-
Notifications
You must be signed in to change notification settings - Fork 6
/
action.yml
68 lines (64 loc) · 2.19 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
name: cargo audit your Rust Dependencies
description: |
Audit Rust dependencies with cargo audit and the RustSec Advisory DB
branding:
icon: "shield"
color: "red"
inputs:
TOKEN:
description: "The GitHub access token to allow us to retrieve, create and update issues (automatically set)"
required: false
default: ${{ github.token }}
denyWarnings:
description: "Any warnings generated will be treated as an error and fail the action"
required: false
default: "false"
file:
description: "The path to the Cargo.lock file to inspect"
required: false
default: ""
ignore:
description: "A comma separated list of Rustsec IDs to ignore"
required: false
default: ""
createIssues:
description: Create/Update issues for each found vulnerability.
required: false
default: "${{ github.ref == 'refs/heads/master' || github.ref == 'refs/heads/main' }}"
workingDirectory:
description: "Run `cargo audit` from the given working directory"
required: false
default: ""
runs:
using: composite
steps:
- name: Identify cargo installation directory
run: echo "cargohome=${CARGO_HOME:-$HOME/.cargo}" >> $GITHUB_OUTPUT
shell: bash
id: cargo-home
- uses: actions/cache@v4
id: cache
with:
path: |
${{ steps.cargo-home.outputs.cargohome }}/bin/cargo-audit*
${{ steps.cargo-home.outputs.cargohome }}/.crates.toml
${{ steps.cargo-home.outputs.cargohome }}/.crates2.json
key: cargo-audit-v0.21.0
- name: Install cargo-audit
if: steps.cache.outputs.cache-hit != 'true'
# Update both this version number and the cache key
run: cargo install cargo-audit --vers 0.21.0 --no-default-features
shell: bash
- run: |
import audit
audit.run()
shell: python
env:
INPUT_CREATE_ISSUES: ${{ inputs.createIssues }}
INPUT_DENY_WARNINGS: ${{ inputs.denyWarnings }}
INPUT_FILE: ${{ inputs.file }}
INPUT_IGNORE: ${{ inputs.ignore }}
INPUT_TOKEN: ${{ inputs.TOKEN }}
INPUT_WORKING_DIRECTORY: ${{ inputs.workingDirectory }}
PYTHONPATH: ${{ github.action_path }}
REPO: ${{ github.repository }}