Skip to content

CI: Check workflows and actions with zizmor #1113

CI: Check workflows and actions with zizmor

CI: Check workflows and actions with zizmor #1113

Workflow file for this run

name: Audits
on:
pull_request:
push:
branches: main
permissions:
contents: read
jobs:
cargo-vet:
name: Vet Rust dependencies
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
- uses: dtolnay/rust-toolchain@stable
id: toolchain
- run: rustup override set "${TOOLCHAIN}"
env:
TOOLCHAIN: ${{steps.toolchain.outputs.name}}
- run: cargo install cargo-vet --version ~0.10
- run: cargo vet --locked
cargo-deny:
name: Check licenses
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
- uses: EmbarkStudios/cargo-deny-action@v2
with:
command: check licenses
required-audits:
name: Required audits have passed
needs:
- cargo-vet
- cargo-deny
if: ${{ always() }}
runs-on: ubuntu-latest
steps:
- name: Determine whether all required-pass steps succeeded
run: |
echo "${NEEDS}" | jq -e '[ .[] | .result == "success" ] | all'
env:
NEEDS: ${{ toJSON(needs) }}