name: Build
on: [ push, pull_request ]
permissions:
contents: read
jobs:
build:
strategy:
matrix:
os: [ 'ubuntu-latest', 'windows-latest', 'macos-latest' ]
runs-on: ${{ matrix.os }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 with:
egress-policy: block
allowed-endpoints: >
api.github.com:443
archive.ubuntu.com:80
azure.archive.ubuntu.com:80
api.github.com:443
crates.io:443
esm.ubuntu.com:443
fulcio.sigstore.dev:443
github.com:443
index.crates.io:443
motd.ubuntu.com:443
ppa.launchpadcontent.net:443
rekor.sigstore.dev:443
security.ubuntu.com:80
static.crates.io:443
static.rust-lang.org:443
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
- name: Setup Rust toolchain
run: rustup show && rustup update
- name: Run
run: cargo run