-
-
Notifications
You must be signed in to change notification settings - Fork 1
63 lines (51 loc) · 1.5 KB
/
security_audit.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
# https://github.com/actions-rs/audit-check#scheduled-audit
name: Monthly Security Audit
on:
schedule:
- cron: '3 2 1 * *'
workflow_dispatch:
inputs:
branch_commit_or_ref:
description: 'Run this workflow in what branch/commit?'
required: true
type: string
default: master
jobs:
audit:
runs-on: ubuntu-latest
strategy:
fail-fast: true
matrix:
channel: [ stable ]
steps:
# region Environment setup
- name: Checkout repository
uses: actions/checkout@v4
with:
ref: ${{ inputs.branch_commit_or_ref || '' }}
- name: Update Rust toolchain from channel ${{ matrix.channel }}
shell: bash
run: |
rustup self update
rustup update ${{ matrix.channel }}
rustup default ${{ matrix.channel }}
- name: Check Rust ${{ matrix.channel }} toolchain versions
shell: bash
run: |
rustup --version
cargo --version
rustc --version
rustup show
# endregion
# region Run security audit
- name: Intall cargo-audit from channel ${{ matrix.channel }}
shell: bash
run: cargo install cargo-auditable cargo-audit
- name: Build with dependency lists embedded in the binaries
shell: bash
run: cargo auditable build --release
- name: Run security audit
shell: bash
run: cargo audit bin target/release/solrcopy
# endregion
# THE END #