Skip to content

Create SECURITY.md

Create SECURITY.md #3

Workflow file for this run

on:

Check failure on line 1 in .github/workflows/on-push.yaml

View workflow run for this annotation

GitHub Actions / .github/workflows/on-push.yaml

Invalid workflow file

You have an error in your yaml syntax
workflow_call:
inputs:
environment:
required: false
type: string
toolchain:
required: false
type: string
default: stable
# do not publish unless said so
publish_dry_run:
required: false
type: boolean
default: true
auditIgnore:
required: false
type: string
default: ""
secrets:
CARGO_REGISTRY_TOKEN:
description: crates.io access token
required: false
jobs:
audit:
runs-on: ubuntu-latest
permissions:
contents: read
issues: write
steps:
- uses: actions/checkout@v4
- uses: actions-rust-lang/audit@v1
name: Audit Rust Dependencies
with:
# Comma separated list of issues to ignore (or configure in audit.toml)
ignore: ${{ inputs.auditIgnore }}
- uses: actions/cache@v3
with:
path: |
~/.cargo/registry
~/.cargo/git
target
key: ${{ runner.os }}-cargo-${{ github.ref_name }}-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
${{ runner.os }}-cargo-${{ github.ref_name }}
cargo-deny:
name: "License check"
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- uses: EmbarkStudios/cargo-deny-action@v1
with:
command: check bans licenses sources
check:
name: Cargo Check
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- uses: actions-rs/toolchain@v1
with:
profile: minimal
toolchain: ${{ inputs.toolchain }}
override: true
- uses: actions-rs/cargo@v1
with:
command: check
test:
name: Test Suite
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- uses: actions-rs/toolchain@v1
with:
profile: minimal
toolchain: ${{ inputs.toolchain }}
override: true
- uses: actions-rs/cargo@v1
with:
command: test
fmt:
name: Rustfmt
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- *cache-cargo
- uses: actions-rs/toolchain@v1
with:
profile: minimal
toolchain: ${{ inputs.toolchain }}
override: true
- run: rustup component add rustfmt
- uses: actions-rs/cargo@v1
with:
command: fmt
args: --all -- --check
clippy:
name: Clippy
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- uses: actions-rs/toolchain@v1
with:
profile: minimal
toolchain: ${{ inputs.toolchain }}
override: true
- run: rustup component add clippy
- uses: actions-rs/cargo@v1
with:
command: clippy
release:
if: github.ref == 'refs/heads/main'
needs: [ cargo-deny, check, fmt, test, clippy, audit ]
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v2
- uses: actions-rs/toolchain@v1
with:
profile: minimal
toolchain: ${{ inputs.toolchain }}
override: true
- name: Build project
run: cargo build --release
- name: Release
run: |
for crate in $(cargo metadata --format-version=1 --no-deps | jq -r '.packages[].manifest_path' | xargs dirname | sort); do
echo "Publishing crate $crate..."
cd $crate
cargo publish ${{ inputs.publish_dry_run && '--dry-run' || '' }}
cd ..
done
env:
CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }}