Actions/rust-cache
1
Fork 0
mirror of https://github.com/Swatinem/rust-cache.git synced 2025-10-31 16:23:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

ci: address lint findings, add zizmor workflow (#262)

Browse Source
This commit is contained in:
William Woodruff 2025-09-23 03:11:49 -04:00 committed by GitHub
parent f13886b937
commit 7bd5339b5b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
10 changed files with 78 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
.github/workflows/buildjet.yml vendored
View File

@ -2,6 +2,8 @@ name: buildjet
on: [push, pull_request] on: [push, pull_request]
permissions: {}
jobs: jobs:
buildjet: buildjet:
if: github.repository == 'Swatinem/rust-cache' if: github.repository == 'Swatinem/rust-cache'
@ -17,7 +19,9 @@ jobs:
CARGO_TERM_COLOR: always CARGO_TERM_COLOR: always
steps: steps:
- uses: actions/checkout@v5 - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
- run: rustup toolchain install stable --profile minimal --no-self-update - run: rustup toolchain install stable --profile minimal --no-self-update

10
.github/workflows/check-dist.yml vendored
View File

@ -11,15 +11,19 @@ on:
- "**.md" - "**.md"
workflow_dispatch: workflow_dispatch:
permissions: {}
jobs: jobs:
check-dist: check-dist:
if: github.repository == 'Swatinem/rust-cache' if: github.repository == 'Swatinem/rust-cache'
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v5 - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
- name: Setup Node.js 20.x - name: Setup Node.js 20.x
uses: actions/setup-node@v5 uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
with: with:
node-version: 20.x node-version: 20.x
cache: npm cache: npm
@ -39,7 +43,7 @@ jobs:
fi fi
id: diff id: diff
- uses: actions/upload-artifact@v4 - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
if: ${{ failure() && steps.diff.conclusion == 'failure' }} if: ${{ failure() && steps.diff.conclusion == 'failure' }}
with: with:
name: dist name: dist

10
.github/workflows/coverage.yml vendored
View File

@ -2,6 +2,8 @@ name: coverage
on: [push, pull_request] on: [push, pull_request]
permissions: {}
jobs: jobs:
coverage: coverage:
if: github.repository == 'Swatinem/rust-cache' if: github.repository == 'Swatinem/rust-cache'
@ -17,11 +19,15 @@ jobs:
CARGO_TERM_COLOR: always CARGO_TERM_COLOR: always
steps: steps:
- uses: actions/checkout@v5 - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
- run: rustup toolchain install stable --profile minimal --component llvm-tools-preview --no-self-update - run: rustup toolchain install stable --profile minimal --component llvm-tools-preview --no-self-update
- uses: taiki-e/install-action@cargo-llvm-cov - uses: taiki-e/install-action@cd39cb0572834c149bf3533a143f05e09def0f3c # v2.62.2
with:
tool: cargo-llvm-cov
- uses: ./ - uses: ./
with: with:

16
.github/workflows/dependabot.yml vendored
View File

@ -3,23 +3,25 @@
name: Dependabot Automation name: Dependabot Automation
on: pull_request on: pull_request
permissions: permissions: {}
contents: write
pull-requests: write
jobs: jobs:
automerge: automerge:
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions:
contents: write # for pushing commits
pull-requests: write # for merging PRs
if: github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == 'Swatinem/rust-cache' if: github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == 'Swatinem/rust-cache'
steps: steps:
- name: Fetch metadata - name: Fetch metadata
id: metadata id: metadata
uses: dependabot/fetch-metadata@v2 uses: dependabot/fetch-metadata@08eff52bf64351f401fb50d4972fa95b9f2c2d1b # v2.4.0
with: with:
github-token: "${{ secrets.GITHUB_TOKEN }}" github-token: "${{ secrets.GITHUB_TOKEN }}"
- uses: actions/checkout@v5 - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with: with:
fetch-depth: 2 fetch-depth: 2
persist-credentials: false
if: steps.metadata.outputs.update-type == 'version-update:semver-patch' if: steps.metadata.outputs.update-type == 'version-update:semver-patch'
- name: Check if package-lock.json has been changed - name: Check if package-lock.json has been changed
if: steps.metadata.outputs.update-type == 'version-update:semver-patch' if: steps.metadata.outputs.update-type == 'version-update:semver-patch'
@ -35,7 +37,7 @@ jobs:
fi fi
- name: Setup node if necessary - name: Setup node if necessary
if: steps.npm.outputs.changed != '' if: steps.npm.outputs.changed != ''
uses: actions/setup-node@v5 uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
with: with:
node-version: 20.x node-version: 20.x
cache: npm cache: npm

6
.github/workflows/git-registry.yml vendored
View File

@ -2,6 +2,8 @@ name: git-registry
on: [push, pull_request] on: [push, pull_request]
permissions: {}
jobs: jobs:
git-registry: git-registry:
if: github.repository == 'Swatinem/rust-cache' if: github.repository == 'Swatinem/rust-cache'
@ -18,7 +20,9 @@ jobs:
CARGO_REGISTRIES_CRATES_IO_PROTOCOL: git CARGO_REGISTRIES_CRATES_IO_PROTOCOL: git
steps: steps:
- uses: actions/checkout@v5 - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
- run: rustup toolchain install stable --profile minimal --no-self-update - run: rustup toolchain install stable --profile minimal --no-self-update

6
.github/workflows/install.yml vendored
View File

@ -2,6 +2,8 @@ name: install
on: [push, pull_request] on: [push, pull_request]
permissions: {}
jobs: jobs:
install: install:
if: github.repository == 'Swatinem/rust-cache' if: github.repository == 'Swatinem/rust-cache'
@ -17,7 +19,9 @@ jobs:
CARGO_TERM_COLOR: always CARGO_TERM_COLOR: always
steps: steps:
- uses: actions/checkout@v5 - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
- run: rustup toolchain install stable --profile minimal --no-self-update - run: rustup toolchain install stable --profile minimal --no-self-update

6
.github/workflows/simple.yml vendored
View File

@ -2,6 +2,8 @@ name: simple
on: [push, pull_request] on: [push, pull_request]
permissions: {}
jobs: jobs:
simple: simple:
if: github.repository == 'Swatinem/rust-cache' if: github.repository == 'Swatinem/rust-cache'
@ -17,7 +19,9 @@ jobs:
CARGO_TERM_COLOR: always CARGO_TERM_COLOR: always
steps: steps:
- uses: actions/checkout@v5 - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
- run: rustup toolchain install stable --profile minimal --no-self-update - run: rustup toolchain install stable --profile minimal --no-self-update

6
.github/workflows/target-dir.yml vendored
View File

@ -2,6 +2,8 @@ name: target-dir
on: [push, pull_request] on: [push, pull_request]
permissions: {}
jobs: jobs:
target-dir: target-dir:
if: github.repository == 'Swatinem/rust-cache' if: github.repository == 'Swatinem/rust-cache'
@ -17,7 +19,9 @@ jobs:
CARGO_TERM_COLOR: always CARGO_TERM_COLOR: always
steps: steps:
- uses: actions/checkout@v5 - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
- run: rustup toolchain install stable --profile minimal --no-self-update - run: rustup toolchain install stable --profile minimal --no-self-update

6
.github/workflows/workspaces.yml vendored
View File

@ -2,6 +2,8 @@ name: workspaces
on: [push, pull_request] on: [push, pull_request]
permissions: {}
jobs: jobs:
workspaces: workspaces:
if: github.repository == 'Swatinem/rust-cache' if: github.repository == 'Swatinem/rust-cache'
@ -17,7 +19,9 @@ jobs:
CARGO_TERM_COLOR: always CARGO_TERM_COLOR: always
steps: steps:
- uses: actions/checkout@v5 - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
- run: rustup toolchain install stable --profile minimal --target wasm32-unknown-unknown --no-self-update - run: rustup toolchain install stable --profile minimal --target wasm32-unknown-unknown --no-self-update

24
.github/workflows/zizmor.yml vendored Normal file
View File

@ -0,0 +1,24 @@
name: GitHub Actions Security Analysis with zizmor 🌈
on:
push:
branches: ["main"]
pull_request:
branches: ["**"]
permissions: {}
jobs:
zizmor:
name: Run zizmor 🌈
runs-on: ubuntu-latest
permissions:
security-events: write # for uploading results to the Security tab
steps:
- name: Checkout repository
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
- name: Run zizmor 🌈
uses: zizmorcore/zizmor-action@e673c3917a1aef3c65c972347ed84ccd013ecda4 # v0.2.0