-
Star
(266)
You must be signed in to star a gist -
Fork
(64)
You must be signed in to fork a gist
-
-
Save LukeMathWalker/5ae1107432ce283310c3e601fac915f3 to your computer and use it in GitHub Desktop.
| name: Security audit | |
| on: | |
| schedule: | |
| - cron: '0 0 * * *' | |
| push: | |
| paths: | |
| - '**/Cargo.toml' | |
| - '**/Cargo.lock' | |
| jobs: | |
| security_audit: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: taiki-e/install-action@cargo-deny | |
| - name: Scan for vulnerabilities | |
| run: cargo deny check advisories |
| name: Rust | |
| on: [push, pull_request] | |
| env: | |
| CARGO_TERM_COLOR: always | |
| jobs: | |
| test: | |
| name: Test | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: dtolnay/rust-toolchain@stable | |
| - uses: Swatinem/rust-cache@v2 | |
| - name: Run tests | |
| run: cargo test | |
| fmt: | |
| name: Rustfmt | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: dtolnay/rust-toolchain@stable | |
| with: | |
| components: rustfmt | |
| - name: Enforce formatting | |
| run: cargo fmt --check | |
| clippy: | |
| name: Clippy | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: dtolnay/rust-toolchain@stable | |
| with: | |
| components: clippy | |
| - uses: Swatinem/rust-cache@v2 | |
| - name: Linting | |
| run: cargo clippy -- -D warnings | |
| coverage: | |
| name: Code coverage | |
| runs-on: ubuntu-latest | |
| container: | |
| image: xd009642/tarpaulin | |
| options: --security-opt seccomp=unconfined | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v3 | |
| - name: Generate code coverage | |
| run: | | |
| cargo tarpaulin --verbose --workspace |
I took a Clippy error that said "Resource not accessible by integration". If you get this error, you need to change "Workflow permissions" into "Read and write permissions" instead of "Read repository contents permission". It's in the "Actions" section under the repository settings.
Terrific job @LukeMathWalker . Does anybody know how to generate code coverage badge for README.md based on the tarpaulin's job?
Thanks for including this in your book
What about including udeps(allows to find unused dependenscies), it can be useful in some cases?
It looks as if https://github.com/actions-rs/audit-check/pulls has a lot of automated security pull requests from GitHub, dating back to september 10th 2020 eyeseyes... I wonder if the packages are still maintained?
https://github.com/EmbarkStudios/cargo-deny-action looks pretty good. It uses cargo deny rather than cargo audit, of course.
This is true for everything in actions-rs as far as I can tell! This seems ... bad
Could you add a LICENSE to that? Assuming MIT, but for legal reasons a proper license notice would be great
ISTM this is a little outdated. actions-rs is unmaintained and has a couple bugs now. Instead, can use dtolnay to implement this CI pipeline.
Updated per @ryanrozanitis comment:
name: Rust
on: [push, pull_request]
env:
CARGO_TERM_COLOR: always
jobs:
test:
name: Test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: dtolnay/rust-toolchain@stable
- run: cargo test --all-features
fmt:
name: Rustfmt
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: dtolnay/rust-toolchain@stable
- run: cargo fmt --all -- --check
clippy:
name: Clippy
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: dtolnay/rust-toolchain@stable
- run: cargo clippy -- -D warnings
coverage:
name: Code coverage
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: dtolnay/rust-toolchain@stable
- run: cargo install cargo-tarpaulin
- run: cargo tarpaulin --ignore-tests
All actions have been updated - they no longer rely on actions-rs 🎉
Sorry for the delay!
I think checkout@v3 needs to be updated to v4 since Node 16 EOL
@LukeMathWalker - Brother this really could use a short link or something man. Us Printed copy enjoyers are crying over the url length. Maybe a QR Code?
Terrific job @LukeMathWalker . Does anybody know how to generate code coverage badge for
README.mdbased on the tarpaulin's job?
automatically, im not sure how it'll generate and update. I know you can just paste the markdown in your read me for the latest and updated build coverage badge. I will reply back to see if I have found anything that can address your original question.
It was updated to actions/checkout@v4.
Warning message before:
The following actions use a deprecated Node.js version and will be forced to run on node20: actions/checkout@v3. For more info: https://github.blog/changelog/2024-03-07-github-actions-all-actions-will-run-on-node20-instead-of-node16-by-default/
name: Rust
on: [push, pull_request]
env:
CARGO_TERM_COLOR: always
jobs:
test:
name: Test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
- run: cargo test --all-features
fmt:
name: Rustfmt
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
- run: cargo fmt --all -- --check
clippy:
name: Clippy
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
- run: cargo clippy -- -D warnings
coverage:
name: Code coverage
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
- run: cargo install cargo-tarpaulin
- run: cargo tarpaulin --ignore-tests
https://github.com/EmbarkStudios/cargo-deny-action looks pretty good. It uses cargo deny rather than cargo audit, of course.