mirror of
https://github.com/rustic-rs/rustic.git
synced 2025-10-26 11:18:51 +00:00
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [MarcoIeni/release-plz-action](https://redirect.github.com/MarcoIeni/release-plz-action) | action | digest | `ede2f28` -> `394e0e4` | | [actions/checkout](https://redirect.github.com/actions/checkout) | action | digest | `eef6144` -> `11bd719` | --- ### Configuration 📅 **Schedule**: Branch creation - "before 4am on Monday" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Never, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/rustic-rs/rustic). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4xMjAuMSIsInVwZGF0ZWRJblZlciI6IjM4LjEyMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJBLWNpIl19--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
64 lines
1.8 KiB
YAML
64 lines
1.8 KiB
YAML
name: Security audit
|
|
|
|
on:
|
|
pull_request:
|
|
schedule:
|
|
# Runs at 00:00 UTC everyday
|
|
- cron: "0 0 * * *"
|
|
push:
|
|
paths:
|
|
- "**/Cargo.toml"
|
|
- "**/Cargo.lock"
|
|
- "crates/**/Cargo.toml"
|
|
- "crates/**/Cargo.lock"
|
|
merge_group:
|
|
types: [checks_requested]
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
|
|
cancel-in-progress: true
|
|
|
|
jobs:
|
|
audit:
|
|
if: ${{ github.repository_owner == 'rustic-rs' }}
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
|
|
# Ensure that the latest version of Cargo is installed
|
|
- name: Install Rust toolchain
|
|
uses: dtolnay/rust-toolchain@1482605bfc5719782e1267fd0c0cc350fe7646b8 # v1
|
|
with:
|
|
toolchain: stable
|
|
- uses: Swatinem/rust-cache@82a92a6e8fbeee089604da2575dc567ae9ddeaab # v2
|
|
- uses: rustsec/audit-check@69366f33c96575abad1ee0dba8212993eecbe998 # v2.0.0
|
|
with:
|
|
token: ${{ secrets.GITHUB_TOKEN }}
|
|
ignore: RUSTSEC-2023-0071 # rsa thingy, ignored for now
|
|
|
|
cargo-deny:
|
|
name: Run cargo-deny
|
|
if: ${{ github.repository_owner == 'rustic-rs' }}
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
|
|
|
|
- uses: EmbarkStudios/cargo-deny-action@8371184bd11e21dcf8ac82ebf8c9c9f74ebf7268 # v2
|
|
with:
|
|
command: check bans licenses sources
|
|
|
|
result:
|
|
if: ${{ github.repository_owner == 'rustic-rs' }}
|
|
name: Result (Audit)
|
|
runs-on: ubuntu-latest
|
|
needs:
|
|
- audit
|
|
- cargo-deny
|
|
steps:
|
|
- name: Mark the job as successful
|
|
run: exit 0
|
|
if: success()
|
|
- name: Mark the job as unsuccessful
|
|
run: exit 1
|
|
if: "!success()"
|