Skip to content

feat: #5 feature add release ci #21

feat: #5 feature add release ci

feat: #5 feature add release ci #21

Workflow file for this run

name: Security audit
on:
push:
branches:
- $default-branch
pull_request:
env:
RUST_BACKTRACE: 1
CARGO_TERM_COLOR: always
CLICOLOR: 1
jobs:
cargo_udep:
name: Cargo check dependencies
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install Rust nightly
uses: dtolnay/rust-toolchain@nightly
- name: Install cargo-binstall
uses: cargo-bins/cargo-binstall@main
- name: Install udeps
run: cargo binstall cargo-udeps -y
- name: Run udeps
run: cargo +nightly udeps
security_audit:
permissions:
issues: write # to create issues (actions-rs/audit-check)
checks: write # to create check (actions-rs/audit-check)
runs-on: ubuntu-latest
# Prevent sudden announcement of a new advisory from failing ci:
continue-on-error: true
steps:
- name: Checkout repository
uses: actions/checkout@v4
- uses: actions-rs/audit-check@v1
with:
token: ${{ secrets.GITHUB_TOKEN }}
cargo_deny:
permissions:
issues: write # to create issues (actions-rs/audit-check)
checks: write # to create check (actions-rs/audit-check)
runs-on: ubuntu-latest
strategy:
matrix:
checks:
- bans licenses sources
steps:
- uses: actions/checkout@v4
- uses: EmbarkStudios/cargo-deny-action@v1
with:
command: check ${{ matrix.checks }}
rust-version: nightly
# cargo_prusti:
# name: Cargo Prusti static analysis
# permissions:
# issues: write # to create issues (actions-rs/audit-check)
# checks: write # to create check (actions-rs/audit-check)
# pull-requests: write
# runs-on: ubuntu-latest
# steps:
# - uses: actions/checkout@v4
# - uses: viperproject/prusti-action@master
# with:
# path: .
cargo_Rudra:
name: Cargo Rudra check memory safety
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Rudra
uses: sslab-gatech/Rudra@master
# Possible other tools:
# https://github.com/model-checking/kani
# https://github.com/mcarton/rust-herbie-lint