forked from vectordotdev/vector
-
Notifications
You must be signed in to change notification settings - Fork 0
70 lines (62 loc) · 2.09 KB
/
deny.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
# Deny - Linux
#
# Checks for security vulnerabilities or license incompatibilities
#
# Runs on:
# - scheduled UTC midnight
# - on PR review (see comment-trigger.yml)
# - on demand from github actions UI
name: Deny - Linux
on:
workflow_call:
workflow_dispatch:
schedule:
# At midnight UTC
- cron: '0 0 * * *'
jobs:
test-deny:
runs-on: ubuntu-latest
timeout-minutes: 15
env:
CARGO_INCREMENTAL: 0
steps:
- name: (PR review) Set latest commit status as pending
if: ${{ github.event_name == 'pull_request_review' }}
uses: myrotvorets/[email protected]
with:
sha: ${{ github.event.review.commit_id }}
token: ${{ secrets.GITHUB_TOKEN }}
context: Deny - Linux
status: pending
- name: (PR review) Checkout PR branch
if: ${{ github.event_name == 'pull_request_review' }}
uses: actions/checkout@v3
with:
ref: ${{ github.event.review.commit_id }}
- name: Checkout branch
if: ${{ github.event_name != 'pull_request_review' }}
uses: actions/checkout@v3
- uses: actions/cache@v4
name: Cache Cargo registry + index
with:
path: |
~/.cargo/bin/
~/.cargo/registry/index/
~/.cargo/registry/cache/
~/.cargo/git/db/
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
${{ runner.os }}-cargo-
- run: sudo -E bash scripts/environment/bootstrap-ubuntu-20.04.sh
- run: bash scripts/environment/prepare.sh
- run: echo "::add-matcher::.github/matchers/rust.json"
- name: Check cargo deny advisories/licenses
run: make check-deny
- name: (PR review) Set latest commit status as ${{ job.status }}
uses: myrotvorets/[email protected]
if: always() && github.event_name == 'pull_request_review'
with:
sha: ${{ github.event.review.commit_id }}
token: ${{ secrets.GITHUB_TOKEN }}
context: Deny - Linux
status: ${{ job.status }}