name: CI
on:
push:
branches: [main]
pull_request:
permissions:
contents: read
jobs:
read-msrv:
uses: actions-rust-lang/msrv/.github/workflows/msrv.yml@8b553824444060021f2843d7b4d803f3624d15e5
ci:
needs: read-msrv
strategy:
matrix:
os:
- ubuntu-latest
- ubuntu-24.04-arm
- macos-latest
- macos-15-intel
- windows-latest
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - uses: actions-rust-lang/setup-rust-toolchain@a0b538fa0b742a6aa35d6e2c169b4bd06d225a98 with:
toolchain: ${{ needs.read-msrv.outputs.msrv }}
components: clippy, rustfmt
- run: cargo fmt --check
- run: cargo clippy --all-targets -- -D warnings
- run: cargo test
security-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Scan for vulnerabilities
uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 with:
scan-type: fs
scan-ref: .
format: table
exit-code: 1
severity: CRITICAL,HIGH
nix:
strategy:
matrix:
os:
- ubuntu-latest
- ubuntu-24.04-arm
- macos-latest
- macos-15-intel
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - uses: cachix/install-nix-action@1ca7d21a94afc7c957383a2d217460d980de4934 with:
github_access_token: ${{ secrets.GITHUB_TOKEN }}
- run: nix flake check
- run: nix build
- run: ./result/bin/idt --version