-
Notifications
You must be signed in to change notification settings - Fork 0
85 lines (77 loc) · 2.47 KB
/
Copy pathci.yml
File metadata and controls
85 lines (77 loc) · 2.47 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
name: CI
on:
pull_request:
push:
branches: [main]
env:
CARGO_TERM_COLOR: always
RUSTFLAGS: "-D warnings"
jobs:
fmt:
name: cargo fmt --check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@1.88
with:
components: rustfmt
- run: cargo fmt --all -- --check
clippy:
name: cargo clippy -D warnings
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@1.88
with:
components: clippy
- uses: Swatinem/rust-cache@v2
- run: cargo clippy --all-targets --all-features -- -D warnings
test:
name: cargo nextest run
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@1.88
- uses: Swatinem/rust-cache@v2
- name: Install cargo-nextest
uses: taiki-e/install-action@v2
with:
tool: cargo-nextest
- run: cargo nextest run --all-features --no-fail-fast
- run: cargo test --doc --all-features # nextest doesn't run doctests
audit:
name: cargo audit
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install cargo-audit
uses: taiki-e/install-action@v2
with:
tool: cargo-audit
# RUSTSEC-2023-0071 (Marvin Attack on rsa 0.9) is ignored project-wide —
# cipherpost uses pgp 0.19 for parse/render only, not for RSA private-key
# ops. RUSTSEC-2026-0173 (proc-macro-error2 unmaintained) is a build-time
# proc-macro via age->i18n-embed-fl; unmaintained, not a vuln, ships no
# code into the binary. Rationale for both documented in deny.toml.
# cargo-audit doesn't read deny.toml, so we mirror the ignores inline.
- run: cargo audit --deny warnings --ignore RUSTSEC-2023-0071 --ignore RUSTSEC-2026-0173
deny:
name: cargo deny check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install cargo-deny
uses: taiki-e/install-action@v2
with:
tool: cargo-deny
- run: cargo deny check
link-check:
name: lychee link check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Link check
uses: lycheeverse/lychee-action@8646ba30535128ac92d33dfc9133794bfdd9b411 # v2.8.0
with:
args: --include-fragments --verbose --no-progress 'SPEC.md' 'THREAT-MODEL.md' 'SECURITY.md' 'README.md'
fail: true