chore: Update `.github/workflows/audit.yaml` in `artichoke/boba` #185

lopopolo · 2022-12-21T18:25:02Z

Managed by Terraform.

---
name: Audit
"on":
  push:
    branches:
      - trunk
  pull_request:
    branches:
      - trunk
  schedule:
    - cron: "0 0 * * TUE"
jobs:
  ruby:
    name: Audit Ruby Dependencies
    runs-on: ubuntu-latest

    steps:
      - name: Checkout repository
        uses: actions/checkout@v3

      - name: Install Ruby toolchain
        uses: ruby/setup-ruby@v1
        with:
          ruby-version: ".ruby-version"
          bundler-cache: true

      - name: bundler-audit
        run: bundle exec bundle-audit check --update

  rust:
    name: Audit Rust Dependencies
    runs-on: ubuntu-latest
    strategy:
      matrix:
        checks:
          - advisories
          - bans licenses sources

    # Prevent sudden announcement of a new advisory from failing ci:
    continue-on-error: ${{ matrix.checks == 'advisories' }}

    steps:
      - name: Checkout repository
        uses: actions/checkout@v3

      - name: Install Rust toolchain
        uses: artichoke/setup-rust/audit@v1

      - name: Generate Cargo.lock
        run: |
          if [[ ! -f "Cargo.lock" ]]; then
            cargo generate-lockfile --verbose
          fi

      - uses: EmbarkStudios/cargo-deny-action@v1
        with:
          arguments: --locked --all-features
          command: check ${{ matrix.checks }}
          command-arguments: --show-stats

Managed by Terraform. ## Contents ``` --- name: Audit "on": push: branches: - trunk pull_request: branches: - trunk schedule: - cron: "0 0 * * TUE" jobs: ruby: name: Audit Ruby Dependencies runs-on: ubuntu-latest steps: - name: Checkout repository uses: actions/checkout@v3 - name: Install Ruby toolchain uses: ruby/setup-ruby@v1 with: ruby-version: ".ruby-version" bundler-cache: true - name: bundler-audit run: bundle exec bundle-audit check --update rust: name: Audit Rust Dependencies runs-on: ubuntu-latest strategy: matrix: checks: - advisories - bans licenses sources # Prevent sudden announcement of a new advisory from failing ci: continue-on-error: ${{ matrix.checks == 'advisories' }} steps: - name: Checkout repository uses: actions/checkout@v3 - name: Install Rust toolchain uses: artichoke/setup-rust/audit@v1 - name: Generate Cargo.lock run: | if [[ ! -f "Cargo.lock" ]]; then cargo generate-lockfile --verbose fi - uses: EmbarkStudios/cargo-deny-action@v1 with: arguments: --locked --all-features command: check ${{ matrix.checks }} command-arguments: --show-stats ```

lopopolo added the A-build Area: CI build infrastructure. label Dec 21, 2022

lopopolo mentioned this pull request Dec 21, 2022

Use setup-rust/audit action for Rust audit jobs artichoke/project-infrastructure#407

Merged

lopopolo merged commit daf54de into trunk Dec 21, 2022

lopopolo deleted the terraform/update-file-.github-workflows-audit.yaml branch December 21, 2022 18:37

lopopolo restored the terraform/update-file-.github-workflows-audit.yaml branch December 21, 2022 18:37

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore: Update `.github/workflows/audit.yaml` in `artichoke/boba` #185

chore: Update `.github/workflows/audit.yaml` in `artichoke/boba` #185

lopopolo commented Dec 21, 2022

chore: Update .github/workflows/audit.yaml in artichoke/boba #185

chore: Update .github/workflows/audit.yaml in artichoke/boba #185

Conversation

lopopolo commented Dec 21, 2022

Contents

chore: Update `.github/workflows/audit.yaml` in `artichoke/boba` #185

chore: Update `.github/workflows/audit.yaml` in `artichoke/boba` #185