diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a7a75e9..def6e8e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -8,6 +8,7 @@ on: env: CARGO_TERM_COLOR: always + RUST_VERSION: 1.78.0 permissions: contents: read @@ -30,7 +31,7 @@ jobs: static.rust-lang.org:443 - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 - run: | - curl https://sh.rustup.rs -sSf | sh -s -- -y + curl https://sh.rustup.rs -sSf | sh -s --default-toolchain=${{ env.RUST_VERSION }} -y export PATH="$HOME/.cargo/bin:$PATH" rustup default stable rustup component add rustfmt diff --git a/.github/workflows/rust-clippy.yml b/.github/workflows/rust-clippy.yml new file mode 100644 index 0000000..3d362ab --- /dev/null +++ b/.github/workflows/rust-clippy.yml @@ -0,0 +1,50 @@ +name: rust-clippy + +on: + push: + branches: + - main + pull_request: + branches: + - main + schedule: + - cron: '40 12 * * 6' + +env: + RUST_VERSION: 1.78.0 + +jobs: + rust-clippy: + name: Run rust-clippy + runs-on: ubuntu-latest + permissions: + contents: read + security-events: write + actions: read + steps: + - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 + with: + egress-policy: audit + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 + - name: Install Rust toolchain + run: | + curl https://sh.rustup.rs -sSf | sh -s --default-toolchain=${{ env.RUST_VERSION }} -y + export PATH="$HOME/.cargo/bin:$PATH" + rustup default stable + rustup component add clippy + + - name: Install required cargo + run: cargo install clippy-sarif sarif-fmt + + - name: Run rust-clippy + run: + cargo clippy + --all-features + --message-format=json | clippy-sarif | tee rust-clippy-results.sarif | sarif-fmt + continue-on-error: true + + - name: Upload analysis results to GitHub + uses: github/codeql-action/upload-sarif@8f1a6fed33af5212fab8a999d004627ae8901d1b + with: + sarif_file: rust-clippy-results.sarif + wait-for-processing: true