name: Lint
on:
pull_request:
paths:
- '**.rs'
- '**/Cargo.toml'
- 'Cargo.lock'
- '.github/workflows/lint.yml'
push:
paths:
- '**.rs'
- '**/Cargo.toml'
- 'Cargo.lock'
- '.github/workflows/lint.yml'
permissions:
contents: read
jobs:
build_clippy_fmt_hack:
name: Cargo clippy, fmt, hack
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b with:
egress-policy: block
allowed-endpoints: >
archive.ubuntu.com:443
azure.archive.ubuntu.com:80
crates.io:443
esm.ubuntu.com:443
github.com:443
githubapp.com:443
index.crates.io:443
motd.ubuntu.com:443
objects.githubusercontent.com:443
ppa.launchpadcontent.net:443
release-assets.githubusercontent.com:443
security.ubuntu.com:443
static.crates.io:443
static.rust-lang.org:443
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - uses: rui314/setup-mold@725a8794d15fc7563f59595bd9556495c0564878 - name: Setup Rust toolchain
run: rustup show && rustup update
- name: Install GUI dependencies
run: |
sudo apt-get update
sudo apt-get install -y libmagic-dev libxcb-shape0-dev libxcb-xfixes0-dev libx11-dev libxkbcommon-dev libfontconfig-dev libxext-dev libxft-dev libxinerama-dev libxcursor-dev libxrender-dev libxfixes-dev
- name: cargo fmt
run: cargo fmt -- --check
- name: build everything
run: cargo build --workspace --features=admin,admin-gui,sqlite,vt,yara
- name: cargo clippy
run: cargo clippy --workspace --all-features --tests -- -D warnings
- name: Install Cargo Hack
uses: taiki-e/install-action@aba36d755ec7ca22d38b12111787c26115943952 with:
tool: cargo-hack
- name: Run Cargo Hack on MalwareDB
run: cargo hack check --each-feature --no-dev-deps
- name: Run Cargo Hack on malwaredb-types
run: |
cd crates/types
cargo hack check --each-feature --no-dev-deps
- name: Run Cargo Hack on malwaredb-server
run: |
cd crates/server
cargo hack check --each-feature --no-dev-deps
- name: Run Cargo Hack on malwaredb-client
run: |
cd client
cargo hack check --each-feature --no-dev-deps
check-spdx-headers:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - uses: enarx/spdx@b5bfdd4410071bf058c8333d0e70020001524b6b with:
licenses: Apache-2.0
udeps:
name: Unused dependencies
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b with:
egress-policy: block
allowed-endpoints: >
api.github.com:443
crates.io:443
github.com:443
githubapp.com:443
index.crates.io:443
objects.githubusercontent.com:443
release-assets.githubusercontent.com:443
static.crates.io:443
static.rust-lang.org:443
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
- name: Install nightly and cargo-udeps
run: |
rustup update
rustup toolchain install nightly
- name: Install cargo udeps
uses: taiki-e/install-action@aba36d755ec7ca22d38b12111787c26115943952 with:
tool: cargo-udeps
- name: Run cargo-udeps
run: |
cargo +nightly udeps
audit:
name: Cargo Audit
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
crates.io:443
github.com:443
githubapp.com:443
index.crates.io:443
objects.githubusercontent.com:443
release-assets.githubusercontent.com:443
static.crates.io:443
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
- name: Install Cargo Audit
uses: taiki-e/install-action@aba36d755ec7ca22d38b12111787c26115943952 with:
tool: cargo-audit
- name: Run Cargo Audit
run: cargo audit --ignore RUSTSEC-2023-0071