Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
GitHub Actions - Rust setup
name: Security audit
on:
push:
paths:
- '**/Cargo.toml'
- '**/Cargo.lock'
jobs:
security_audit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- uses: actions-rs/audit-check@v1
with:
token: ${{ secrets.GITHUB_TOKEN }}
name: Rust
on: [push, pull_request]
env:
CARGO_TERM_COLOR: always
jobs:
test:
name: Test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions-rs/toolchain@v1
with:
profile: minimal
toolchain: stable
override: true
- uses: actions-rs/cargo@v1
with:
command: test
fmt:
name: Rustfmt
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions-rs/toolchain@v1
with:
toolchain: stable
override: true
components: rustfmt
- uses: actions-rs/cargo@v1
with:
command: fmt
args: --all -- --check
clippy:
name: Clippy
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions-rs/toolchain@v1
with:
toolchain: stable
override: true
components: clippy
- uses: actions-rs/clippy-check@v1
with:
token: ${{ secrets.GITHUB_TOKEN }}
args: -- -D warnings
coverage:
name: Code coverage
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v2
- name: Install stable toolchain
uses: actions-rs/toolchain@v1
with:
toolchain: stable
override: true
- name: Run cargo-tarpaulin
uses: actions-rs/tarpaulin@v0.1
with:
args: '--ignore-tests'
name: Security audit
on:
schedule:
- cron: '0 0 * * *'
jobs:
audit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- uses: actions-rs/audit-check@v1
with:
token: ${{ secrets.GITHUB_TOKEN }}
@steelx

This comment has been minimized.

Copy link

@steelx steelx commented Sep 25, 2020

can you also add build step with GCP

@steelx

This comment has been minimized.

Copy link

@steelx steelx commented Sep 25, 2020

@LukeMathWalker

This comment has been minimized.

Copy link
Owner Author

@LukeMathWalker LukeMathWalker commented Sep 25, 2020

Deployment is out of scope for this pipeline.

@cardoe

This comment has been minimized.

Copy link

@cardoe cardoe commented Jan 9, 2021

Any reason not to use:

      - uses: actions-rs/toolchain@v1
        with:
          profile: minimal
          toolchain: stable
          override: true
          components: rustfmt
``` vs the separate call to install rustfmt?
@LukeMathWalker

This comment has been minimized.

Copy link
Owner Author

@LukeMathWalker LukeMathWalker commented Jan 10, 2021

Not really! I'll amend it in the next release 😁

@00-matt

This comment has been minimized.

Copy link

@00-matt 00-matt commented Jan 22, 2021

Instead of running clippy manually, you can use actions-rs/clippy-check, it can annotate the commit or pull request like this:

Screenshot of clippy-check

The job would look something like this:

jobs:
  clippy:
    name: Clippy
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v1
      - uses: actions-rs/toolchain@v1
        with:
            toolchain: stable
            components: clippy
            override: true
      - uses: actions-rs/clippy-check@v1
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
@LukeMathWalker

This comment has been minimized.

Copy link
Owner Author

@LukeMathWalker LukeMathWalker commented Jan 23, 2021

Updated both, thank you!

@kumekay

This comment has been minimized.

Copy link

@kumekay kumekay commented Mar 6, 2021

Two audit configs can be easily combined:

name: Security audit
on:
  push:
    paths:
      - '**/Cargo.toml'
      - '**/Cargo.lock'
  schedule:
    - cron: '0 0 * * *'
jobs:
  audit:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v1
      - uses: actions-rs/audit-check@v1
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
@mattjperez

This comment has been minimized.

Copy link

@mattjperez mattjperez commented Mar 28, 2021

Coming across this error, verified that the secrets are referenced correctly. Only clippy is failing consistently.

image

@00-matt

This comment has been minimized.

Copy link

@00-matt 00-matt commented Mar 29, 2021

@mattjperez Which token are you using? GitHub Actions will create secrets.GITHUB_TOKEN for you at the start of each run (and expire it at the end), it should work fine for all of the actions here.

@mattjperez

This comment has been minimized.

Copy link

@mattjperez mattjperez commented Mar 29, 2021

@00-matt Works now, thanks for that. I didn't know about GITHUB_TOKEN being generated on each run. I had made a secret directly with repo permissions and was using that at the time of this error.

@skovmand

This comment has been minimized.

Copy link

@skovmand skovmand commented May 9, 2021

It looks as if https://github.com/actions-rs/audit-check/pulls has a lot of automated security pull requests from GitHub, dating back to september 10th 2020 👀👀... I wonder if the packages are still maintained?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment