diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml new file mode 100644 index 0000000..a7ccb1e --- /dev/null +++ b/.github/workflows/audit.yml @@ -0,0 +1,41 @@ +name: audit + +on: + schedule: + - cron: '34 3 * * *' + push: + branches: + - main + pull_request: + workflow_dispatch: + +jobs: + cargo-audit: + runs-on: ubuntu-latest + if: github.event_name == 'pull_request' + timeout-minutes: 10 + steps: + - uses: actions/checkout@v4 + - run: cargo install --debug --git https://github.com/rikhuijzer/jas + - run: > + jas install + --gh rustsec/rustsec@cargo-audit/v0.21.2 + --archive-filename cargo-audit + --sha 5eaad156124e01d54ce937cbb2c069a8145b01e7fa29aef62bef1b386b4c1519 + - run: cargo-audit audit + + cargo-deny: + runs-on: ubuntu-latest + if: github.event_name == 'pull_request' + timeout-minutes: 10 + steps: + - uses: actions/checkout@v4 + - run: cargo install --debug --git https://github.com/rikhuijzer/jas + - run: > + jas install + --gh EmbarkStudios/cargo-deny@0.18.2 + --sha 43c4a79c4b9fd1fcb3dddb305a1b4d8f7ac4a72accd61bb50a0b698789ca894c + # Using GITHUB_TOKEN because the tests make lots of requests and may hit rate limits. + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - run: cargo-deny check advisories \ No newline at end of file diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml index 76e3ff1..2e5067f 100644 --- a/.github/workflows/check.yml +++ b/.github/workflows/check.yml @@ -14,10 +14,8 @@ jobs: steps: - uses: actions/checkout@v4 - - run: rustup update stable - run: rustup default stable - - uses: actions/cache@v4 with: path: | @@ -27,26 +25,23 @@ jobs: ~/.cargo/git/db/ target/ key: ${{ runner.os }}-cargo-check-${{ hashFiles('**/Cargo.lock') }} - - uses: actions/cache@v4 with: path: ~/.cache/typst key: typst - + - run: cargo install --debug --git https://github.com/rikhuijzer/jas + - run: | + jas install --gh typst/typst@v0.13.1 \ + --sha 7d214bfeffc2e585dc422d1a09d2b144969421281e8c7f5d784b65fc69b5673f + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: sudo apt-get install -y ffmpeg - - - run: cargo install cargo-binstall - - - run: cargo binstall typst-cli - - run: | echo "DEEPINFRA_KEY=${{ secrets.DEEPINFRA_KEY }}" > keys.env echo "ELEVENLABS_KEY=${{ secrets.ELEVENLABS_KEY }}" >> keys.env echo "GOOGLE_KEY=${{ secrets.GOOGLE_KEY }}" >> keys.env echo "OPENAI_KEY=${{ secrets.OPENAI_KEY }}" >> keys.env - - run: cargo test --all-features - - name: Cleanup before Post Run run: rm keys.env @@ -54,19 +49,20 @@ jobs: runs-on: ubuntu-latest if: github.event_name == 'pull_request' timeout-minutes: 10 - steps: - uses: actions/checkout@v4 - - - uses: crate-ci/typos@master - with: - files: '.' + - run: cargo install --debug --git https://github.com/rikhuijzer/jas + - run: | + jas install --gh crate-ci/typos@v1.31.1 \ + --sha f683c2abeaff70379df7176110100e18150ecd17a4b9785c32908aca11929993 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - run: typos . fmt: runs-on: ubuntu-latest if: github.event_name == 'pull_request' timeout-minutes: 10 - steps: - uses: actions/checkout@v4 - run: rustup update stable @@ -78,7 +74,6 @@ jobs: runs-on: ubuntu-latest if: github.event_name == 'pull_request' timeout-minutes: 10 - steps: - uses: actions/checkout@v4 - run: rustup update stable diff --git a/.github/workflows/examples.yml b/.github/workflows/examples.yml index 318ee4d..48f572b 100644 --- a/.github/workflows/examples.yml +++ b/.github/workflows/examples.yml @@ -18,38 +18,31 @@ jobs: # Not using non-official GitHub Actions for security reasons. steps: - uses: actions/checkout@v4 - - run: rustup update stable - run: rustup default stable - - uses: actions/cache@v4 with: path: | - ~/.cargo/bin/ ~/.cargo/registry/index/ ~/.cargo/registry/cache/ ~/.cargo/git/db/ target/ key: ${{ runner.os }}-cargo-examples-${{ hashFiles('**/Cargo.lock') }} - - run: sudo apt-get install -y ffmpeg - - - run: cargo install cargo-binstall - - - run: cargo binstall typst-cli - - run: sudo apt-get install -y imagemagick - - - run: cargo install --path . - + - run: cargo install --debug --path . - run: | echo "DEEPINFRA_KEY=${{ secrets.DEEPINFRA_KEY }}" > keys.env echo "GOOGLE_KEY=${{ secrets.GOOGLE_KEY }}" >> keys.env - + - run: cargo install --debug --git https://github.com/rikhuijzer/jas + - run: | + jas install --gh typst/typst@v0.13.1 \ + --sha 7d214bfeffc2e585dc422d1a09d2b144969421281e8c7f5d784b65fc69b5673f + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | mkdir _public echo "

Home page for the examples

" > _public/index.html - - name: Run examples run: | convert -size 500x500 xc:none -fill white -draw "polygon 150,100 150,400 400,250" play_button.png @@ -73,10 +66,8 @@ jobs: mv _out/out.mp4 _public/zonos.mp4 convert _out/image/1.png play_button.png -gravity center -composite tmp.png mv tmp.png _public/zonos.png - - name: Cleanup run: rm keys.env - - name: Upload static files id: deployment uses: actions/upload-pages-artifact@v3 @@ -94,7 +85,6 @@ jobs: permissions: pages: write id-token: write - steps: - uses: actions/deploy-pages@v4 id: deployment