Skip to content

Commit

Permalink
GitHub CI: Replace security-audit with dependency-audit workflow (#223)
Browse files Browse the repository at this point in the history
  • Loading branch information
uklotzde authored Oct 3, 2023
1 parent 4232cf6 commit e6e9802
Show file tree
Hide file tree
Showing 2 changed files with 50 additions and 13 deletions.
41 changes: 41 additions & 0 deletions .deny.toml
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
# SPDX-FileCopyrightText: Copyright (c) 2017-2023 slowtec GmbH <[email protected]>
# SPDX-License-Identifier: CC0-1.0

all-features = false
no-default-features = false
feature-depth = 1

[advisories]
db-path = "~/.cargo/advisory-db"
db-urls = ["https://github.com/rustsec/advisory-db"]
vulnerability = "deny"
unmaintained = "warn"
yanked = "warn"
notice = "warn"

[licenses]
unlicensed = "deny"
allow = [
"Apache-2.0",
"BSD-2-Clause",
"MIT",
"MPL-2.0",
"Unicode-DFS-2016",
]
copyleft = "warn"
allow-osi-fsf-free = "neither"
default = "deny"
confidence-threshold = 0.8

[bans]
multiple-versions = "warn"
wildcards = "allow"
highlight = "all"
workspace-default-features = "allow"
external-default-features = "allow"

[sources]
unknown-registry = "warn"
unknown-git = "warn"
allow-registry = ["https://github.com/rust-lang/crates.io-index"]
allow-git = []
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@

# yaml-language-server: $schema=https://json.schemastore.org/github-workflow

name: security-audit
name: dependency-audit

permissions:
contents: read
Expand All @@ -22,18 +22,14 @@ jobs:
runs-on: ubuntu-latest

steps:
- uses: dtolnay/rust-toolchain@stable

- name: Install cargo-audit
run: cargo install cargo-audit

- uses: actions/checkout@v4

- name: Cache Rust toolchain and build artifacts
uses: Swatinem/rust-cache@v2
with:
# The cache should not be shared between different workflows and jobs.
shared-key: ${{ github.workflow }}-${{ github.job }}
- name: Generate Cargo.lock
run: cargo generate-lockfile

- name: Run security audit
run: cargo audit --deny unsound --deny yanked
- uses: EmbarkStudios/cargo-deny-action@v1
with:
command: check
arguments: >-
--all-features
--locked

0 comments on commit e6e9802

Please sign in to comment.