STR-376: create the machinery around polling and execution of bridge duties v2 #1009
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Security | |
on: | |
pull_request: | |
merge_group: | |
push: | |
branches: [master] | |
env: | |
CARGO_TERM_COLOR: always | |
jobs: | |
supply-chain: | |
name: Run `cargo-audit` | |
runs-on: ubuntu-latest | |
timeout-minutes: 30 | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: dtolnay/rust-toolchain@clippy | |
- uses: Swatinem/rust-cache@v2 | |
with: | |
cache-on-failure: true | |
# HACK: not denying warnings as we depend on `yaml-rust` via `format-serde-error` which is unmaintained | |
- name: Check for audit warnings | |
run: cargo audit -D warnings | |
continue-on-error: true | |
# HACK: re-run without denying warnings so that we don't miss any vulnerabilities | |
- name: Check for vulnerabilities | |
run: cargo audit |