ci(deps): bump actions/upload-artifact from 3 to 5 #51
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Security Audit | |
| on: | |
| push: | |
| branches: [ main ] | |
| pull_request: | |
| branches: [ main ] | |
| schedule: | |
| - cron: '0 0 * * 1' # Weekly on Mondays | |
| jobs: | |
| security-audit: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Install Rust | |
| uses: actions-rs/toolchain@v1 | |
| with: | |
| toolchain: stable | |
| profile: minimal | |
| override: true | |
| - name: Cache cargo registry | |
| uses: actions/cache@v3 | |
| with: | |
| path: ~/.cargo/registry | |
| key: ${{ runner.os }}-cargo-registry-${{ hashFiles('**/Cargo.lock') }} | |
| - name: Cache cargo index | |
| uses: actions/cache@v3 | |
| with: | |
| path: ~/.cargo/git | |
| key: ${{ runner.os }}-cargo-index-${{ hashFiles('**/Cargo.lock') }} | |
| - name: Install cargo-audit | |
| run: cargo install cargo-audit | |
| - name: Run cargo-audit | |
| # Run audit but allow warnings (unmaintained crates) to pass | |
| # Fail only on critical and high severity vulnerabilities | |
| run: | | |
| cargo audit --ignore RUSTSEC-2023-0071 || EXIT_CODE=$? | |
| if [ $EXIT_CODE -eq 0 ]; then | |
| echo "No critical or high severity vulnerabilities found" | |
| exit 0 | |
| elif [ $EXIT_CODE -eq 1 ]; then | |
| echo "Critical or high severity vulnerabilities found" | |
| exit 1 | |
| else | |
| echo "Other cargo-audit error" | |
| exit $EXIT_CODE | |
| fi | |
| - name: Generate audit report | |
| run: | | |
| cargo audit --json > audit-report.json || true | |
| echo "Audit report generated" | |
| - name: Upload audit report | |
| uses: actions/upload-artifact@v5 | |
| with: | |
| name: security-audit-report | |
| path: audit-report.json |