name: Lock File Check
on:
schedule:
- cron: "0 6 * * 1"
workflow_dispatch: push:
branches:
- main
- develop
pull_request:
branches:
- main
- develop
permissions:
contents: read
jobs:
cargo-lock-fresh:
name: Cargo.lock Freshness
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
with:
fetch-depth: 0
- uses: dtolnay/rust-toolchain@stable
- name: Check if Cargo.lock is up-to-date
run: |
# Fetch dependencies with locked flag - fails if lock is stale
if ! cargo fetch --locked 2>&1; then
echo ""
echo "::error::Cargo.lock is stale or out of sync with Cargo.toml"
echo ""
echo "Run 'cargo update' to refresh the lock file and commit the changes."
echo ""
exit 1
fi
echo "Cargo.lock is up-to-date ✓"
- name: Check for dependency updates
run: |
# Check for available updates (without updating)
cargo outdated --root --locked --format json > /tmp/cargo-outdated.json 2>/dev/null || true
if [ -s /tmp/cargo-outdated.json ]; then
# Count updates
UPDATE_COUNT=$(cat /tmp/cargo-outdated.json | grep -o '"update"' | wc -l)
if [ "$UPDATE_COUNT" -gt 0 ]; then
echo ""
echo "Found $UPDATE_COUNT dependency updates available."
echo "Consider running 'cargo update' to refresh Cargo.lock."
echo "Dependabot will create PRs for these automatically."
fi
fi