31f40d5faf
# Objective - CI job `check-bans` fails often for unrelated reasons to a PR. Reduce those failures ## Solution - Currently, the job only runs if a `Cargo.toml` file changed. This PR would run the job only if the output of `cargo tree --depth 3` is different in a PR from main. the job would still always run on main
83 lines
2.6 KiB
YAML
83 lines
2.6 KiB
YAML
name: Dependencies
|
|
|
|
on:
|
|
pull_request:
|
|
paths:
|
|
- '**/Cargo.toml'
|
|
- 'deny.toml'
|
|
push:
|
|
paths:
|
|
- '**/Cargo.toml'
|
|
- 'deny.toml'
|
|
branches:
|
|
- main
|
|
|
|
env:
|
|
CARGO_TERM_COLOR: always
|
|
|
|
jobs:
|
|
check-advisories:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
- uses: dtolnay/rust-toolchain@stable
|
|
- name: Install cargo-deny
|
|
run: cargo install cargo-deny
|
|
- name: Check for security advisories and unmaintained crates
|
|
run: cargo deny check advisories
|
|
|
|
check-bans:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
# on main, prepare a new cargo tree output and cache it
|
|
- name: On main, prepare new cargo tree cache
|
|
if: github.ref == 'refs/heads/main'
|
|
run: cargo tree --depth 3 > cargo-tree-from-main
|
|
- name: On main, save the new cargo tree cache
|
|
if: github.ref == 'refs/heads/main'
|
|
uses: actions/cache/save@v3
|
|
with:
|
|
path: cargo-tree-from-main
|
|
key: cargo-tree-from-main
|
|
# on other branch, restore the cached cargo tree output
|
|
- name: On PR, restore cargo tree cache
|
|
uses: actions/cache/restore@v3
|
|
if: github.ref != 'refs/heads/main'
|
|
with:
|
|
path: cargo-tree-from-main
|
|
key: cargo-tree-from-main
|
|
- uses: actions/checkout@v3
|
|
- uses: dtolnay/rust-toolchain@stable
|
|
# if not on main, check that the cargo tree output is unchanged
|
|
- name: Check if the cargo tree changed from main
|
|
if: github.ref != 'refs/heads/main'
|
|
continue-on-error: true
|
|
id: cargo-tree-changed
|
|
run: diff cargo-tree-from-main <(cargo tree --depth 3)
|
|
- name: Install cargo-deny
|
|
run: cargo install cargo-deny
|
|
# if the check was not a success (either skipped because on main or failed because of a change), run the check
|
|
- name: Check for banned and duplicated dependencies
|
|
if: steps.cargo-tree-changed.outcome != 'success'
|
|
run: cargo deny check bans
|
|
|
|
check-licenses:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
- uses: dtolnay/rust-toolchain@stable
|
|
- name: Install cargo-deny
|
|
run: cargo install cargo-deny
|
|
- name: Check for unauthorized licenses
|
|
run: cargo deny check licenses
|
|
|
|
check-sources:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
- uses: dtolnay/rust-toolchain@stable
|
|
- name: Install cargo-deny
|
|
run: cargo install cargo-deny
|
|
- name: Checked for unauthorized crate sources
|
|
run: cargo deny check sources
|