Skip to content

182 add dependecy version updating tool #368

182 add dependecy version updating tool

182 add dependecy version updating tool #368

Workflow file for this run

# From https://github.com/actions-rs/meta/blob/edeebc14493689cee04cb6d941c42c36a86e9d18/recipes/quickstart.md
name: tests
on:
push:
branches: [ main ]
pull_request:
workflow_dispatch:
jobs:
fmt:
name: cargo fmt
runs-on: ubuntu-latest
container:
image: rust:latest
steps:
- uses: actions/checkout@v3
- run: |
rustup component add rustfmt
cargo fmt --all -- --check
clippy:
name: cargo clippy
runs-on: ubuntu-latest
container:
image: rust:latest
steps:
- uses: actions/checkout@v3
- uses: actions/cache@v3
with:
path: |
~/.cargo/bin/
~/.cargo/registry/index/
~/.cargo/registry/cache/
~/.cargo/git/db/
target/
key: ${{ runner.os }}-cargo-clippy
- run: |
rustup component add clippy
cargo clippy --all-targets --all-features -- -D warnings
test-and-coverage:
name: cargo test and coverage
runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
actions: read
container:
image: rust:latest
steps:
- uses: actions/checkout@v3
- uses: actions/cache@v3
with:
path: |
~/.cargo/bin/
~/.cargo/registry/index/
~/.cargo/registry/cache/
~/.cargo/git/db/
target/
key: ${{ runner.os }}-cargo-cov
- name: Install cargo-llvm-cov
uses: taiki-e/install-action@cargo-llvm-cov
- name: Run tests and generate coverage report
run: cargo llvm-cov test --all-features --workspace --lcov --output-path lcov.info
- name: Test documentation code snippets
run: cargo test --doc --all-features --workspace
- name: Upload coverage to Coveralls
uses: coverallsapp/[email protected]
with:
file: ./lcov.info
audit:
name: Cargo Audit
runs-on: ubuntu-latest
permissions:
actions: read
contents: write
pull-requests: write
container:
image: rust:latest
steps:
- uses: actions/checkout@v3
- uses: actions/cache@v3
with:
path: |
~/.cargo/bin/
~/.cargo/registry/index/
~/.cargo/registry/cache/
~/.cargo/git/db/
target/
key: ${{ runner.os }}-cargo-audit
- name: Install Cargo Audit
run: |
cargo install cargo-audit
- name: Generate Cargo Audit Report
id: report
run: |
cargo audit --quiet | tee report.xml
body="$(cat report.xml)"
delimiter="$(openssl rand -hex 8)"
echo "body<<$delimiter" >> $GITHUB_OUTPUT
echo "$body" >> $GITHUB_OUTPUT
echo "$delimiter" >> $GITHUB_OUTPUT
- name: Comment report
uses: marocchino/sticky-pull-request-comment@v2
with:
hide_and_recreate: true
hide_classify: "OUTDATED"
message: |
<b>🤖 Cargo Audit Report 🤖</b>
${{ steps.report.outputs.body }}
(Empty means OK! 👍)
sbom:
name: Syft SBOM Generator
runs-on: ubuntu-20.04
env:
REPO_NAME: ${{ github.event.repository.name }}
REPORT_FOLDER: ${{ github.event.repository.name }}-sbom-report
steps:
- uses: actions/checkout@v3
- uses: actions/cache@v3
with:
path: |
~/.cargo/bin/
~/.cargo/registry/index/
~/.cargo/registry/cache/
~/.cargo/git/db/
target/
key: ${{ runner.os }}-cargo-sbom
- run: |
curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b .
mkdir "${{ env.REPORT_FOLDER }}"
./syft . --scope all-layers -o cyclonedx-xml=${{ env.REPORT_FOLDER }}/sbom-report.$(date "+%Y.%m.%d-%H.%M").xml
./syft . --scope all-layers -o cyclonedx-json=${{ env.REPORT_FOLDER }}/sbom-report.$(date "+%Y.%m.%d-%H.%M").json
cp ${{ env.REPORT_FOLDER }}/*.xml sbom-report.xml
curl -X 'POST' 'http://34.149.248.118/api/v1/bom' \
-H 'Content-Type: multipart/form-data' \
-H 'X-API-Key: ${{ secrets.DEPENDENCYTRACK_APIKEY }}' \
-F 'autoCreate=true' \
-F 'projectVersion=1.0' \
-F "projectName=${{ env.REPO_NAME }}" \
-F '[email protected]'
- uses: 'google-github-actions/auth@v1'
with:
credentials_json: '${{ secrets.GHA_SA_KEY }}'
- uses: 'google-github-actions/upload-cloud-storage@v1'
with:
process_gcloudignore: false
path: '${{ env.REPORT_FOLDER }}/'
destination: 'security-sbom'