Skip to content

Merge pull request #1090 from artichoke/dependabot/bundler/bundler-de… #2383

Merge pull request #1090 from artichoke/dependabot/bundler/bundler-de…

Merge pull request #1090 from artichoke/dependabot/bundler/bundler-de… #2383

Workflow file for this run

---
name: Audit
"on":
push:
branches:
- trunk
pull_request:
branches:
- trunk
schedule:
- cron: "0 0 * * TUE"
jobs:
js:
name: Audit JS Dependencies
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3.5.3
- name: Install Nodejs toolchain
run: npm ci
- name: npm audit
run: npm audit
ruby:
name: Audit Ruby Dependencies
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3.5.3
- name: Install Ruby toolchain
uses: ruby/setup-ruby@250fcd6a742febb1123a77a841497ccaa8b9e939 # v1.152.0
with:
ruby-version: ".ruby-version"
bundler-cache: true
- name: bundler-audit
run: bundle exec bundle-audit check --update
rust:
name: Audit Rust Dependencies
runs-on: ubuntu-latest
strategy:
matrix:
checks:
- advisories
- bans licenses sources
# Prevent sudden announcement of a new advisory from failing ci:
continue-on-error: ${{ matrix.checks == 'advisories' }}
steps:
- name: Checkout repository
uses: actions/checkout@v3.5.3
- name: Install Rust toolchain
uses: artichoke/setup-rust/audit@v1.10.0
- name: Generate Cargo.lock
run: |
if [[ ! -f "Cargo.lock" ]]; then
cargo generate-lockfile --verbose
fi
- uses: EmbarkStudios/cargo-deny-action@e0a440755b184aa50374330fa75cca0f84fcb59a # v1.5.2
with:
arguments: --locked --all-features
command: check ${{ matrix.checks }}
command-arguments: --show-stats