mirror of
https://github.com/rust-lang/cargo
synced 2024-10-13 03:02:45 +00:00
chore(ci): Enforce cargo-deny in CI
We skip failure for advisories on the step, rather than the job, to not distract contributors in thinking they broke something as that bubbles up into the PR job summary.
This commit is contained in:
parent
aada2f34e0
commit
f08bcd9b12
30
.github/workflows/audit.yml
vendored
Normal file
30
.github/workflows/audit.yml
vendored
Normal file
|
@ -0,0 +1,30 @@
|
|||
name: Security audit
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
paths:
|
||||
- '**/Cargo.toml'
|
||||
- '**/Cargo.lock'
|
||||
push:
|
||||
branches:
|
||||
- master
|
||||
|
||||
jobs:
|
||||
cargo_deny:
|
||||
runs-on: ubuntu-latest
|
||||
strategy:
|
||||
matrix:
|
||||
checks:
|
||||
- advisories
|
||||
- bans licenses sources
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- uses: EmbarkStudios/cargo-deny-action@v1
|
||||
# Prevent sudden announcement of a new advisory from failing ci:
|
||||
continue-on-error: ${{ matrix.checks == 'advisories' }}
|
||||
with:
|
||||
command: check ${{ matrix.checks }}
|
||||
rust-version: stable
|
Loading…
Reference in a new issue