-
Notifications
You must be signed in to change notification settings - Fork 90
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ci: audit and udeps #16
Conversation
@milancermak Seems to be an issue with YAML format. Try formatting with |
7846d52
to
3cb02bb
Compare
It's the diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml
index b029e05..ce4e7e9 100644
--- a/.github/workflows/audit.yml
+++ b/.github/workflows/audit.yml
@@ -1,7 +1,7 @@
on:
schedule:
# 2:20 past midnight UTC
- - cron: '20 2 * * *'
+ - cron: "20 2 * * *"
name: Security audit
jobs: |
3cb02bb
to
8674e76
Compare
Yeah, saw that, fixed now. Also the |
Yeah installing |
Oops. It seems |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Adds two new CI Actions, as discussed in #4:
Security audit check via the audit-check action. It is set up to run periodically once a day (as opposed to it being triggered by a push to
master
on on a PR) because of a limitation that the action can't be triggered if the PR is coming from a fork. I figure it's fine this way because of the release process.Unused dependencies via cargo-udeps. There's no GH Action wrapper for the tool, so I just built it using
action-rs/toolchain
, similar to thetest
workflow. It runs onnightly
.I had a look at cargo-deny as mentioned in #4, but I don't think it's necessary.