diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml new file mode 100644 index 00000000..b943e5d7 --- /dev/null +++ b/.github/workflows/audit.yml @@ -0,0 +1,29 @@ +name: Security Audit + +on: + push: + branches: + - master + paths: + - "**/Cargo.toml" + schedule: + - cron: "0 2 * * *" # run at 2 AM UTC + +permissions: + contents: read + +jobs: + security-audit: + permissions: + checks: write # for rustsec/audit-check to create check + contents: read # for actions/checkout to fetch code + issues: write # for rustsec/audit-check to create issues + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Audit Check + # https://github.com/rustsec/audit-check/issues/2 + uses: rustsec/audit-check@master + with: + token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 6e913529..21a0e69c 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -8,16 +8,15 @@ jobs: matrix: # TODO: add nightly toolchain: [stable] - profile: [minimal, default] runs-on: ubuntu-latest # Only run on "pull_request" event for external PRs. This is to avoid # duplicate builds for PRs created from internal branches. if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository steps: - name: Checkout sources - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: - submodules: 'recursive' + submodules: "recursive" - name: Install build dependencies run: | @@ -30,39 +29,24 @@ jobs: sudo apt install -y openresty --no-install-recommends - name: Install toolchain - uses: actions-rs/toolchain@v1 + uses: dtolnay/rust-toolchain@master with: toolchain: ${{ matrix.toolchain }} - profile: ${{ matrix.profile }} components: rustfmt, clippy - override: true - default: true - name: Run cargo fmt - uses: actions-rs/cargo@v1 - with: - command: fmt - args: -- --check + run: cargo fmt --all -- --check - name: Run cargo test - uses: actions-rs/cargo@v1 - with: - command: test - args: --verbose --lib --bins --tests --no-fail-fast + run: cargo test --verbose --lib --bins --tests --no-fail-fast # Need to run doc tests separately. # (https://github.com/rust-lang/cargo/issues/6669) - name: Run cargo doc test - uses: actions-rs/cargo@v1 - with: - command: test - args: --verbose --doc + run: cargo test --verbose --doc - name: Run cargo clippy - uses: actions-rs/cargo@v1 - with: - command: clippy - args: --all-targets --all -- --deny=warnings + run: cargo clippy --all-targets --all -- --deny=warnings - name: Run cargo audit uses: actions-rust-lang/audit@v1 diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index 32d1facc..59e85bed 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -10,9 +10,9 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout sources - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: - submodules: 'recursive' + submodules: "recursive" - name: Install build dependencies run: | @@ -20,15 +20,7 @@ jobs: sudo apt install -y cmake libclang-dev - name: Install stable toolchain - uses: actions-rs/toolchain@v1 - with: - profile: minimal - toolchain: stable - override: true - default: true + uses: dtolnay/rust-toolchain@stable - name: Run cargo doc - uses: actions-rs/cargo@v1 - with: - command: doc - args: --no-deps --all-features + run: cargo doc --no-deps --all-features