chore: Update CI and repo structure

.editorconfig

@@ -0,0 +1,32 @@
+# EditorConfig helps developers define and maintain consistent
+# coding styles between different editors and IDEs
+# editorconfig.org
+
+root = true
+
+[*]
+charset = utf-8
+end_of_line = lf
+indent_size = 4
+indent_style = space
+insert_final_newline = true
+max_line_length = 100
+trim_trailing_whitespace = true
+
+[*.md]
+indent_size = unset
+max_line_length = 150
+
+[{*.yml,*.yaml,*.toml}]
+indent_size = 2
+max_line_length = 150
+
+# Ignore paths
+[{.git/**/*,**/*.lock,LICENSE}]
+charset = unset
+end_of_line = unset
+indent_size = unset
+indent_style = unset
+insert_final_newline = unset
+max_line_length = unset
+trim_trailing_whitespace = unset

.github/dependabot.yml

@@ -0,0 +1,30 @@
+# Documentation for all configuration options:
+# https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
+
+version: 2
+updates:
+  - package-ecosystem: "cargo"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "sunday"
+    commit-message:
+      prefix: "fix"
+      prefix-development: "chore"
+      include: "scope"
+    groups:
+      cargo-minor-and-patch-dependencies:
+        update-types:
+          - "minor"
+          - "patch"
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "monthly"
+    commit-message:
+      prefix: "chore"
+      include: "scope"
+    groups:
+      github-actions-all:
+        patterns: ["*"]

.github/workflows/code.yml

@@ -0,0 +1,168 @@
+name: Code
+
+on:
+  # Run workflow on every PR.
+  pull_request:
+  # Run workflow on the main branch after every merge.
+  # This is important to fill the GitHub Actions cache in a way that PRs can see it.
+  push:
+    branches:
+      - main
+  # Run workflow on the main branch every Sunday.
+  schedule:
+    - cron: "14 3 * * 0"
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
+env:
+  CARGO_TERM_COLOR: always
+  CLICOLOR_FORCE: 1
+  # Incremental compilation is useful as part of an edit-build-test-edit cycle, as it lets the
+  # compiler avoid recompiling code that hasn't changed. The setting does not improve the current
+  # compilation but instead saves additional information to speed up future compilations (see
+  # https://doc.rust-lang.org/cargo/reference/profiles.html#incremental). Thus, this is only useful
+  # in CI if the result is cached, which we only do on the `main` branch.
+  CARGO_INCREMENTAL: ${{ github.ref == 'refs/heads/main' && '1' || '0' }}
+  # Allow more retries for network requests in cargo (downloading crates) and
+  # rustup (installing toolchains). This should help to reduce flaky CI failures
+  # from transient network timeouts or other issues.
+  CARGO_NET_RETRY: 10
+  RUSTUP_MAX_RETRIES: 10
+  # Don't emit giant backtraces in the CI logs.
+  RUST_BACKTRACE: short
+  RUSTDOCFLAGS: -D warnings
+
+jobs:
+  diff:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: read
+    steps:
+      - uses: actions/checkout@v4
+      - name: Detect Changes
+        uses: dorny/paths-filter@v3.0.2
+        id: diff
+        with:
+          filters: |
+            - 'crates/**'
+            - 'Cargo.toml'
+            - 'Cargo.lock'
+            - 'rust-toolchain'
+            - 'deny.toml'
+            - '.github/workflows/code.yml'
+
+  dependencies:
+    name: Check dependencies
+    needs: diff
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: EmbarkStudios/cargo-deny-action@v1.6.3
+        with:
+          # do not check advisories on PRs to prevent sudden failure due to new announcement
+          command: check bans licenses sources
+
+  dependencies-schedule:
+    name: Check dependencies (including vulnerabilities)
+    needs: diff
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: EmbarkStudios/cargo-deny-action@v1.6.3
+
+  test-coverage:
+    name: Run all Rust tests and report coverage
+    needs: diff
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: write
+    env:
+      RUSTC_BOOTSTRAP: 1
+    steps:
+      - uses: actions/checkout@v4
+      - uses: Swatinem/rust-cache@v2.7.3
+        with:
+          save-if: ${{ github.ref == 'refs/heads/main' && 'true' || 'false' }}
+      - run: cargo install cargo-tarpaulin@0.30.0
+      - name: Run tests and record coverage
+        run: cargo tarpaulin
+        shell: bash
+      - name: Upload coverage report
+        uses: actions/upload-artifact@v4
+        with:
+          name: Coverage report
+          path: tarpaulin-report.html
+      - name: Code-coverage report
+        uses: irongut/CodeCoverageSummary@v1.3.0
+        with:
+          filename: cobertura.xml
+          badge: true
+          fail_below_min: false
+          format: markdown
+          hide_branch_rate: false
+          hide_complexity: true
+          indicators: true
+          output: both
+          thresholds: "50 75"
+      - name: Add coverage PR comment
+        uses: marocchino/sticky-pull-request-comment@v2
+        if: ${{ github.event_name == 'pull_request' && github.actor != 'dependabot[bot]' }}
+        with:
+          path: code-coverage-results.md
+
+  lint:
+    name: Lint Rust code
+    needs: diff
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: Swatinem/rust-cache@v2.7.3
+        with:
+          save-if: ${{ github.ref == 'refs/heads/main' && 'true' || 'false' }}
+      - run: cargo install cargo-sort@1.0.9
+
+      - name: Check formatting with rustfmt
+        run: >
+          cargo fmt --all -- --check
+          --config group_imports=StdExternalCrate,imports_granularity=Crate,imports_layout=HorizontalVertical
+      - name: Check sorting of dependencies
+        run: cargo sort -w -c
+      - name: Lint using clippy (w/o tests)
+        run: cargo clippy --all-features --no-deps -- -D warnings
+      - name: Lint using clippy (w/ tests)
+        run: cargo clippy --all-features --tests --no-deps -- -D warnings
+      - name: Check documentation
+        run: cargo doc --no-deps --workspace
+
+  build:
+    name: Build Rust code
+    needs: diff
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: Swatinem/rust-cache@v2.7.3
+        with:
+          save-if: ${{ github.ref == 'refs/heads/main' && 'true' || 'false' }}
+      - name: Build Rust code
+        run: cargo build --verbose
+
+  check-all:
+    name: Check if all code checks succeeded
+    if: always()
+    needs:
+      - diff
+      - dependencies
+      - test-coverage
+      - lint
+      - build
+    runs-on: ubuntu-latest
+    steps:
+      - name: Decide whether all needed jobs succeeded
+        uses: re-actors/alls-green@v1.2.2
+        with:
+          allowed-skips: ${{ toJSON(needs) }}
+          jobs: ${{ toJSON(needs) }}

.github/workflows/lint.yml

@@ -0,0 +1,60 @@
+name: Lint
+
+on: [pull_request]
+
+permissions:
+  contents: read
+
+jobs:
+  pr-title:
+    runs-on: ubuntu-latest
+    name: Check PR title format
+    permissions:
+      contents: read
+      pull-requests: read
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Check PR title
+        uses: amannn/action-semantic-pull-request@v5.5.2
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  editorconfig:
+    runs-on: ubuntu-latest
+    name: Check editorconfig
+    steps:
+      - uses: actions/checkout@v4
+      - run: pip install editorconfig-checker=="2.7.3"
+      - run: ec
+
+  typos:
+    runs-on: ubuntu-latest
+    name: Check spelling
+    steps:
+      - uses: actions/checkout@v4
+      - uses: crate-ci/typos@v1.21.0
+
+  license-headers:
+    runs-on: ubuntu-latest
+    name: Check license headers
+    steps:
+      - uses: actions/checkout@v4
+      - run: cargo install licensesnip@1.5.0
+      - run: licensesnip check
+
+  check-all:
+    name: Check if all lint jobs succeeded
+    if: always()
+    needs:
+      - pr-title
+      - editorconfig
+      - typos
+      - license-headers
+    runs-on: ubuntu-latest
+    steps:
+      - name: Decide whether all needed jobs succeeded
+        uses: re-actors/alls-green@v1.2.2
+        with:
+          jobs: ${{ toJSON(needs) }}

.github/workflows/releases.yml

@@ -0,0 +1,77 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - "v[0-9]+.[0-9]+.[0-9]+"
+
+permissions:
+  contents: write
+
+jobs:
+  release:
+    name: Release
+    runs-on: ${{ matrix.os }}
+
+    strategy:
+      matrix:
+        include:
+          - build: linux
+            os: ubuntu-latest
+            target: x86_64-unknown-linux-musl
+
+          - build: macos
+            os: macos-latest
+            target: aarch64-apple-darwin
+
+          - build: windows-gnu
+            os: windows-latest
+            target: x86_64-pc-windows-msvc
+
+    steps:
+      - name: Clone the repository
+        uses: actions/checkout@v4
+
+      - name: Install Rust
+        uses: dtolnay/rust-toolchain@stable
+        with:
+          targets: ${{ matrix.target }}
+
+      - name: Get the release version from the tag
+        shell: bash
+        run: echo "VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
+
+      - name: Build the binaries
+        uses: actions-rs/cargo@v1
+        with:
+          use-cross: true
+          command: build
+          args: --verbose --release --target ${{ matrix.target }}
+
+      - name: Build archive
+        shell: bash
+        run: |
+          binary_name="mysticeti"
+
+          dirname="$binary_name-${{ matrix.target }}"
+          mkdir "$dirname"
+          if [ "${{ matrix.os }}" = "windows-latest" ]; then
+            mv "target/${{ matrix.target }}/release/$binary_name.exe" "$dirname"
+          else
+            mv "target/${{ matrix.target }}/release/$binary_name" "$dirname"
+          fi
+
+          if [ "${{ matrix.os }}" = "windows-latest" ]; then
+            7z a "$dirname.zip" "$dirname"
+            echo "ASSET=$dirname.zip" >> $GITHUB_ENV
+          else
+            tar -czf "$dirname.tar.gz" "$dirname"
+            echo "ASSET=$dirname.tar.gz" >> $GITHUB_ENV
+          fi
+
+      - name: Upload the binaries
+        uses: softprops/action-gh-release@v2.0.5
+        with:
+          generate_release_notes: true
+          files: |
+            ${{ env.ASSET }}