chore(deps): update patch versions of rust crates (#17) #107
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Checks | |
| on: | |
| pull_request: | |
| push: | |
| branches: ["main"] | |
| jobs: | |
| typos: | |
| runs-on: ubuntu-latest | |
| name: check misspelling by typos | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: cachix/install-nix-action@v31 | |
| - name: Run typos command | |
| shell: nix shell nixpkgs#typos --quiet --command bash {0} | |
| run: sh ./scripts/check-typos.sh | |
| cocogitto: | |
| runs-on: ubuntu-latest | |
| name: check conventional commits | |
| # Only run this step in the main branch. | |
| if: github.ref == 'refs/heads/main' | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: cachix/install-nix-action@v31 | |
| - name: Check the latest commit message | |
| shell: nix shell nixpkgs#cocogitto --quiet --command bash {0} | |
| run: cog check HEAD..HEAD | |
| markdownlint: | |
| runs-on: ubuntu-latest | |
| name: lint markdown by markdownlint | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: cachix/install-nix-action@v31 | |
| - name: Run markdownlint command | |
| shell: nix shell nixpkgs#markdownlint-cli --quiet --command bash {0} | |
| run: | | |
| markdownlint \ | |
| --ignore ./tt-openapi \ | |
| --ignore ./target \ | |
| . | |
| cargo-clippy: | |
| runs-on: ubuntu-latest | |
| name: lint rust code by clippy | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Install Rust | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| components: clippy | |
| - name: Cache Rust dependencies | |
| uses: Swatinem/rust-cache@v2 | |
| - name: Run cargo clippy | |
| # The `-- -D warnings` flag treats all warnings as errors. | |
| run: cargo clippy --release -- -D warnings | |
| cargo-doc: | |
| runs-on: ubuntu-latest | |
| name: lint rust docstring by rustdoc | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Install Rust | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| components: rust-docs | |
| - name: Cache Rust dependencies | |
| uses: Swatinem/rust-cache@v2 | |
| - name: Run cargo doc | |
| run: | | |
| cargo test --doc | |
| cargo doc | |
| gen-up-to-date: | |
| runs-on: ubuntu-latest | |
| name: check if generated code is update to date | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: cachix/install-nix-action@v31 | |
| - name: Generate code from openapi specifications | |
| shell: nix develop .#gen --quiet --command bash {0} | |
| run: | | |
| sh ./scripts/gen-rust-axum.sh | |
| sh ./scripts/git-status.sh | |
| trivy-fs: | |
| name: use trivy to scan files | |
| runs-on: ubuntu-latest | |
| permissions: | |
| security-events: write | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Run Trivy vulnerability scanner in repo mode | |
| uses: aquasecurity/trivy-action@0.33.1 | |
| with: | |
| scan-type: fs | |
| severity: CRITICAL,HIGH,MEDIUM | |
| skip-dirs: target | |
| output: trivy-results.sarif | |
| format: sarif | |
| hide-progress: true | |
| ignore-unfixed: true | |
| exit-code: 1 | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| if: ${{ success() || failure() }} | |
| uses: github/codeql-action/upload-sarif@v4 | |
| with: | |
| sarif_file: trivy-results.sarif | |
| category: trivy-fs-scan | |
| trivy-config: | |
| name: use trivy to scan configs | |
| runs-on: ubuntu-latest | |
| permissions: | |
| security-events: write | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Run Trivy vulnerability scanner in repo mode | |
| uses: aquasecurity/trivy-action@0.33.1 | |
| with: | |
| scan-type: config | |
| severity: CRITICAL,HIGH,MEDIUM | |
| output: trivy-results.sarif | |
| format: sarif | |
| hide-progress: true | |
| ignore-unfixed: true | |
| exit-code: 1 | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| if: ${{ success() || failure() }} | |
| uses: github/codeql-action/upload-sarif@v4 | |
| with: | |
| sarif_file: trivy-results.sarif | |
| category: trivy-config-scan |