Skip to content

Commit

Permalink
ci: switch to audit-check GitHub Action for cargo audit (#1117)
Browse files Browse the repository at this point in the history
## Motivation

Currently, we are building and caching `cargo-audit` on CI. The GitHub
Actions configuration we use for caching the `cargo-audit` binary is now
deprecated and is [breaking our CI builds][2].

## Solution

This PR switches to the [`actions-rs/audit-check` action][3]. This ought
to fix CI.

[1]: https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/
[2]: https://github.com/tokio-rs/tracing/pull/1116/checks?check_run_id=1444562432
[3]: https://github.com/actions-rs/audit-check
  • Loading branch information
hawkw authored Nov 23, 2020
1 parent b1baa6c commit 325d99f
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 24 deletions.
25 changes: 1 addition & 24 deletions .github/workflows/CI.yml
Original file line number Diff line number Diff line change
Expand Up @@ -250,27 +250,4 @@ jobs:
uses: actions-rs/clippy-check@v1
with:
token: ${{ secrets.GITHUB_TOKEN }}
args: --all --bins --examples --tests --benches -- -D warnings

cargo-audit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@main
- name: Fetch latest release version of cargo-audit
run: |
mkdir -p .github/caching
cargo search cargo-audit | grep '^cargo-audit' | awk '{gsub(/"/,"",$3); print $3}' > .github/caching/cargo-audit.lock
- name: Cache cargo-audit/bin
id: cache-cargo-audit
uses: actions/cache@v1
with:
path: ${{ runner.tool_cache }}/cargo-audit/bin
key: cargo-audit-bin-${{ hashFiles('.github/caching/cargo-audit.lock') }}
- name: Install cargo-audit
if: "steps.cache-cargo-audit.outputs.cache-hit != 'true'"
uses: actions-rs/cargo@v1
with:
command: install
args: --root ${{ runner.tool_cache }}/cargo-audit --force cargo-audit
- run: echo "${{ runner.tool_cache }}/cargo-audit/bin" >> $GITHUB_PATH
- run: cargo audit
args: --all --bins --examples --tests --benches -- -D warnings
14 changes: 14 additions & 0 deletions .github/workflows/audit.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
name: Security audit
on:
push:
paths:
- '**/Cargo.toml'
- '**/Cargo.lock'
jobs:
security_audit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- uses: actions-rs/audit-check@v1
with:
token: ${{ secrets.GITHUB_TOKEN }}

0 comments on commit 325d99f

Please sign in to comment.