Optimize GitHub Actions Workflow for Code Quality and Security #23

Workflow file for this run

.github/workflows/check_security_vulnerability.yml at 11b7566

	name: Code Quality and Security

	on:
	pull_request:
	push:
	branches:
	- main
	schedule:
	- cron: '0 0 * * 0' # Run every Sunday at 00:00 (midnight)

	jobs:

	shared-setup:
	name: Shared Setup
	runs-on: ubuntu-latest
	outputs:
	checkout_ref: ${{ steps.checkout.outputs.ref }}
	steps:
	- name: Checkout code
	id: checkout
	uses: actions/checkout@v4

	devskim:
	name: DevSkim Security Scan
Check failure on line 24 in .github/workflows/check_security_vulnerability.yml View workflow run for this annotation GitHub Actions / Code Quality and Security Invalid workflow file `The workflow is not valid. .github/workflows/check_security_vulnerability.yml (Line: 24, Col: 5): Required property is missing: runs-on .github/workflows/check_security_vulnerability.yml (Line: 45, Col: 5): Required property is missing: runs-on`
	needs: shared-setup
	permissions:
	actions: read
	contents: read
	security-events: write
	steps:
	- name: Checkout code
	uses: actions/checkout@v4
	with:
	ref: ${{ needs.shared-setup.outputs.checkout_ref }}

	- name: Run DevSkim scanner
	uses: microsoft/DevSkim-Action@v1

	- name: Upload DevSkim scan results to GitHub Security tab
	uses: github/codeql-action/upload-sarif@v3
	with:
	sarif_file: devskim-results.sarif

	rust-clippy:
	name: Rust Clippy Analysis
	needs: shared-setup
	permissions:
	contents: read
	security-events: write
	steps:
	- name: Checkout code
	uses: actions/checkout@v4
	with:
	ref: ${{ needs.shared-setup.outputs.checkout_ref }}

	- name: Cache Rust toolchain
	uses: actions/cache@v3
	with:
	path: \|
	~/.cargo/bin/
	~/.cargo/registry/index/
	~/.cargo/registry/cache/
	~/.cargo/git/db/
	key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}

	- name: Install Rust toolchain
	uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af #@v1
	with:
	profile: minimal
	toolchain: stable
	components: clippy
	override: true

	- name: Install required cargo
	run: cargo install clippy-sarif sarif-fmt

	- name: Run rust-clippy
	run:
	cargo clippy
	--all-features
	--message-format=json \| clippy-sarif \| tee rust-clippy-results.sarif \| sarif-fmt
	continue-on-error: true

	- name: Upload Clippy analysis results to GitHub
	uses: github/codeql-action/upload-sarif@v1
	with:
	sarif_file: rust-clippy-results.sarif
	wait-for-processing: true

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Optimize GitHub Actions Workflow for Code Quality and Security #23

Workflow file

Optimize GitHub Actions Workflow for Code Quality and Security #23

Jobs

Run details

Workflow file for this run

GitHub Actions / Code Quality and Security