-
-
Save LukeMathWalker/5ae1107432ce283310c3e601fac915f3 to your computer and use it in GitHub Desktop.
name: Security audit | |
on: | |
schedule: | |
- cron: '0 0 * * *' | |
push: | |
paths: | |
- '**/Cargo.toml' | |
- '**/Cargo.lock' | |
jobs: | |
security_audit: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: taiki-e/install-action@cargo-deny | |
- name: Scan for vulnerabilities | |
run: cargo deny check advisories |
name: Rust | |
on: [push, pull_request] | |
env: | |
CARGO_TERM_COLOR: always | |
jobs: | |
test: | |
name: Test | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: dtolnay/rust-toolchain@stable | |
- uses: Swatinem/rust-cache@v2 | |
- name: Run tests | |
run: cargo test | |
fmt: | |
name: Rustfmt | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: dtolnay/rust-toolchain@stable | |
with: | |
components: rustfmt | |
- name: Enforce formatting | |
run: cargo fmt --check | |
clippy: | |
name: Clippy | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: dtolnay/rust-toolchain@stable | |
with: | |
components: clippy | |
- uses: Swatinem/rust-cache@v2 | |
- name: Linting | |
run: cargo clippy -- -D warnings | |
coverage: | |
name: Code coverage | |
runs-on: ubuntu-latest | |
container: | |
image: xd009642/tarpaulin | |
options: --security-opt seccomp=unconfined | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
- name: Generate code coverage | |
run: | | |
cargo tarpaulin --verbose --workspace |
What about including udeps(allows to find unused dependenscies), it can be useful in some cases?
It looks as if https://github.com/actions-rs/audit-check/pulls has a lot of automated security pull requests from GitHub, dating back to september 10th 2020 eyeseyes... I wonder if the packages are still maintained?
https://github.com/EmbarkStudios/cargo-deny-action looks pretty good. It uses cargo deny rather than cargo audit, of course.
This is true for everything in actions-rs as far as I can tell! This seems ... bad
Could you add a LICENSE to that? Assuming MIT, but for legal reasons a proper license notice would be great
ISTM this is a little outdated. actions-rs is unmaintained and has a couple bugs now. Instead, can use dtolnay to implement this CI pipeline.
Updated per @ryanrozanitis comment:
name: Rust
on: [push, pull_request]
env:
CARGO_TERM_COLOR: always
jobs:
test:
name: Test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: dtolnay/rust-toolchain@stable
- run: cargo test --all-features
fmt:
name: Rustfmt
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: dtolnay/rust-toolchain@stable
- run: cargo fmt --all -- --check
clippy:
name: Clippy
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: dtolnay/rust-toolchain@stable
- run: cargo clippy -- -D warnings
coverage:
name: Code coverage
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: dtolnay/rust-toolchain@stable
- run: cargo install cargo-tarpaulin
- run: cargo tarpaulin --ignore-tests
All actions have been updated - they no longer rely on actions-rs
🎉
Sorry for the delay!
I think checkout@v3 needs to be updated to v4 since Node 16 EOL
@LukeMathWalker - Brother this really could use a short link or something man. Us Printed copy enjoyers are crying over the url length. Maybe a QR Code?
Terrific job @LukeMathWalker . Does anybody know how to generate code coverage badge for
README.md
based on the tarpaulin's job?
automatically, im not sure how it'll generate and update. I know you can just paste the markdown in your read me for the latest and updated build coverage badge. I will reply back to see if I have found anything that can address your original question.
Thanks for including this in your book