Skip to content

Harden hashavatar-api 1.1.2 security controls #56

Harden hashavatar-api 1.1.2 security controls

Harden hashavatar-api 1.1.2 security controls #56

Workflow file for this run

name: CI
on:
push:
branches: [main]
pull_request:
branches: [main]
permissions:
contents: read
env:
CARGO_TERM_COLOR: always
RUST_BACKTRACE: 1
jobs:
rust:
runs-on: ubuntu-latest
timeout-minutes: 45
steps:
- name: Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- name: Install Rust
uses: dtolnay/rust-toolchain@1a3a6d54512beeaffd394f8d516ca16f2c506a20 # 1.97.0
with:
components: clippy, rustfmt
- name: Cache cargo
uses: Swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4 # v2.9.1
with:
cache-on-failure: true
- name: Install security tools
uses: taiki-e/install-action@c7eb1735f09259a5035e8e5d44b1406b1cddc0fb # v2.83.0
with:
tool: cargo-deny,cargo-audit,cargo-sbom
- name: Run checks
run: scripts/checks.sh
- name: Local runtime smoke
run: scripts/smoke_local.sh
- name: Generate SBOM
run: scripts/generate-sbom.sh
- name: Verify reproducible release build
run: scripts/reproducible_build_check.sh