cargo/.github/workflows/audit.yml
Ed Page f08bcd9b12 chore(ci): Enforce cargo-deny in CI
We skip failure for advisories on the step, rather than the job, to not
distract contributors in thinking they broke something as that bubbles
up into the PR job summary.
2023-02-23 19:31:36 -06:00

30 lines
624 B
YAML

name: Security audit
permissions:
contents: read
on:
pull_request:
paths:
- '**/Cargo.toml'
- '**/Cargo.lock'
push:
branches:
- master
jobs:
cargo_deny:
runs-on: ubuntu-latest
strategy:
matrix:
checks:
- advisories
- bans licenses sources
steps:
- uses: actions/checkout@v3
- uses: EmbarkStudios/cargo-deny-action@v1
# Prevent sudden announcement of a new advisory from failing ci:
continue-on-error: ${{ matrix.checks == 'advisories' }}
with:
command: check ${{ matrix.checks }}
rust-version: stable