Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
GitHub Actions - Rust setup
name: Security audit
on:
push:
paths:
- '**/Cargo.toml'
- '**/Cargo.lock'
jobs:
security_audit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- uses: actions-rs/audit-check@v1
with:
token: ${{ secrets.GITHUB_TOKEN }}
name: Rust
on: [push, pull_request]
env:
CARGO_TERM_COLOR: always
jobs:
test:
name: Test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions-rs/toolchain@v1
with:
profile: minimal
toolchain: stable
override: true
- uses: actions-rs/cargo@v1
with:
command: test
fmt:
name: Rustfmt
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions-rs/toolchain@v1
with:
toolchain: stable
override: true
components: rustfmt
- uses: actions-rs/cargo@v1
with:
command: fmt
args: --all -- --check
clippy:
name: Clippy
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions-rs/toolchain@v1
with:
toolchain: stable
override: true
components: clippy
- uses: actions-rs/clippy-check@v1
with:
token: ${{ secrets.GITHUB_TOKEN }}
args: -- -D warnings
coverage:
name: Code coverage
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v2
- name: Install stable toolchain
uses: actions-rs/toolchain@v1
with:
toolchain: stable
override: true
- name: Run cargo-tarpaulin
uses: actions-rs/tarpaulin@v0.1
with:
args: '--ignore-tests'
name: Security audit
on:
schedule:
- cron: '0 0 * * *'
jobs:
audit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- uses: actions-rs/audit-check@v1
with:
token: ${{ secrets.GITHUB_TOKEN }}
@dhl
Copy link

dhl commented Apr 9, 2022

It looks as if https://github.com/actions-rs/audit-check/pulls has a lot of automated security pull requests from GitHub, dating back to september 10th 2020 eyeseyes... I wonder if the packages are still maintained?

https://github.com/EmbarkStudios/cargo-deny-action looks pretty good. It uses cargo deny rather than cargo audit, of course.

@merdemkoc
Copy link

merdemkoc commented May 1, 2022

I took a Clippy error that said "Resource not accessible by integration". If you get this error, you need to change "Workflow permissions" into "Read and write permissions" instead of "Read repository contents permission". It's in the "Actions" section under the repository settings.

@mihsamusev
Copy link

mihsamusev commented May 13, 2022

Terrific job @LukeMathWalker . Does anybody know how to generate code coverage badge for README.md based on the tarpaulin's job?

@epipheus
Copy link

epipheus commented May 17, 2022

Thanks for including this in your book

@HolyGrease
Copy link

HolyGrease commented Jul 16, 2022

What about including udeps(allows to find unused dependenscies), it can be useful in some cases?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment