Skip to content

Deny - Linux

Deny - Linux #463

Workflow file for this run

# Deny - Linux
#
# Checks for security vulnerabilities or license incompatibilities
#
# Runs on:
# - scheduled UTC midnight
# - on PR review (see comment-trigger.yml)
# - on demand from github actions UI
name: Deny - Linux
on:
workflow_call:
workflow_dispatch:
schedule:
# At midnight UTC
- cron: '0 0 * * *'
permissions:
statuses: write
jobs:
test-deny:
runs-on: ubuntu-20.04
timeout-minutes: 30
env:
CARGO_INCREMENTAL: 0
steps:
- name: (PR review) Set latest commit status as pending
if: ${{ github.event_name == 'pull_request_review' }}
uses: myrotvorets/set-commit-status-action@v2.0.1
with:
sha: ${{ github.event.review.commit_id }}
token: ${{ secrets.GITHUB_TOKEN }}
context: Deny - Linux
status: pending
- name: (PR review) Checkout PR branch
if: ${{ github.event_name == 'pull_request_review' }}
uses: actions/checkout@v4
with:
ref: ${{ github.event.review.commit_id }}
- name: Checkout branch
if: ${{ github.event_name != 'pull_request_review' }}
uses: actions/checkout@v4
- uses: actions/cache@v4
name: Cache Cargo registry + index
with:
path: |
~/.cargo/bin/
~/.cargo/registry/index/
~/.cargo/registry/cache/
~/.cargo/git/db/
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
${{ runner.os }}-cargo-
- run: sudo -E bash scripts/environment/bootstrap-ubuntu-20.04.sh
- run: bash scripts/environment/prepare.sh
- run: echo "::add-matcher::.github/matchers/rust.json"
- name: Check cargo deny advisories/licenses
run: make check-deny
- name: (PR review) Set latest commit status as ${{ job.status }}
uses: myrotvorets/set-commit-status-action@v2.0.1
if: always() && github.event_name == 'pull_request_review'
with:
sha: ${{ github.event.review.commit_id }}
token: ${{ secrets.GITHUB_TOKEN }}
context: Deny - Linux
status: ${{ job.status }}