From dd9559c993c27c3a0d93f12d365dd45ae7d1e765 Mon Sep 17 00:00:00 2001 From: TriplEight Date: Sun, 22 Mar 2026 10:58:13 +0100 Subject: [PATCH] ci: run cargo deny in build workflow Adds a cargo-deny step (EmbarkStudios/cargo-deny-action@v2) after clippy and fmt, gated to the rust-toolchain matrix channel only. Wires the outcome into the existing failure summary table. --- .github/workflows/build.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 8d03ee00..b6ffc0c5 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -188,6 +188,15 @@ jobs: # End Run cargo fmt + # Run cargo deny (supply-chain: advisories, licenses, bans, sources) + # Only run on rust-toolchain channel — deny.toml pins the feature set. + - name: "cargo deny" + id: deny + if: ${{ !cancelled() && matrix.channel == 'rust-toolchain' }} + uses: EmbarkStudios/cargo-deny-action@3fd3802e88374d3fe9159b834c7714ec57d6c979 # v2 + # End Run cargo deny + + # Check for any previous failures, if there are stop, else continue. # This is useful so all test/clippy/fmt actions are done, and they can all be addressed - name: "Some checks failed" @@ -201,6 +210,7 @@ jobs: TEST_POSTGRESQL: ${{ steps.test_postgresql.outcome }} CLIPPY: ${{ steps.clippy.outcome }} FMT: ${{ steps.formatting.outcome }} + DENY: ${{ steps.deny.outcome }} run: | echo "### :x: Checks Failed!" >> "${GITHUB_STEP_SUMMARY}" echo "" >> "${GITHUB_STEP_SUMMARY}" @@ -214,6 +224,7 @@ jobs: echo "|test (postgresql)|${TEST_POSTGRESQL}|" >> "${GITHUB_STEP_SUMMARY}" echo "|clippy (sqlite,mysql,postgresql,enable_mimalloc,s3)|${CLIPPY}|" >> "${GITHUB_STEP_SUMMARY}" echo "|fmt|${FMT}|" >> "${GITHUB_STEP_SUMMARY}" + echo "|cargo deny|${DENY}|" >> "${GITHUB_STEP_SUMMARY}" echo "" >> "${GITHUB_STEP_SUMMARY}" echo "Please check the failed jobs and fix where needed." >> "${GITHUB_STEP_SUMMARY}" echo "" >> "${GITHUB_STEP_SUMMARY}"