mirror of
https://github.com/rustic-rs/rustic.git
synced 2025-10-26 11:18:51 +00:00
85c350972c
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [EmbarkStudios/cargo-deny-action](https://redirect.github.com/EmbarkStudios/cargo-deny-action) | action | major | `v1` -> `v2` | --- ### Release Notes <details> <summary>EmbarkStudios/cargo-deny-action (EmbarkStudios/cargo-deny-action)</summary> ### [`v2`](https://redirect.github.com/EmbarkStudios/cargo-deny-action/compare/v1...v2) [Compare Source](https://redirect.github.com/EmbarkStudios/cargo-deny-action/compare/v1...v2) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Never, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/rustic-rs/rustic). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC45NC4zIiwidXBkYXRlZEluVmVyIjoiMzguOTQuMyIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiQS1kZXBlbmRlbmNpZXMiXX0=--> --------- Signed-off-by: simonsan <14062932+simonsan@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: simonsan <14062932+simonsan@users.noreply.github.com>
64 lines
1.8 KiB
YAML
64 lines
1.8 KiB
YAML
name: Security audit
|
|
|
|
on:
|
|
pull_request:
|
|
schedule:
|
|
# Runs at 00:00 UTC everyday
|
|
- cron: "0 0 * * *"
|
|
push:
|
|
paths:
|
|
- "**/Cargo.toml"
|
|
- "**/Cargo.lock"
|
|
- "crates/**/Cargo.toml"
|
|
- "crates/**/Cargo.lock"
|
|
merge_group:
|
|
types: [checks_requested]
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
|
|
cancel-in-progress: true
|
|
|
|
jobs:
|
|
audit:
|
|
if: ${{ github.repository_owner == 'rustic-rs' }}
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
|
|
# Ensure that the latest version of Cargo is installed
|
|
- name: Install Rust toolchain
|
|
uses: dtolnay/rust-toolchain@1482605bfc5719782e1267fd0c0cc350fe7646b8 # v1
|
|
with:
|
|
toolchain: stable
|
|
- uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84 # v2
|
|
- uses: rustsec/audit-check@69366f33c96575abad1ee0dba8212993eecbe998 # v2.0.0
|
|
with:
|
|
token: ${{ secrets.GITHUB_TOKEN }}
|
|
ignore: RUSTSEC-2023-0071 # rsa thingy, ignored for now
|
|
|
|
cargo-deny:
|
|
name: Run cargo-deny
|
|
if: ${{ github.repository_owner == 'rustic-rs' }}
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
|
|
|
|
- uses: EmbarkStudios/cargo-deny-action@8371184bd11e21dcf8ac82ebf8c9c9f74ebf7268 # v2
|
|
with:
|
|
command: check bans licenses sources
|
|
|
|
result:
|
|
if: ${{ github.repository_owner == 'rustic-rs' }}
|
|
name: Result (Audit)
|
|
runs-on: ubuntu-latest
|
|
needs:
|
|
- audit
|
|
- cargo-deny
|
|
steps:
|
|
- name: Mark the job as successful
|
|
run: exit 0
|
|
if: success()
|
|
- name: Mark the job as unsuccessful
|
|
run: exit 1
|
|
if: "!success()"
|