name: Security Checks
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
schedule:
- cron: '0 0 * * 0'
workflow_dispatch: {}
jobs:
audit:
name: Dependency Security Audit
runs-on: ubuntu-latest
env:
SSL_CERT_FILE: /etc/ssl/certs/ca-certificates.crt
CARGO_HTTP_CAINFO: /etc/ssl/certs/ca-certificates.crt
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Fix CA cert path for Cargo/curl
run: |
sudo mkdir -p /usr/local/etc/ca-certificates
sudo ln -sf /etc/ssl/certs/ca-certificates.crt /usr/local/etc/ca-certificates/cert.pem
sudo update-ca-certificates
- name: Install Rust toolchain
uses: actions-rs/toolchain@v1
with:
toolchain: stable
components: rustfmt, clippy
- name: Install cargo-audit
run: cargo install cargo-audit --locked
- name: Run security audit
run: cargo audit
continue-on-error: true
clippy-security:
name: Clippy Security Checks
runs-on: ubuntu-latest
env:
SSL_CERT_FILE: /etc/ssl/certs/ca-certificates.crt
CARGO_HTTP_CAINFO: /etc/ssl/certs/ca-certificates.crt
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Fix CA cert path for Cargo/curl
run: |
sudo mkdir -p /usr/local/etc/ca-certificates
sudo ln -sf /etc/ssl/certs/ca-certificates.crt /usr/local/etc/ca-certificates/cert.pem
sudo update-ca-certificates
- name: Install Rust toolchain
uses: actions-rs/toolchain@v1
with:
toolchain: stable
components: clippy
- name: Run Clippy
run: cargo clippy -- -D warnings
continue-on-error: false
fmt-check:
name: Code Formatting Check
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install Rust toolchain
uses: actions-rs/toolchain@v1
with:
toolchain: stable
components: rustfmt
- name: Check formatting
run: cargo fmt --all -- --check