ci: add Rust lint/test workflows, pin MSRV, and refresh README badges

[digitalghost-dev]

Summary by CodeRabbit

• New Features

  • Improved release packaging so installed Homebrew binaries now include both the CLI and the caching tool.

• Tests

  • Added automated Rust formatting, linting, and test checks for changes in the services area.

• Documentation

  • Updated installation guidance, badges, and service diagrams for clearer setup and project status information.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[coderabbitai]

📝 Walkthrough

Walkthrough

Two new GitHub Actions workflows are added for Rust linting (clippy + rustfmt) and testing, both scoped to services/**. The services crate gains a minimum Rust version pin. The GoReleaser Homebrew cask now enumerates both released binaries. README badges, Homebrew installation copy, verification commands, and Linux package table are updated, and services diagram images are refreshed.

Changes

Rust CI Setup

Layer / File(s)	Summary
Rust lint and test CI workflows .github/workflows/rust_lint.yml, .github/workflows/rust_test.yml	Adds rust_lint.yml (clippy with -D warnings, cargo fmt --check) and rust_test.yml (cargo test), both triggered on pull requests affecting services/** and running in the services working directory.
Minimum Rust version services/Cargo.toml	Adds rust-version = "1.86" to the [package] section, declaring the crate's minimum supported toolchain.

Docs and Release Config

Layer / File(s)	Summary
GoReleaser cask binaries and README updates .goreleaser.yml, README.md	Adds poke-cli and poke-cache to the homebrew_casks binaries list; updates README header badges (adds downloads, Docker pulls, release status; removes prior CI badge); expands Homebrew section to mention both binaries; changes verification example from poke-cli -v to poke-cli; removes Alpine apk row from the Linux packages table.
services/README diagram images services/README.md	Inserts a new embedded diagram image for the Rust caching service and replaces the aggregation service diagram image URL and alt text.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐇 Two new workflows hop into place,
clippy and fmt run in the race.
A cask now knows both binaries well,
the README badges have a new tale to tell.
With rust-version pinned and diagrams bright,
every commit checks out just right! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly summarizes the main CI and docs changes, including Rust workflows, MSRV pinning, and README badge updates.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch ci-edits

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (3)

.github/workflows/rust_test.yml (1)

9-14: 🔒 Security & Privacy | 🔵 Trivial | ⚡ Quick win

Add an explicit least-privilege permissions block.

Unlike rust_lint.yml, this workflow omits a top-level permissions block, so the GITHUB_TOKEN falls back to the repository/organization default, which is often broader than this test job needs. Pin it to read-only for consistency and least privilege.

🔒 Proposed permissions block

       - 'services/**'

+permissions:
+  contents: read
+
 jobs:
   tests:

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/rust_test.yml around lines 9 - 14, The tests workflow is
missing an explicit top-level permissions policy, so the GITHUB_TOKEN may
inherit broader defaults than needed; add a least-privilege permissions block to
the workflow alongside jobs: tests, matching the read-only posture used in
rust_lint.yml and keeping the scope minimal for this test job.

services/Cargo.toml (1)

5-5: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low value

MSRV is declared but not enforced in CI.

rust-version = "1.86" sets the minimum supported Rust, but both new workflows build/test with dtolnay/rust-toolchain@stable. Code that compiles on latest stable but uses APIs newer than 1.86 would pass CI yet break the declared MSRV. Consider pinning the toolchain to @1.86 (or adding a dedicated MSRV job) if you intend to guarantee this floor.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@services/Cargo.toml` at line 5, The declared MSRV in Cargo.toml is not being
enforced by CI because the new workflows use dtolnay/rust-toolchain@stable.
Update the workflow toolchain setup to pin to 1.86, or add a separate MSRV job
that builds/tests with 1.86, so the CI checks match the rust-version field and
catch newer-API usage. Focus on the workflow/toolchain configuration rather than
the crate code itself.

.github/workflows/rust_lint.yml (1)

21-25: 🔒 Security & Privacy | 🔵 Trivial

Pin workflow actions to SHAs
actions/checkout@v6 and dtolnay/rust-toolchain@stable are mutable refs. Pinning them to commit SHAs would harden the workflow against supply-chain tampering.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/rust_lint.yml around lines 21 - 25, The workflow uses
mutable action references in the Checkout and Set up Rust steps, so update the
rust_lint workflow to pin actions/checkout and dtolnay/rust-toolchain to fixed
commit SHAs instead of version tags or stable refs. Keep the existing step names
and behavior, but replace the reusable refs in those two actions with their
exact SHA-pinned equivalents so the workflow is hardened against supply-chain
tampering.

Source: Linters/SAST tools

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@README.md`:
- Line 11: The README heading uses the non-canonical spelling, so update the
top-level title text from Pokemon CLI to Pokémon CLI for consistent project
naming.

---

Nitpick comments:
In @.github/workflows/rust_lint.yml:
- Around line 21-25: The workflow uses mutable action references in the Checkout
and Set up Rust steps, so update the rust_lint workflow to pin actions/checkout
and dtolnay/rust-toolchain to fixed commit SHAs instead of version tags or
stable refs. Keep the existing step names and behavior, but replace the reusable
refs in those two actions with their exact SHA-pinned equivalents so the
workflow is hardened against supply-chain tampering.

In @.github/workflows/rust_test.yml:
- Around line 9-14: The tests workflow is missing an explicit top-level
permissions policy, so the GITHUB_TOKEN may inherit broader defaults than
needed; add a least-privilege permissions block to the workflow alongside jobs:
tests, matching the read-only posture used in rust_lint.yml and keeping the
scope minimal for this test job.

In `@services/Cargo.toml`:
- Line 5: The declared MSRV in Cargo.toml is not being enforced by CI because
the new workflows use dtolnay/rust-toolchain@stable. Update the workflow
toolchain setup to pin to 1.86, or add a separate MSRV job that builds/tests
with 1.86, so the CI checks match the rust-version field and catch newer-API
usage. Focus on the workflow/toolchain configuration rather than the crate code
itself.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: fd01a15e-a014-48ae-aa6c-09f3b8fd5a93

📥 Commits

Reviewing files that changed from the base of the PR and between 8b4d4c3 and 84debab.

📒 Files selected for processing (6)

• .github/workflows/rust_lint.yml
• .github/workflows/rust_test.yml
• .goreleaser.yml
• README.md
• services/Cargo.toml
• services/README.md