mirror of
https://github.com/rustic-rs/rustic.git
synced 2025-10-26 11:18:51 +00:00
48857246a1
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/checkout](https://togithub.com/actions/checkout) | action | digest | `b4ffde6` -> `692973e` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Never, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/rustic-rs/rustic). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MjAuMSIsInVwZGF0ZWRJblZlciI6IjM3LjQyMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJBLWRlcGVuZGVuY2llcyJdfQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: simonsan <14062932+simonsan@users.noreply.github.com>
64 lines
1.8 KiB
YAML
64 lines
1.8 KiB
YAML
name: Security audit
|
|
|
|
on:
|
|
pull_request:
|
|
schedule:
|
|
# Runs at 00:00 UTC everyday
|
|
- cron: "0 0 * * *"
|
|
push:
|
|
paths:
|
|
- "**/Cargo.toml"
|
|
- "**/Cargo.lock"
|
|
- "crates/**/Cargo.toml"
|
|
- "crates/**/Cargo.lock"
|
|
merge_group:
|
|
types: [checks_requested]
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
|
|
cancel-in-progress: true
|
|
|
|
jobs:
|
|
audit:
|
|
if: ${{ github.repository_owner == 'rustic-rs' }}
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
|
|
# Ensure that the latest version of Cargo is installed
|
|
- name: Install Rust toolchain
|
|
uses: dtolnay/rust-toolchain@1482605bfc5719782e1267fd0c0cc350fe7646b8 # v1
|
|
with:
|
|
toolchain: stable
|
|
- uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84 # v2
|
|
- uses: rustsec/audit-check@dd51754d4e59da7395a4cd9b593f0ff2d61a9b95 # v1.4.1
|
|
with:
|
|
token: ${{ secrets.GITHUB_TOKEN }}
|
|
ignore: RUSTSEC-2023-0071 # rsa thingy, ignored for now
|
|
|
|
cargo-deny:
|
|
name: Run cargo-deny
|
|
if: ${{ github.repository_owner == 'rustic-rs' }}
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
|
|
|
|
- uses: EmbarkStudios/cargo-deny-action@2fad0807be2b6f4402fd9dd4225aa4e91b9ad879 # v1
|
|
with:
|
|
command: check bans licenses sources
|
|
|
|
result:
|
|
if: ${{ github.repository_owner == 'rustic-rs' }}
|
|
name: Result (Audit)
|
|
runs-on: ubuntu-latest
|
|
needs:
|
|
- audit
|
|
- cargo-deny
|
|
steps:
|
|
- name: Mark the job as successful
|
|
run: exit 0
|
|
if: success()
|
|
- name: Mark the job as unsuccessful
|
|
run: exit 1
|
|
if: "!success()"
|