kalvinparker
3 months ago
2 changed files with 129 additions and 0 deletions
@ -0,0 +1,59 @@ |
|||
name: Supply Chain Audit (registered) |
|||
|
|||
on: |
|||
workflow_dispatch: {} |
|||
|
|||
jobs: |
|||
audit: |
|||
name: cargo-audit & cargo-deny |
|||
runs-on: ubuntu-24.04 |
|||
timeout-minutes: 30 |
|||
steps: |
|||
- name: Checkout |
|||
uses: actions/checkout@v4 |
|||
|
|||
- name: Install Rust toolchain |
|||
run: | |
|||
if [ -f rust-toolchain.toml ]; then |
|||
TOOLCHAIN=$(grep -m1 -oP 'channel.*"(\K.*?)(?=")' rust-toolchain.toml || true) |
|||
fi |
|||
if [ -z "${TOOLCHAIN:-}" ]; then |
|||
TOOLCHAIN=stable |
|||
fi |
|||
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain ${TOOLCHAIN} |
|||
source $HOME/.cargo/env |
|||
|
|||
- name: Install cargo-audit and cargo-deny |
|||
run: | |
|||
source $HOME/.cargo/env |
|||
cargo install cargo-audit --version 0.17.0 || true |
|||
cargo install cargo-deny --version 0.12.0 || true |
|||
|
|||
- name: Run cargo audit |
|||
run: | |
|||
source $HOME/.cargo/env |
|||
cargo audit --version || true |
|||
cargo audit || true |
|||
continue-on-error: true |
|||
|
|||
- name: Run cargo deny (advisories) |
|||
run: | |
|||
source $HOME/.cargo/env |
|||
cargo deny check advisories --manifest-path Cargo.toml || true |
|||
continue-on-error: true |
|||
|
|||
- name: Run cargo deny (licenses) |
|||
run: | |
|||
source $HOME/.cargo/env |
|||
cargo deny check licenses --manifest-path Cargo.toml || true |
|||
continue-on-error: true |
|||
|
|||
- name: Upload audit results |
|||
uses: actions/upload-artifact@v4 |
|||
with: |
|||
name: supply-chain-reports |
|||
path: | |
|||
audit.txt |
|||
deny-advisories.txt |
|||
deny-licenses.txt |
|||
if-no-files-found: ignore |
|||
@ -0,0 +1,70 @@ |
|||
name: Supply Chain Audit |
|||
|
|||
on: |
|||
workflow_dispatch: {} |
|||
pull_request: |
|||
paths: |
|||
- 'Cargo.toml' |
|||
- 'Cargo.lock' |
|||
|
|||
jobs: |
|||
audit: |
|||
name: cargo-audit & cargo-deny |
|||
runs-on: ubuntu-24.04 |
|||
timeout-minutes: 30 |
|||
steps: |
|||
- name: Checkout |
|||
uses: actions/checkout@v4 |
|||
|
|||
- name: Install Rust toolchain |
|||
run: | |
|||
# Use the repository's rust-toolchain if present |
|||
if [ -f rust-toolchain.toml ]; then |
|||
TOOLCHAIN=$(grep -m1 -oP 'channel.*"(\K.*?)(?=")' rust-toolchain.toml || true) |
|||
fi |
|||
if [ -z "${TOOLCHAIN:-}" ]; then |
|||
TOOLCHAIN=stable |
|||
fi |
|||
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain ${TOOLCHAIN} |
|||
source $HOME/.cargo/env |
|||
|
|||
- name: Install cargo-audit and cargo-deny |
|||
run: | |
|||
source $HOME/.cargo/env |
|||
cargo install cargo-audit --version 0.17.0 || true |
|||
cargo install cargo-deny --version 0.12.0 || true |
|||
|
|||
- name: Run cargo audit |
|||
working-directory: ${{ github.workspace }} |
|||
run: | |
|||
source $HOME/.cargo/env |
|||
cargo audit --version || true |
|||
cargo audit || true |
|||
continue-on-error: true |
|||
id: audit |
|||
|
|||
- name: Run cargo deny (advisories) |
|||
working-directory: ${{ github.workspace }} |
|||
run: | |
|||
source $HOME/.cargo/env |
|||
cargo deny check advisories --manifest-path Cargo.toml || true |
|||
continue-on-error: true |
|||
id: deny-advisories |
|||
|
|||
- name: Run cargo deny (licenses) |
|||
working-directory: ${{ github.workspace }} |
|||
run: | |
|||
source $HOME/.cargo/env |
|||
cargo deny check licenses --manifest-path Cargo.toml || true |
|||
continue-on-error: true |
|||
id: deny-licenses |
|||
|
|||
- name: Upload audit results |
|||
uses: actions/upload-artifact@v4 |
|||
with: |
|||
name: supply-chain-reports |
|||
path: | |
|||
audit.txt |
|||
deny-advisories.txt |
|||
deny-licenses.txt |
|||
if-no-files-found: ignore |
|||
Loading…
Reference in new issue