mirror of
https://github.com/tauri-apps/tauri.git
synced 2024-12-18 16:11:38 +03:00
e78bfa722e
As the workflow is failing because of a larger number of unvetted dependencies I transform this to suggestions only until we have a better vetting workflow and resources to audit available.
46 lines
1.4 KiB
YAML
46 lines
1.4 KiB
YAML
# Copyright 2019-2024 Tauri Programme within The Commons Conservancy
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
# SPDX-License-Identifier: MIT
|
|
|
|
name: supply chain health status
|
|
on:
|
|
workflow_dispatch:
|
|
schedule:
|
|
- cron: '0 0 * * *'
|
|
push:
|
|
branches:
|
|
- dev
|
|
- 1.x
|
|
paths:
|
|
- '.github/workflows/supply-chain.yml'
|
|
- '**/Cargo.lock'
|
|
- '**/Cargo.toml'
|
|
jobs:
|
|
cargo-vet:
|
|
name: check rust dependencies with cargo vet
|
|
runs-on: ubuntu-latest
|
|
env:
|
|
CARGO_VET_VERSION: 0.9.1
|
|
steps:
|
|
- uses: actions/checkout@master
|
|
- name: Install Rust
|
|
run: rustup update stable && rustup default stable
|
|
|
|
- uses: actions/cache@v2
|
|
with:
|
|
path: ${{ runner.tool_cache }}/cargo-vet
|
|
key: cargo-vet-bin-${{ env.CARGO_VET_VERSION }}
|
|
|
|
- name: Add the tool cache directory to the search path
|
|
run: echo "${{ runner.tool_cache }}/cargo-vet/bin" >> $GITHUB_PATH
|
|
|
|
- name: Ensure that the tool cache is populated with the cargo-vet binary
|
|
run: cargo install --root ${{ runner.tool_cache }}/cargo-vet --version ${{ env.CARGO_VET_VERSION }} cargo-vet
|
|
|
|
# Enable this again to break the workflow once we have a reasonable amount of suggestions to get to a clean base line
|
|
# - name: Invoke cargo-vet
|
|
# run: cargo vet --locked
|
|
|
|
- name: Provide audit suggestions
|
|
run: cargo vet --locked suggestions
|