-
Notifications
You must be signed in to change notification settings - Fork 16
56 lines (48 loc) · 1.66 KB
/
cargo-vet.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
name: Cargo Vet
on: [push]
concurrency:
# limit concurrency of entire workflow runs for a specific branch
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
permissions:
contents: read
jobs:
cargo-vet:
name: Run cargo vet
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
- name: Install Cargo Vet
run: cargo install --locked cargo-vet
- name: Run Cargo Vet
id: cargo-vet
run: |
echo "=============================="
echo "Running Dependency Vetting"
echo "=============================="
cargo vet || {
echo "=============================="
echo "Unvetted dependencies detected!"
echo "Generating suggestions and detailed report..."
echo "=============================="
cargo vet suggest > audit-suggestions.txt
exit 1
}
- name: Annotate Unvetted Dependencies
if: failure()
run: |
echo "Annotating unvetted dependencies..."
cat audit-suggestions.txt | while read -r line; do
echo "::error file=supply-chain.toml::$line"
done
- name: Summarize Unvetted Dependencies
if: failure()
run: |
echo "Dependencies needing review:"
awk '/Command/{print $2, $3, $4, $5}' audit-suggestions.txt || true
- name: Upload Audit Report
if: failure()
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 #v4.6.0
with:
name: audit-report
path: audit-suggestions.txt