name: Pull Request
on:
pull_request:
branches:
- main
permissions:
contents: read
issues: write
pull-requests: write
jobs:
rust:
name: Rust Checks
runs-on: ubuntu-latest
steps:
- name: Check out repository
uses: actions/checkout@v4
- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@master
with:
toolchain: 1.96.0
components: rustfmt, clippy
- name: Cache Rust artifacts
uses: Swatinem/rust-cache@v2
- name: Install Python task runner
run: python -m pip install invoke
- name: Install cargo-audit
run: cargo install cargo-audit --locked
- name: Build, format, and lint
run: inv build
- name: Test
run: inv test
- name: Documentation
run: inv docs
- name: Security audit
id: audit
continue-on-error: true
run: inv security > audit-output.txt 2>&1
- name: Comment audit output
if: always()
uses: actions/github-script@v7
with:
script: |
const fs = require("fs");
const marker = "<!-- cargo-audit-report -->";
const auditStatus = "${{ steps.audit.outcome }}";
const rawOutput = fs.existsSync("audit-output.txt")
? fs.readFileSync("audit-output.txt", "utf8")
: "cargo audit did not produce output.";
const output = rawOutput.length > 60000
? `${rawOutput.slice(0, 60000)}\n\n[output truncated]`
: rawOutput;
const body = `${marker}\n## cargo audit\n\nStatus: **${auditStatus}**\n\n\`\`\`text\n${output}\n\`\`\``;
const { owner, repo } = context.repo;
const issue_number = context.payload.pull_request.number;
const comments = await github.rest.issues.listComments({ owner, repo, issue_number, per_page: 100 });
const existing = comments.data.find((comment) => comment.body?.includes(marker));
if (existing) {
await github.rest.issues.updateComment({ owner, repo, comment_id: existing.id, body });
} else {
await github.rest.issues.createComment({ owner, repo, issue_number, body });
}