bottom/.github/workflows/audit.yml

# A routine check to see if there are any Rust-specific security vulnerabilities in the repo we should be aware of.

name: audit
on:
  workflow_dispatch:
  schedule:
    - cron: "0 0 * * 1"
jobs:
  audit:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v3

      - name: Set up Rust toolchain
        uses: dtolnay/rust-toolchain@ba37adf8f94a7d9affce79bd3baff1b9e3189c33 # https://github.com/dtolnay/rust-toolchain/commit/ba37adf8f94a7d9affce79bd3baff1b9e3189c33
        with:
          toolchain: stable

      - name: Install cargo-audit
        run: |
          cargo install cargo-audit --locked

      - uses: rustsec/audit-check@bb800784d9c5b0afa352b75dae201bf2e438960a # https://github.com/rustsec/audit-check/commit/bb800784d9c5b0afa352b75dae201bf2e438960a
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
ci: add some documentation in the workflow files 2021-10-18 01:54:06 +00:00			`# A routine check to see if there are any Rust-specific security vulnerabilities in the repo we should be aware of.`

ci: Fix some bugs/typos with the deploy script and components (#329) - Fix bug with choco and homebrew using incorrect bash syntax causing broken downloads. Why this didn't fail, idk. - Add tag entry for manual runs to make it easier to deploy/re-run - Fixed some typos - Fixed incorrect string in choco python script 2020-11-26 08:28:56 +00:00			`name: audit`
github: Add cargo-audit cron job 2020-11-01 00:40:50 +00:00			`on:`
ci: allow manual triggering of audit action 2021-10-18 01:32:08 +00:00			`workflow_dispatch:`
github: Add cargo-audit cron job 2020-11-01 00:40:50 +00:00			`schedule:`
ci: make audit action weekly It really doesn't need to run daily. It now runs every Monday. 2021-08-30 21:07:48 +00:00			`- cron: "0 0 * * 1"`
github: Add cargo-audit cron job 2020-11-01 00:40:50 +00:00			`jobs:`
			`audit:`
			`runs-on: ubuntu-latest`
			`steps:`
ci: try moving to rust-toolchain (#745) action-rs' action seems to not be really maintained anymore and throws some redundant warnings that kinda clog up outputs. As such, I feel like moving to a more active action is probably worth it. 2022-06-02 22:04:51 +00:00			`- name: Checkout repository`
			`uses: actions/checkout@v3`
ci: update audit workflow (#685) Manually install the audit crate as part of the audit CI since it seems to be using too old of a version of Rust. 2022-02-28 00:52:09 +00:00
ci: try moving to rust-toolchain (#745) action-rs' action seems to not be really maintained anymore and throws some redundant warnings that kinda clog up outputs. As such, I feel like moving to a more active action is probably worth it. 2022-06-02 22:04:51 +00:00			`- name: Set up Rust toolchain`
ci: update GitHub CI to remove deprecated/unmaintained actions and commands (#846) * ci: update rust-cache to 2.0.1 * ci: update dtolnay/rust-toolchain to ba37adf * ci: update skip-duplicate-actions to v5.2.0 * ci: update ClementTsang/cargo-action to v0.0.3 * ci: update to macos-12 * ci: update ghaction-chocolatey to 2.1.0 * ci: update upload-artifact to v3.1.0 * ci: change from actions-rs to rustsec for audit-check * ci: stop using actions-rs for builds * ci: update cirrus to use tlsv1.2 when curling * ci: disable macOS ARM workflows on GHA since its built on Cirrus 2022-10-20 10:24:04 +00:00			`uses: dtolnay/rust-toolchain@ba37adf8f94a7d9affce79bd3baff1b9e3189c33 # https://github.com/dtolnay/rust-toolchain/commit/ba37adf8f94a7d9affce79bd3baff1b9e3189c33`
github: Add cargo-audit cron job 2020-11-01 00:40:50 +00:00			`with:`
ci: update audit workflow (#685) Manually install the audit crate as part of the audit CI since it seems to be using too old of a version of Rust. 2022-02-28 00:52:09 +00:00			`toolchain: stable`

			`- name: Install cargo-audit`
			`run: \|`
			`cargo install cargo-audit --locked`

ci: update GitHub CI to remove deprecated/unmaintained actions and commands (#846) * ci: update rust-cache to 2.0.1 * ci: update dtolnay/rust-toolchain to ba37adf * ci: update skip-duplicate-actions to v5.2.0 * ci: update ClementTsang/cargo-action to v0.0.3 * ci: update to macos-12 * ci: update ghaction-chocolatey to 2.1.0 * ci: update upload-artifact to v3.1.0 * ci: change from actions-rs to rustsec for audit-check * ci: stop using actions-rs for builds * ci: update cirrus to use tlsv1.2 when curling * ci: disable macOS ARM workflows on GHA since its built on Cirrus 2022-10-20 10:24:04 +00:00			`- uses: rustsec/audit-check@bb800784d9c5b0afa352b75dae201bf2e438960a # https://github.com/rustsec/audit-check/commit/bb800784d9c5b0afa352b75dae201bf2e438960a`
github: Add cargo-audit cron job 2020-11-01 00:40:50 +00:00			`with:`
			`token: ${{ secrets.GITHUB_TOKEN }}`