Update CI audit task #245
Comments
|
I was in the process of updating our workflow to actions-rust-lang/audit@v1 to close this issue but then realized it only has 2 stars... A fairly not-well-known action. But then again even a google search doesn't come up with anything else than these two... is this sort of action not very common maybe, or other projects perform it differently? I'm not seeing an audit action on rust-bitcoin, rust-miniscript, or uniffi-rs. @notmandatory any thoughts on this? |
|
If there aren't any other good options then I'd rather stick with what we have then remove it completely. Another option is to manually run the |
|
The |
|
The audit action is fairly bare and does not support repositories that do not have their I think a few simple shell commands might work better for us in this case. For example: name: Audit
on:
push:
paths:
- '**/Cargo.toml'
- '**/Cargo.lock'
schedule:
- cron: '0 0 * * 0' # Once per week
jobs:
security_audit:
name: Security audit
runs-on: ubuntu-20.04
# TODO 17: I have not verified that this will work and have a suspicion it does not based on vague memories of conversations we had in the past
defaults:
run:
working-directory: bdk-ffi
steps:
- uses: actions/checkout@v3
- run: |
cargo install cargo-audit
cargo-audit |
The current audit task we're using (actions-rs/audit-check@v1) isn't maintained. We should find one that is being maintained. For example:
actions-rust-lang/audit@v1
The text was updated successfully, but these errors were encountered: