ci: run cargo deny in build workflow

Adds a cargo-deny step (EmbarkStudios/cargo-deny-action@v2) after clippy and fmt, gated to the rust-toolchain matrix channel only. Wires the outcome into the existing failure summary table.
3 weeks ago · dd9559c993
1 changed files with 11 additions and 0 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -188,6 +188,15 @@ jobs:
      # End Run cargo fmt


+      # Run cargo deny (supply-chain: advisories, licenses, bans, sources)
+      # Only run on rust-toolchain channel — deny.toml pins the feature set.
+      - name: "cargo deny"
+        id: deny
+        if: ${{ !cancelled() && matrix.channel == 'rust-toolchain' }}
+        uses: EmbarkStudios/cargo-deny-action@3fd3802e88374d3fe9159b834c7714ec57d6c979 # v2
+      # End Run cargo deny
+
+
      # Check for any previous failures, if there are stop, else continue.
      # This is useful so all test/clippy/fmt actions are done, and they can all be addressed
      - name: "Some checks failed"
@ -201,6 +210,7 @@ jobs:
          TEST_POSTGRESQL: ${{ steps.test_postgresql.outcome }}
          CLIPPY: ${{ steps.clippy.outcome }}
          FMT: ${{ steps.formatting.outcome }}
+          DENY: ${{ steps.deny.outcome }}
        run: |
          echo "### :x: Checks Failed!" >> "${GITHUB_STEP_SUMMARY}"
          echo "" >> "${GITHUB_STEP_SUMMARY}"
@ -214,6 +224,7 @@ jobs:
          echo "|test (postgresql)|${TEST_POSTGRESQL}|" >> "${GITHUB_STEP_SUMMARY}"
          echo "|clippy (sqlite,mysql,postgresql,enable_mimalloc,s3)|${CLIPPY}|" >> "${GITHUB_STEP_SUMMARY}"
          echo "|fmt|${FMT}|" >> "${GITHUB_STEP_SUMMARY}"
+          echo "|cargo deny|${DENY}|" >> "${GITHUB_STEP_SUMMARY}"
          echo "" >> "${GITHUB_STEP_SUMMARY}"
          echo "Please check the failed jobs and fix where needed." >> "${GITHUB_STEP_SUMMARY}"
          echo "" >> "${GITHUB_STEP_SUMMARY}"