permissions: contents: read on: push: branches: [main] pull_request: branches: [main] schedule: - cron: '7 7 * * *' name: scheduled jobs: # https://twitter.com/mycoliza/status/1571295690063753218 nightly: runs-on: ubuntu-latest name: ubuntu / nightly steps: - uses: actions/checkout@v3 with: submodules: true - name: Install nightly uses: https://github.com/dtolnay/rust-toolchain@nightly - name: cargo generate-lockfile if: hashFiles('Cargo.lock') == '' run: cargo generate-lockfile - name: cargo test --locked run: cargo test --locked --all-features --all-targets # https://twitter.com/alcuadrado/status/1571291687837732873 update: runs-on: ubuntu-latest name: ubuntu / beta / updated # There's no point running this if no Cargo.lock was checked in in the # first place, since we'd just redo what happened in the regular test job. # Unfortunately, hashFiles only works in if on steps, so we reepeat it. # if: hashFiles('Cargo.lock') != '' steps: - uses: actions/checkout@v3 with: submodules: true - name: Install beta if: hashFiles('Cargo.lock') != '' uses: https://github.com/dtolnay/rust-toolchain@beta - name: cargo update if: hashFiles('Cargo.lock') != '' run: cargo update - name: cargo test if: hashFiles('Cargo.lock') != '' run: cargo test --locked --all-features --all-targets env: RUSTFLAGS: -D deprecated audit: name: stable / audit runs-on: ubuntu-latest permissions: checks: write issues: write steps: - uses: actions/checkout@v3 - uses: https://github.com/rustsec/audit-check@v1 with: token: ${{ secrets.GITHUB_TOKEN }} deny: runs-on: ubuntu-latest name: stable / deny strategy: matrix: checks: - advisories - bans licenses sources # Prevent sudden announcement of a new advisory from failing ci: continue-on-error: ${{ matrix.checks == 'advisories' }} steps: - uses: actions/checkout@v3 with: submodules: true - name: Install stable uses: https://github.com/dtolnay/rust-toolchain@stable - uses: https://github.com/EmbarkStudios/cargo-deny-action@v1 with: command: check ${{ matrix.checks }}