ci: add automated release workflow #4
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: dependencies_analysis | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - test | |
| pull_request: | |
| branches: ['*'] | |
| concurrency: | |
| group: deps-analysis-${{ github.ref }} | |
| cancel-in-progress: ${{ github.ref != 'refs/heads/main' }} | |
| permissions: | |
| contents: read # Required to checkout repository code | |
| jobs: | |
| dependencies-check: | |
| name: dependencies_analysis/dependencies-check (bpr) | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| persist-credentials: false | |
| - name: Rust setup | |
| uses: actions-rust-lang/setup-rust-toolchain@11df97af8e8102fd60b60a77dfbf58d40cd843b8 # v1.10.1 | |
| with: | |
| toolchain: stable | |
| cache: false | |
| # to calculate hash use `curl -s https://api.github.com/repos/cargo-bins/cargo-binstall/git/refs/tags/v1.10.14 | jq -r .object.sha` | |
| - name: Install cargo-binstall | |
| uses: cargo-bins/cargo-binstall@84ca29d5c1719e79e23b6af147555a8f4dac79d6 # v1.10.14 | |
| # Use cargo-binstall to efficiently install required cargo tools with versiones specified | |
| - name: Install cargo tools | |
| run: | | |
| cargo binstall --no-confirm --force \ | |
| cargo-audit@0.21.0 \ | |
| cargo-deny@0.16.2 | |
| - name: Check that Cargo.lock is the source of truth | |
| run: cargo update -w --locked | |
| - name: License whitelist | |
| run: cargo-deny deny check license --deny license-not-encountered | |
| - name: Security issue whitelist | |
| run: cargo-audit audit | |