mirror of
https://github.com/dani-garcia/vaultwarden.git
synced 2026-06-04 14:34:59 -06:00
71 lines
2.0 KiB
YAML
71 lines
2.0 KiB
YAML
name: Supply Chain Audit
|
|
|
|
on:
|
|
workflow_dispatch: {}
|
|
pull_request:
|
|
paths:
|
|
- 'Cargo.toml'
|
|
- 'Cargo.lock'
|
|
|
|
jobs:
|
|
audit:
|
|
name: cargo-audit & cargo-deny
|
|
runs-on: ubuntu-24.04
|
|
timeout-minutes: 30
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Install Rust toolchain
|
|
run: |
|
|
# Use the repository's rust-toolchain if present
|
|
if [ -f rust-toolchain.toml ]; then
|
|
TOOLCHAIN=$(grep -m1 -oP 'channel.*"(\K.*?)(?=")' rust-toolchain.toml || true)
|
|
fi
|
|
if [ -z "${TOOLCHAIN:-}" ]; then
|
|
TOOLCHAIN=stable
|
|
fi
|
|
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain ${TOOLCHAIN}
|
|
source $HOME/.cargo/env
|
|
|
|
- name: Install cargo-audit and cargo-deny
|
|
run: |
|
|
source $HOME/.cargo/env
|
|
cargo install cargo-audit --version 0.17.0 || true
|
|
cargo install cargo-deny --version 0.12.0 || true
|
|
|
|
- name: Run cargo audit
|
|
working-directory: ${{ github.workspace }}
|
|
run: |
|
|
source $HOME/.cargo/env
|
|
cargo audit --version || true
|
|
cargo audit || true
|
|
continue-on-error: true
|
|
id: audit
|
|
|
|
- name: Run cargo deny (advisories)
|
|
working-directory: ${{ github.workspace }}
|
|
run: |
|
|
source $HOME/.cargo/env
|
|
cargo deny check advisories --manifest-path Cargo.toml || true
|
|
continue-on-error: true
|
|
id: deny-advisories
|
|
|
|
- name: Run cargo deny (licenses)
|
|
working-directory: ${{ github.workspace }}
|
|
run: |
|
|
source $HOME/.cargo/env
|
|
cargo deny check licenses --manifest-path Cargo.toml || true
|
|
continue-on-error: true
|
|
id: deny-licenses
|
|
|
|
- name: Upload audit results
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: supply-chain-reports
|
|
path: |
|
|
audit.txt
|
|
deny-advisories.txt
|
|
deny-licenses.txt
|
|
if-no-files-found: ignore
|