Skip to content
This repository was archived by the owner on Nov 3, 2025. It is now read-only.
Audit

Audit #667

Sign in to view logs

Audit

Audit #667

Workflow file for this run

.github/workflows/audit.yaml at 24e8270
---
name: Audit
"on":
push:
branches:
- trunk
pull_request:
branches:
- trunk
schedule:
- cron: "0 0 * * TUE"
permissions: {}
jobs:
js:
name: Audit JS Dependencies
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
- name: Setup Node.js runtime
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
with:
node-version: "lts/*"
- name: Install Nodejs toolchain
run: npm ci
- name: npm audit
run: npm audit
ruby:
name: Audit Ruby Dependencies
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
- name: Install Ruby toolchain
uses: ruby/setup-ruby@44511735964dcb71245e7e55f72539531f7bc0eb # v1.257.0
with:
ruby-version: ".ruby-version"
bundler-cache: true
- name: bundler-audit
run: bundle exec bundle-audit check --update
rust:
name: Audit Rust Dependencies
runs-on: ubuntu-latest
strategy:
matrix:
checks:
- advisories
- bans licenses sources
# Prevent sudden announcement of a new advisory from failing ci:
continue-on-error: ${{ matrix.checks == 'advisories' }}
steps:
- name: Checkout repository
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
- name: Install Rust toolchain
uses: artichoke/setup-rust/audit@68e0ebb3b406970de1cc2ca807797c9156a198a7 # v2.0.1
- name: Generate Cargo.lock
run: |
if [[ ! -f "Cargo.lock" ]]; then
cargo generate-lockfile --verbose
fi
- uses: EmbarkStudios/cargo-deny-action@f2ba7abc2abebaf185c833c3961145a3c275caad # v2.0.13
with:
arguments: --locked --all-features
command: check ${{ matrix.checks }}
command-arguments: --show-stats
rust-version: nightly
zizmor:
name: Run zizmor 🌈
runs-on: ubuntu-latest
permissions:
security-events: write
steps:
- name: Checkout repository
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
- name: Run zizmor 🌈
uses: zizmorcore/zizmor-action@5ca5fc7a4779c5263a3ffa0e1f693009994446d1 # v0.1.2
with:
persona: "pedantic"