supply chain health status #109
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Copyright 2019-2024 Tauri Programme within The Commons Conservancy | |
# SPDX-License-Identifier: Apache-2.0 | |
# SPDX-License-Identifier: MIT | |
name: supply chain health status | |
on: | |
workflow_dispatch: | |
schedule: | |
- cron: '0 0 * * *' | |
push: | |
branches: | |
- dev | |
paths: | |
- '.github/workflows/supply-chain.yml' | |
- '**/Cargo.lock' | |
- '**/Cargo.toml' | |
jobs: | |
cargo-vet: | |
name: check rust dependencies with cargo vet | |
runs-on: ubuntu-latest | |
env: | |
CARGO_VET_VERSION: 0.9.1 | |
steps: | |
- uses: actions/checkout@master | |
- name: Install Rust | |
run: rustup update stable && rustup default stable | |
- uses: actions/cache@v2 | |
with: | |
path: ${{ runner.tool_cache }}/cargo-vet | |
key: cargo-vet-bin-${{ env.CARGO_VET_VERSION }} | |
- name: Add the tool cache directory to the search path | |
run: echo "${{ runner.tool_cache }}/cargo-vet/bin" >> $GITHUB_PATH | |
- name: Ensure that the tool cache is populated with the cargo-vet binary | |
run: cargo install --root ${{ runner.tool_cache }}/cargo-vet --version ${{ env.CARGO_VET_VERSION }} cargo-vet | |
# Enable this again to break the workflow once we have a reasonable amount of suggestions to get to a clean base line | |
# - name: Invoke cargo-vet | |
# run: cargo vet --locked | |
- name: Provide audit suggestions | |
run: cargo vet suggest |