jutty/en
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

Add cargo-audit security assessment
Some checks are pending
/ verify (push) Waiting to run
Details

Browse source
This commit is contained in:
Juno Takano 2026-02-25 00:32:51 -03:00
commit 7d2a234fc3
4 changed files with 57 additions and 39 deletions
Download patch file Download diff file Expand all files Collapse all files

21
.forgejo/workflows/publish.yaml
View file

@ -7,6 +7,8 @@ env:
JUST_SHA256SUM: dc3f958aaf8c6506dd90426e9b03f86dd15e74a6467ee0e54929f750af3d9e49
CARGO_LLVM_COV_VERSION: 0.6.21
CARGO_LLVM_COV_SHA256SUM: 57f491aedf7cdb261538ceb49cbb1ee9d27df7ca205a5e1a009caaf5cb911afb
CARGO_AUDIT_VERSION: 0.22.1
CARGO_AUDIT_SHA256SUM: 9899e591c3abee79bd54e88c3b03d27bcf8dd073fb1690af9cd3089be1267a67
jobs:
publish:
runs-on: docker
@ -29,7 +31,9 @@ jobs:
- name: Setup additional tooling
run: |
fetch() {
repo="$1"; tag="$2"; filename="$3"; digest="$4"
repo="$1"; tag="$2"; filename="$3"; digest="$4"; binary="$5"
[ -d /tmp/tools ] || mkdir -p /tmp/tools
curl -sSLO --output-dir /tmp \
-w '%{stderr}HTTP %{response_code} %{url}\n' \
@ -38,18 +42,19 @@ jobs:
printf '%s %s\n' "$digest" "/tmp/$filename" > /tmp/digest
sha256sum --check /tmp/digest
tar xf "/tmp/$filename" -C /tmp/tools
find /tmp/tools -type f -executable -name "$binary" \
-exec mv '{}' /usr/local/bin ';'
}
mkdir /tmp/tools
fetch casey/just ${{ env.JUST_VERSION }} \
just-${{ env.JUST_VERSION }}-x86_64-unknown-linux-musl.tar.gz \
${{ env.JUST_SHA256SUM }}
${{ env.JUST_SHA256SUM }} just
fetch taiki-e/cargo-llvm-cov v${{ env.CARGO_LLVM_COV_VERSION }} \
cargo-llvm-cov-x86_64-unknown-linux-gnu.tar.gz \
${{ env.CARGO_LLVM_COV_SHA256SUM }}
mv -v /tmp/tools/just /tmp/tools/cargo-llvm-cov /usr/local/bin
${{ env.CARGO_LLVM_COV_SHA256SUM }} cargo-llvm-cov
fetch rustsec/rustsec v${{ env.CARGO_AUDIT_VERSION }} \
cargo-audit-x86_64-unknown-linux-gnu-v0.22.1.tgz \
${{ env.CARGO_AUDIT_SHA256SUM }} cargo-audit
- name: Build release binary
run: just full-build
@ -63,5 +68,5 @@ jobs:
--user jutty:${{ secrets.GJD_REGISTRY_TOKEN }} \
--upload-file target/release/en $url
- name: Print sha256sum
- name: Calculate SHA-256 hash
run: just shasum