You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
70 lines
2.0 KiB
70 lines
2.0 KiB
name: Supply Chain Audit
|
|
|
|
on:
|
|
workflow_dispatch: {}
|
|
pull_request:
|
|
paths:
|
|
- 'Cargo.toml'
|
|
- 'Cargo.lock'
|
|
|
|
jobs:
|
|
audit:
|
|
name: cargo-audit & cargo-deny
|
|
runs-on: ubuntu-24.04
|
|
timeout-minutes: 30
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Install Rust toolchain
|
|
run: |
|
|
# Use the repository's rust-toolchain if present
|
|
if [ -f rust-toolchain.toml ]; then
|
|
TOOLCHAIN=$(grep -m1 -oP 'channel.*"(\K.*?)(?=")' rust-toolchain.toml || true)
|
|
fi
|
|
if [ -z "${TOOLCHAIN:-}" ]; then
|
|
TOOLCHAIN=stable
|
|
fi
|
|
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain ${TOOLCHAIN}
|
|
source $HOME/.cargo/env
|
|
|
|
- name: Install cargo-audit and cargo-deny
|
|
run: |
|
|
source $HOME/.cargo/env
|
|
cargo install cargo-audit --version 0.17.0 || true
|
|
cargo install cargo-deny --version 0.12.0 || true
|
|
|
|
- name: Run cargo audit
|
|
working-directory: ${{ github.workspace }}
|
|
run: |
|
|
source $HOME/.cargo/env
|
|
cargo audit --version || true
|
|
cargo audit || true
|
|
continue-on-error: true
|
|
id: audit
|
|
|
|
- name: Run cargo deny (advisories)
|
|
working-directory: ${{ github.workspace }}
|
|
run: |
|
|
source $HOME/.cargo/env
|
|
cargo deny check advisories --manifest-path Cargo.toml || true
|
|
continue-on-error: true
|
|
id: deny-advisories
|
|
|
|
- name: Run cargo deny (licenses)
|
|
working-directory: ${{ github.workspace }}
|
|
run: |
|
|
source $HOME/.cargo/env
|
|
cargo deny check licenses --manifest-path Cargo.toml || true
|
|
continue-on-error: true
|
|
id: deny-licenses
|
|
|
|
- name: Upload audit results
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: supply-chain-reports
|
|
path: |
|
|
audit.txt
|
|
deny-advisories.txt
|
|
deny-licenses.txt
|
|
if-no-files-found: ignore
|
|
|