name: Security Checks
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
schedule:
- cron: '0 0 * * 0'
jobs:
audit:
name: Dependency Security Audit
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install Rust toolchain
uses: actions-rs/toolchain@v1
with:
toolchain: stable
components: rustfmt, clippy
- name: Install cargo-audit
run: |
cargo install cargo-audit --locked
- name: Run security audit
run: |
cd dist_agent_lang
cargo audit
continue-on-error: true
clippy-security:
name: Clippy Security Checks
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install Rust toolchain
uses: actions-rs/toolchain@v1
with:
toolchain: stable
components: clippy
- name: Run Clippy
run: |
cd dist_agent_lang
cargo clippy -- -D warnings
continue-on-error: false
fmt-check:
name: Code Formatting Check
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install Rust toolchain
uses: actions-rs/toolchain@v1
with:
toolchain: stable
components: rustfmt
- name: Check formatting
run: |
cd dist_agent_lang
cargo fmt -- --check