@v2
+        with:
+          cache-on-failure: true
+
+      - name: Run cargo fmt check
+        run: cargo fmt --all -- --check
+
+      - name: Run cargo clippy
+        run: cargo clippy --all-targets --all-features -- -D warnings
+
+  # Security audit
+  security_audit:
+    name: Security Audit
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - name: Install Rust
+        uses: dtolnay/rust-toolchain@stable
+        with:
+          toolchain: stable
+
+      - name: Rust cache
+        uses: Swatinem/rust-cache@v2
+        with:
+          cache-on-failure: true
+
+      - name: Install cargo-audit
+        run: cargo install cargo-audit --locked
+
+      - name: Run cargo audit
+        run: cargo audit
+
+  # Build and test on stable/beta/nightly
+  build_and_test:
+    name: Build & Test (${{ matrix.toolchain }})
+    runs-on: ubuntu-latest
+    needs:
+      - lint
+      - security_audit
+    strategy:
+      fail-fast: false
+      matrix:
+        toolchain:
+          - stable
+          - beta
+          - nightly
+    continue-on-error: ${{ matrix.toolchain == 'nightly' }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v5
+
+      - name: Setup Rust toolchain (${{ matrix.toolchain }})
+        uses: dtolnay/rust-toolchain@stable
+        with:
+          toolchain: ${{ matrix.toolchain }}
+
+      - name: Rust cache
+        uses: Swatinem/rust-cache@v2
+        with:
+          cache-on-failure: true
+
+      - name: Show Rust version
+        run: |
+          rustc --version
+          cargo --version
+
+      - name: Run tests
+        run: cargo test --all --locked
+
+      - name: Verify package can be built
+        run: cargo package --locked --allow-dirty

.github/workflows/release.yml renamed to .github/workflows/crates.yml

@@ -25,28 +25,10 @@ jobs:
         with:
           toolchain: stable
 
-      - name: Cache Cargo dependencies
-        uses: actions/cache@v4
+      - name: Rust cache
+        uses: Swatinem/rust-cache@v2
         with:
-          path: |
-            ~/.cargo/registry
-            ~/.cargo/git
-            target
-          key: ${{ runner.os }}-cargo-release-${{ hashFiles('**/Cargo.lock') }}
-          restore-keys: |
-            ${{ runner.os }}-cargo-release-
-            ${{ runner.os }}-cargo-
-
-      - name: Verify version matches tag
-        if: github.event_name == 'push'
-        run: |
-          TAG_VERSION="${GITHUB_REF#refs/tags/v}"
-          CARGO_VERSION=$(grep -m1 '^version' Cargo.toml | sed 's/.*"\(.*\)".*/\1/')
-          if [ "$TAG_VERSION" != "$CARGO_VERSION" ]; then
-            echo "❌ Tag version ($TAG_VERSION) does not match Cargo.toml version ($CARGO_VERSION)"
-            exit 1
-          fi
-          echo "✅ Version check passed: $TAG_VERSION"
+          cache-on-failure: true
 
       - name: Run tests
         run: cargo test --all --locked

.github/workflows/ghcr.yml

@@ -26,7 +26,7 @@ jobs:
       id-token: write
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3