actions-rust-lang/audit
1
0
Fork 0
mirror of https://github.com/actions-rust-lang/audit.git synced 2025-12-27 01:43:48 -05:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: actions-rust-lang:v1.1
Branches Tags
actions-rust-lang:main actions-rust-lang:pre-commit-ci-update-config
actions-rust-lang:v1.2.6 actions-rust-lang:v1 actions-rust-lang:v1.2 actions-rust-lang:v1.2.5 actions-rust-lang:v1.2.4 actions-rust-lang:v1.2.3 actions-rust-lang:v1.2.2 actions-rust-lang:v1.2.1 actions-rust-lang:v1.2.0 actions-rust-lang:v1.1.14 actions-rust-lang:v1.1 actions-rust-lang:v1.1.13 actions-rust-lang:v1.1.12 actions-rust-lang:v1.1.11 actions-rust-lang:v1.1.10 actions-rust-lang:v1.1.9 actions-rust-lang:v1.1.8 actions-rust-lang:v1.1.7 actions-rust-lang:v1.1.6 actions-rust-lang:v1.1.5 actions-rust-lang:v1.1.4 actions-rust-lang:v1.1.3 actions-rust-lang:v1.1.2 actions-rust-lang:v1.1.1 actions-rust-lang:v1.1.0 actions-rust-lang:v1.0 actions-rust-lang:v1.0.1 actions-rust-lang:v1.0.0
...
compare: actions-rust-lang:v1.2.4
Branches Tags
actions-rust-lang:main actions-rust-lang:pre-commit-ci-update-config
actions-rust-lang:v1.2.6 actions-rust-lang:v1 actions-rust-lang:v1.2 actions-rust-lang:v1.2.5 actions-rust-lang:v1.2.4 actions-rust-lang:v1.2.3 actions-rust-lang:v1.2.2 actions-rust-lang:v1.2.1 actions-rust-lang:v1.2.0 actions-rust-lang:v1.1.14 actions-rust-lang:v1.1 actions-rust-lang:v1.1.13 actions-rust-lang:v1.1.12 actions-rust-lang:v1.1.11 actions-rust-lang:v1.1.10 actions-rust-lang:v1.1.9 actions-rust-lang:v1.1.8 actions-rust-lang:v1.1.7 actions-rust-lang:v1.1.6 actions-rust-lang:v1.1.5 actions-rust-lang:v1.1.4 actions-rust-lang:v1.1.3 actions-rust-lang:v1.1.2 actions-rust-lang:v1.1.1 actions-rust-lang:v1.1.0 actions-rust-lang:v1.0 actions-rust-lang:v1.0.1 actions-rust-lang:v1.0.0

77 Commits
v1.1 ... v1.2.4

Author SHA1 Message Date
Jonas Bushart
579aeab71c Update cargo audit to 0.21.2 2025-03-03 21:34:36 +01:00
Jonas Bushart
0a7806b229 Merge pull request #105 from actions-rust-lang/pre-commit-ci-update-config 
[pre-commit.ci] pre-commit autoupdate
 2025-03-03 18:33:26 +01:00
pre-commit-ci[bot]
4fb4af0611 [pre-commit.ci] pre-commit autoupdate 
updates:
- [github.com/PyCQA/isort: 6.0.0 → 6.0.1](https://github.com/PyCQA/isort/compare/6.0.0...6.0.1)
 2025-03-03 17:19:00 +00:00
Jonas Bushart
1aae8517bc Merge pull request #104 from actions-rust-lang/pre-commit-ci-update-config 2025-02-24 19:21:08 +01:00
pre-commit-ci[bot]
202eeee8b4 [pre-commit.ci] pre-commit autoupdate 
updates:
- [github.com/python-jsonschema/check-jsonschema: 0.31.1 → 0.31.2](https://github.com/python-jsonschema/check-jsonschema/compare/0.31.1...0.31.2)
 2025-02-24 17:11:08 +00:00
Jonas Bushart
34bae80559 Merge pull request #103 from actions-rust-lang/pre-commit-ci-update-config 
[pre-commit.ci] pre-commit autoupdate
 2025-02-10 21:47:41 +01:00
pre-commit-ci[bot]
23dacfdca9 [pre-commit.ci] pre-commit autoupdate 
updates:
- [github.com/pre-commit/mirrors-mypy: v1.14.1 → v1.15.0](https://github.com/pre-commit/mirrors-mypy/compare/v1.14.1...v1.15.0)
 2025-02-10 17:31:28 +00:00
Jonas Bushart
dafa32a4e4 Merge pull request #102 from actions-rust-lang/pre-commit-ci-update-config 
[pre-commit.ci] pre-commit autoupdate
 2025-02-03 19:22:02 +01:00
pre-commit-ci[bot]
06105d122a [pre-commit.ci] pre-commit autoupdate 
updates:
- [github.com/psf/black: 24.10.0 → 25.1.0](https://github.com/psf/black/compare/24.10.0...25.1.0)
- [github.com/PyCQA/isort: 5.13.2 → 6.0.0](https://github.com/PyCQA/isort/compare/5.13.2...6.0.0)
- [github.com/python-jsonschema/check-jsonschema: 0.31.0 → 0.31.1](https://github.com/python-jsonschema/check-jsonschema/compare/0.31.0...0.31.1)
 2025-02-03 17:40:45 +00:00
Jonas Bushart
af2ca4abcf Merge pull request #101 from actions-rust-lang/pre-commit-ci-update-config 2025-01-15 18:19:25 +01:00
pre-commit-ci[bot]
de806b6f80 [pre-commit.ci] pre-commit autoupdate 
updates:
- [github.com/python-jsonschema/check-jsonschema: 0.30.0 → 0.31.0](https://github.com/python-jsonschema/check-jsonschema/compare/0.30.0...0.31.0)
 2025-01-13 17:30:39 +00:00
Jonas Bushart
e12665dbfb Merge pull request #100 from actions-rust-lang/pre-commit-ci-update-config 
[pre-commit.ci] pre-commit autoupdate
 2025-01-06 19:18:09 +01:00
pre-commit-ci[bot]
fdc8c6b8ea [pre-commit.ci] pre-commit autoupdate 
updates:
- [github.com/pre-commit/mirrors-mypy: v1.14.0 → v1.14.1](https://github.com/pre-commit/mirrors-mypy/compare/v1.14.0...v1.14.1)
 2025-01-06 17:40:28 +00:00
Jonas Bushart
42ea4d34ab Merge pull request #99 from actions-rust-lang/pre-commit-ci-update-config 2024-12-23 18:55:47 +01:00
pre-commit-ci[bot]
b4380b6dac [pre-commit.ci] pre-commit autoupdate 
updates:
- [github.com/asottile/pyupgrade: v3.19.0 → v3.19.1](https://github.com/asottile/pyupgrade/compare/v3.19.0...v3.19.1)
- [github.com/pre-commit/mirrors-mypy: v1.13.0 → v1.14.0](https://github.com/pre-commit/mirrors-mypy/compare/v1.13.0...v1.14.0)
 2024-12-23 17:35:08 +00:00
Jonas Bushart
96e0e19d75 Add Changelog entry for new version 2024-12-17 23:41:46 +01:00
Jonas Bushart
d57b2706e6 Some cleanups and typo fixes 2024-12-17 23:41:37 +01:00
Jonas Bushart
6028f82778 Show a better error message when running "cargo audit" fails 
Instead of showing a JSONDecodeError print the exit code, stdout, and
stderr visible in the output.

Closes #98
 2024-12-17 23:31:44 +01:00
Jonas Bushart
5bcf9487c7 Merge pull request #97 from actions-rust-lang/pre-commit-ci-update-config 
[pre-commit.ci] pre-commit autoupdate
 2024-12-02 20:07:21 +01:00
pre-commit-ci[bot]
165f86c1a6 [pre-commit.ci] pre-commit autoupdate 
updates:
- [github.com/python-jsonschema/check-jsonschema: 0.29.4 → 0.30.0](https://github.com/python-jsonschema/check-jsonschema/compare/0.29.4...0.30.0)
 2024-12-02 17:39:23 +00:00
Jonas Bushart
5c5da92c03 Update cargo-audit to 0.21.0 2024-11-06 22:21:55 +01:00
Jonas Bushart
17d62dc82d Merge pull request #96 from actions-rust-lang/pre-commit-ci-update-config 2024-10-29 00:02:23 +01:00
pre-commit-ci[bot]
733aff2088 [pre-commit.ci] pre-commit autoupdate 
updates:
- [github.com/asottile/pyupgrade: v3.18.0 → v3.19.0](https://github.com/asottile/pyupgrade/compare/v3.18.0...v3.19.0)
- [github.com/pre-commit/mirrors-mypy: v1.12.1 → v1.13.0](https://github.com/pre-commit/mirrors-mypy/compare/v1.12.1...v1.13.0)
 2024-10-28 17:41:22 +00:00
Jonas Bushart
95e05e5d8e Merge pull request #95 from actions-rust-lang/pre-commit-ci-update-config 2024-10-21 22:30:53 +02:00
pre-commit-ci[bot]
969643f199 [pre-commit.ci] pre-commit autoupdate 
updates:
- [github.com/pre-commit/mirrors-mypy: v1.11.2 → v1.12.1](https://github.com/pre-commit/mirrors-mypy/compare/v1.11.2...v1.12.1)
 2024-10-21 17:36:32 +00:00
Jonas Bushart
7614934373 Merge pull request #94 from actions-rust-lang/pre-commit-ci-update-config 
[pre-commit.ci] pre-commit autoupdate
 2024-10-15 08:17:37 +02:00
pre-commit-ci[bot]
946808f018 [pre-commit.ci] pre-commit autoupdate 
updates:
- [github.com/psf/black: 24.8.0 → 24.10.0](https://github.com/psf/black/compare/24.8.0...24.10.0)
- [github.com/asottile/pyupgrade: v3.17.0 → v3.18.0](https://github.com/asottile/pyupgrade/compare/v3.17.0...v3.18.0)
- [github.com/python-jsonschema/check-jsonschema: 0.29.3 → 0.29.4](https://github.com/python-jsonschema/check-jsonschema/compare/0.29.3...0.29.4)
 2024-10-14 17:40:00 +00:00
Jonas Bushart
1fcfd212ac List dependencies in readme 2024-10-11 19:46:47 +02:00
Jonas Bushart
d26dd44917 Merge pull request #92 from actions-rust-lang/pre-commit-ci-update-config 2024-10-07 20:25:07 +02:00
pre-commit-ci[bot]
645e2942e8 [pre-commit.ci] pre-commit autoupdate 
updates:
- [github.com/pre-commit/pre-commit-hooks: v4.6.0 → v5.0.0](https://github.com/pre-commit/pre-commit-hooks/compare/v4.6.0...v5.0.0)
 2024-10-07 18:01:30 +00:00
Jonas Bushart
965b6233a3 Merge pull request #91 from actions-rust-lang/pre-commit-ci-update-config 2024-09-30 19:42:14 +02:00
pre-commit-ci[bot]
9fe902be91 [pre-commit.ci] pre-commit autoupdate 
updates:
- [github.com/pre-commit/mirrors-mypy: v1.11.1 → v1.11.2](https://github.com/pre-commit/mirrors-mypy/compare/v1.11.1...v1.11.2)
- [github.com/python-jsonschema/check-jsonschema: 0.29.1 → 0.29.3](https://github.com/python-jsonschema/check-jsonschema/compare/0.29.1...0.29.3)
 2024-09-30 17:34:43 +00:00
Jonas Bushart
94cd57b0d8 Merge pull request #90 from actions-rust-lang/pre-commit-ci-update-config 2024-08-05 20:15:11 +02:00
pre-commit-ci[bot]
5330a4041e [pre-commit.ci] pre-commit autoupdate 
updates:
- [github.com/psf/black: 24.4.2 → 24.8.0](https://github.com/psf/black/compare/24.4.2...24.8.0)
- [github.com/pre-commit/mirrors-mypy: v1.11.0 → v1.11.1](https://github.com/pre-commit/mirrors-mypy/compare/v1.11.0...v1.11.1)
 2024-08-05 17:41:54 +00:00
Jonas Bushart
531fba54da Merge pull request #89 from actions-rust-lang/remove-locked 2024-07-31 23:47:42 +02:00
Jonas Bushart
31383575a9 Update changelog 2024-07-31 23:42:54 +02:00
Jonas Bushart
e2ad894c8f Install cargo-audit without locked 2024-07-31 23:36:29 +02:00
Jonas Bushart
e4b4ec6817 Add missing changelog entry for 1.2.0 2024-07-31 23:27:02 +02:00
Jonas Bushart
b0169fdb1a Merge pull request #87 from actions-rust-lang/pre-commit-ci-update-config 2024-07-29 23:33:19 +02:00
pre-commit-ci[bot]
de48309832 [pre-commit.ci] pre-commit autoupdate 
updates:
- [github.com/asottile/pyupgrade: v3.16.0 → v3.17.0](https://github.com/asottile/pyupgrade/compare/v3.16.0...v3.17.0)
- [github.com/python-jsonschema/check-jsonschema: 0.29.0 → 0.29.1](https://github.com/python-jsonschema/check-jsonschema/compare/0.29.0...0.29.1)
 2024-07-29 17:35:09 +00:00
Jonas Bushart
f007442857 Merge pull request #86 from actions-rust-lang/pre-commit-ci-update-config 2024-07-22 20:45:50 +02:00
pre-commit-ci[bot]
8a4f84d32b [pre-commit.ci] pre-commit autoupdate 
updates:
- [github.com/pre-commit/mirrors-mypy: v1.10.1 → v1.11.0](https://github.com/pre-commit/mirrors-mypy/compare/v1.10.1...v1.11.0)
 2024-07-22 17:31:48 +00:00
Jonas Bushart
4a6925b10a Merge pull request #85 from actions-rust-lang/pre-commit-ci-update-config 2024-07-15 22:40:17 +02:00
pre-commit-ci[bot]
fae1c3e0b7 [pre-commit.ci] pre-commit autoupdate 
updates:
- [github.com/python-jsonschema/check-jsonschema: 0.28.6 → 0.29.0](https://github.com/python-jsonschema/check-jsonschema/compare/0.28.6...0.29.0)
 2024-07-15 17:31:05 +00:00
Jonas Bushart
7fe0328ae6 Merge pull request #84 from actions-rust-lang/pre-commit-ci-update-config 2024-07-01 20:10:18 +02:00
pre-commit-ci[bot]
e3466a0192 [pre-commit.ci] pre-commit autoupdate 
updates:
- [github.com/pre-commit/mirrors-mypy: v1.10.0 → v1.10.1](https://github.com/pre-commit/mirrors-mypy/compare/v1.10.0...v1.10.1)
 2024-07-01 17:36:58 +00:00
Jonas Bushart
1bedf5d769 Merge pull request #83 from actions-rust-lang/pre-commit-ci-update-config 
[pre-commit.ci] pre-commit autoupdate
 2024-06-24 20:56:11 +02:00
pre-commit-ci[bot]
4ef6a36667 [pre-commit.ci] pre-commit autoupdate 
updates:
- [github.com/python-jsonschema/check-jsonschema: 0.28.5 → 0.28.6](https://github.com/python-jsonschema/check-jsonschema/compare/0.28.5...0.28.6)
 2024-06-24 17:29:25 +00:00
Jonas Bushart
9a5a196eb1 Merge pull request #82 from actions-rust-lang/pre-commit-ci-update-config 2024-06-17 22:34:24 +02:00
pre-commit-ci[bot]
74871ea769 [pre-commit.ci] pre-commit autoupdate 
updates:
- [github.com/python-jsonschema/check-jsonschema: 0.28.4 → 0.28.5](https://github.com/python-jsonschema/check-jsonschema/compare/0.28.4...0.28.5)
 2024-06-17 17:29:22 +00:00
Jonas Bushart
62b30a4d5b Merge pull request #81 from actions-rust-lang/pre-commit-ci-update-config 2024-06-10 20:48:49 +02:00
pre-commit-ci[bot]
fa1f058f19 [pre-commit.ci] pre-commit autoupdate 
updates:
- [github.com/asottile/pyupgrade: v3.15.2 → v3.16.0](https://github.com/asottile/pyupgrade/compare/v3.15.2...v3.16.0)
 2024-06-10 17:31:16 +00:00
Jonas Bushart
1e389b4122 Merge pull request #80 from actions-rust-lang/pre-commit-ci-update-config 
[pre-commit.ci] pre-commit autoupdate
 2024-05-29 12:57:32 +02:00
pre-commit-ci[bot]
a6eeed1940 [pre-commit.ci] pre-commit autoupdate 
updates:
- [github.com/python-jsonschema/check-jsonschema: 0.28.3 → 0.28.4](https://github.com/python-jsonschema/check-jsonschema/compare/0.28.3...0.28.4)
 2024-05-27 17:26:15 +00:00
Jonas Bushart
1ca8cd30ac Merge pull request #79 from actions-rust-lang/pre-commit-ci-update-config 2024-05-13 19:39:29 +02:00
pre-commit-ci[bot]
0ddaadad09 [pre-commit.ci] pre-commit autoupdate 
updates:
- [github.com/python-jsonschema/check-jsonschema: 0.28.2 → 0.28.3](https://github.com/python-jsonschema/check-jsonschema/compare/0.28.2...0.28.3)
 2024-05-13 17:24:26 +00:00
Jonas Bushart
160ac8b6ed Merge pull request #78 from actions-rust-lang/working-directory 2024-05-05 16:26:46 +03:00
Jonas Bushart
b8800a8c21 Add working directory input to configure where cargo audit executes 2024-05-05 15:46:02 +03:00
Jonas Bushart
1010e1e336 Fix spelling 2024-04-30 22:33:03 +02:00
Jonas Bushart
72f0fdca3b Merge pull request #77 from actions-rust-lang/pre-commit-ci-update-config 2024-04-29 22:43:23 +02:00
pre-commit-ci[bot]
cbff13557b [pre-commit.ci] pre-commit autoupdate 
updates:
- [github.com/psf/black: 24.4.0 → 24.4.2](https://github.com/psf/black/compare/24.4.0...24.4.2)
- [github.com/pre-commit/mirrors-mypy: v1.9.0 → v1.10.0](https://github.com/pre-commit/mirrors-mypy/compare/v1.9.0...v1.10.0)
 2024-04-29 17:35:05 +00:00
Jonas Bushart
08bf11f3ea Merge pull request #76 from actions-rust-lang/pre-commit-ci-update-config 2024-04-15 21:55:21 +02:00
pre-commit-ci[bot]
7049db077c [pre-commit.ci] pre-commit autoupdate 
updates:
- [github.com/psf/black: 24.3.0 → 24.4.0](https://github.com/psf/black/compare/24.3.0...24.4.0)
- [github.com/python-jsonschema/check-jsonschema: 0.28.1 → 0.28.2](https://github.com/python-jsonschema/check-jsonschema/compare/0.28.1...0.28.2)
 2024-04-15 17:32:39 +00:00
Jonas Bushart
e8ea165957 Merge pull request #75 from actions-rust-lang/pre-commit-ci-update-config 2024-04-08 23:01:48 +02:00
pre-commit-ci[bot]
1926841165 [pre-commit.ci] pre-commit autoupdate 
updates:
- [github.com/pre-commit/pre-commit-hooks: v4.5.0 → v4.6.0](https://github.com/pre-commit/pre-commit-hooks/compare/v4.5.0...v4.6.0)
 2024-04-08 17:36:39 +00:00
Jonas Bushart
08a60eccbb Merge pull request #74 from actions-rust-lang/pre-commit-ci-update-config 2024-04-01 21:45:01 +02:00
pre-commit-ci[bot]
16af786dc7 [pre-commit.ci] pre-commit autoupdate 
updates:
- [github.com/python-jsonschema/check-jsonschema: 0.28.0 → 0.28.1](https://github.com/python-jsonschema/check-jsonschema/compare/0.28.0...0.28.1)
 2024-04-01 17:27:21 +00:00
Jonas Bushart
ddc21578b3 Merge pull request #72 from lwshang/cargo_install_locked 2024-03-26 10:38:08 +01:00
Jonas Bushart
c37ceabcab Merge pull request #73 from actions-rust-lang/pre-commit-ci-update-config 2024-03-26 10:36:47 +01:00
pre-commit-ci[bot]
342fdff255 [pre-commit.ci] pre-commit autoupdate 
updates:
- [github.com/asottile/pyupgrade: v3.15.1 → v3.15.2](https://github.com/asottile/pyupgrade/compare/v3.15.1...v3.15.2)
 2024-03-25 17:28:08 +00:00
Linwei Shang
b719ea468c feat: add --locked to cargo install cargo-audit 2024-03-22 17:34:49 -04:00
Jonas Bushart
25528f1e0b Merge pull request #70 from actions-rust-lang/pre-commit-ci-update-config 2024-03-18 18:43:54 +01:00
pre-commit-ci[bot]
f4430692fd [pre-commit.ci] pre-commit autoupdate 
updates:
- [github.com/psf/black: 24.2.0 → 24.3.0](https://github.com/psf/black/compare/24.2.0...24.3.0)
 2024-03-18 17:31:08 +00:00
Jonas Bushart
0f2a92891d Merge pull request #69 from actions-rust-lang/pre-commit-ci-update-config 2024-03-12 22:28:59 +01:00
pre-commit-ci[bot]
c248204ea6 [pre-commit.ci] pre-commit autoupdate 
updates:
- [github.com/pre-commit/mirrors-mypy: v1.8.0 → v1.9.0](https://github.com/pre-commit/mirrors-mypy/compare/v1.8.0...v1.9.0)
 2024-03-12 20:13:13 +00:00
Jonas Bushart
e7db852e4a Merge pull request #68 from actions-rust-lang/pre-commit-ci-update-config 2024-02-26 15:32:45 +01:00
pre-commit-ci[bot]
494d723603 [pre-commit.ci] pre-commit autoupdate 
updates:
- [github.com/psf/black: 24.1.1 → 24.2.0](https://github.com/psf/black/compare/24.1.1...24.2.0)
- [github.com/asottile/pyupgrade: v3.15.0 → v3.15.1](https://github.com/asottile/pyupgrade/compare/v3.15.0...v3.15.1)
 2024-02-19 17:33:03 +00:00
5 changed files with 93 additions and 24 deletions
Expand all files Collapse all files

12
.pre-commit-config.yaml
View File

@@ -1,10 +1,10 @@
repos:
- repo: https://github.com/psf/black
rev: 24.1.1
rev: 25.1.0
hooks:
- id: black
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.5.0
rev: v5.0.0
hooks:
- id: check-ast
- id: check-case-conflict
@@ -14,24 +14,24 @@ repos:
- id: end-of-file-fixer
- id: trailing-whitespace
- repo: https://github.com/PyCQA/isort
rev: 5.13.2
rev: 6.0.1
# https://github.com/psf/black/blob/main/docs/guides/using_black_with_other_tools.md
hooks:
- id: isort
args: ["--profile=black"]
- repo: https://github.com/asottile/pyupgrade
rev: v3.15.0
rev: v3.19.1
hooks:
- id: pyupgrade
args: ["--py37-plus"]
- repo: https://github.com/pre-commit/mirrors-mypy
rev: v1.8.0
rev: v1.15.0
hooks:
- id: mypy
additional_dependencies:
- types-requests
- repo: https://github.com/python-jsonschema/check-jsonschema
rev: 0.28.0
rev: 0.31.2
hooks:
- id: check-dependabot
- id: check-github-actions

23
CHANGELOG.md
View File

@@ -7,6 +7,27 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
## [Unreleased]
## [1.2.4] - 2025-03-03
* Update `cargo-audit` to 0.21.2
## [1.2.3] - 2024-12-17
* Show a better error message when running "cargo audit" fails #98
## [1.2.2] - 2024-11-06
* Update `cargo-audit` to 0.21.0
## [1.2.1] - 2024-07-31
* Temporarily remove `--locked` from the install instructions again, since cargo-audit relies on an old version of `time` that is incompatible with Rust 1.80.
## [1.2.0] - 2024-03-05
* feat: add --locked to cargo install cargo-audit by @lwshang in #72
* Add working directory input to configure where cargo audit executes by @jonasbb in #78
## [1.1.14] - 2024-02-18
* Update `cargo-audit` to 0.20.0
@@ -22,7 +43,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
## [1.1.11] - 2024-01-18
* Allow specifying the path to the `Cargo.lock` file, in case it is not in the root of the repository (#55)
* Update the example in the readme, to have the correct permissions for private repositories.
* Update the example in the README, to have the correct permissions for private repositories.
## [1.1.10] - 2023-11-02

31
README.md
View File

@@ -1,6 +1,6 @@
# Audit Rust dependencies using the RustSec Advisory DB
Audit your Rust dependencies using [cargo audit] and the [RustSec Advisory DB]. The action creates a summary with all vulnerabilieties. It can create issues for each of the found vulnerabilities.
Audit your Rust dependencies using [cargo audit] and the [RustSec Advisory DB]. The action creates a summary with all vulnerabilities. It can create issues for each of the found vulnerabilities.
Execution Summary:
@@ -44,18 +44,31 @@ jobs:
## Inputs
All inputs are optional.
Consider adding a [`audit.toml` configuration file] to your repository for further configurations.
Consider adding an [`audit.toml` configuration file] to your repository for further configurations.
cargo audit supports multiple warning types, such as unsound code or yanked crates.
Configuration is only possible via the `informational_warnings` parameter in the configuration file ([#318](https://github.com/rustsec/rustsec/issues/318)).
Setting `denyWarnings` to true will also enable these warnings, but each warning is upgraded to an error.
| Name | Description | Default |
| -------------- | ------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------ |
| `TOKEN` | The GitHub access token to allow us to retrieve, create and update issues (automatically set). | `github.token` |
| `denyWarnings` | Any warnings generated will be treated as an error and fail the action. | false |
| `file` | The path to the Cargo.lock file. | |
| `ignore` | A comma separated list of Rustsec IDs to ignore. | |
| `createIssues` | Create/Update issues for each found vulnerability. By default only on `main` or `master` branch. | `github.ref == 'refs/heads/master' \|\| github.ref == 'refs/heads/main'` |
| Name | Description | Default |
| ------------------ | ------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------ |
| `TOKEN` | The GitHub access token to allow us to retrieve, create and update issues (automatically set). | `github.token` |
| `denyWarnings` | Any warnings generated will be treated as an error and fail the action. | false |
| `file` | The path to the Cargo.lock file to inspect file. | |
| `ignore` | A comma separated list of Rustsec IDs to ignore. | |
| `createIssues` | Create/Update issues for each found vulnerability. By default only on `main` or `master` branch. | `github.ref == 'refs/heads/master' \|\| github.ref == 'refs/heads/main'` |
| `workingDirectory` | Run `cargo audit` from the given working directory | |
## Dependencies
The action works best on the GitHub-hosted runners, but can work on self-hosted ones too, provided the necessary dependencies are available.
PRs to add support for more environments are welcome.
* bash
* Python 3.9+
* requests
* Rust stable
* cargo
* use node actions
## License

11
action.yml
View File

@@ -15,7 +15,7 @@ inputs:
required: false
default: "false"
file:
description: "Cargo lockfile to inspect"
description: "The path to the Cargo.lock file to inspect"
required: false
default: ""
ignore:
@@ -26,6 +26,10 @@ inputs:
description: Create/Update issues for each found vulnerability.
required: false
default: "${{ github.ref == 'refs/heads/master' || github.ref == 'refs/heads/main' }}"
workingDirectory:
description: "Run `cargo audit` from the given working directory"
required: false
default: ""
runs:
using: composite
@@ -41,12 +45,12 @@ runs:
${{ steps.cargo-home.outputs.cargohome }}/bin/cargo-audit*
${{ steps.cargo-home.outputs.cargohome }}/.crates.toml
${{ steps.cargo-home.outputs.cargohome }}/.crates2.json
key: cargo-audit-v0.20.0
key: cargo-audit-v0.21.2
- name: Install cargo-audit
if: steps.cache.outputs.cache-hit != 'true'
# Update both this version number and the cache key
run: cargo install cargo-audit --vers 0.20.0 --no-default-features
run: cargo install cargo-audit --vers 0.21.2 --no-default-features
shell: bash
- run: |
@@ -59,5 +63,6 @@ runs:
INPUT_FILE: ${{ inputs.file }}
INPUT_IGNORE: ${{ inputs.ignore }}
INPUT_TOKEN: ${{ inputs.TOKEN }}
INPUT_WORKING_DIRECTORY: ${{ inputs.workingDirectory }}
PYTHONPATH: ${{ github.action_path }}
REPO: ${{ github.repository }}

40
audit.py
View File

@@ -7,18 +7,32 @@ from typing import Any, Dict, List, Optional, Union
import requests
# GitHub API CLient copied and adapted from
# GitHub API Client copied and adapted from
# https://github.com/alstr/todo-to-issue-action/blob/25c80e9c4999d107bec208af49974d329da26370/main.py
# Originally licensed under MIT license
# Timeout in seconds for requests methods
TIMEOUT = 30
"""Timeout in seconds for requests methods"""
NEWLINE = "\n"
"""Definition of newline"""
def debug(message: str) -> None:
"""Print a debug message to the GitHub Action log"""
newline = "\n"
print(f"""::debug::{message.replace(newline, " ")}""")
print(f"""::debug::{message.replace(NEWLINE, " ")}""")
def error(message: str) -> None:
"""Print an error message to the GitHub Action log"""
print(f"""::error::{message.replace(NEWLINE, " ")}""")
def group(title: str, message: str) -> None:
"""Print an expandable group message to the GitHub Action log"""
print(f"::group::{title}")
print(message)
print("::endgroup::")
class Issue:
@@ -404,10 +418,15 @@ def run() -> None:
extra_args.append("--file")
extra_args.append(os.environ["INPUT_FILE"])
working_directory = None
if os.environ["INPUT_WORKING_DIRECTORY"] != "":
working_directory = os.environ["INPUT_WORKING_DIRECTORY"]
audit_cmd = ["cargo", "audit", "--json"] + extra_args + ignore_args
debug(f"Running command: {audit_cmd}")
completed = subprocess.run(
audit_cmd,
cwd=working_directory,
capture_output=True,
text=True,
check=False,
@@ -415,7 +434,18 @@ def run() -> None:
debug(f"Command return code: {completed.returncode}")
debug(f"Command output: {completed.stdout}")
debug(f"Command error: {completed.stderr}")
data = json.loads(completed.stdout)
try:
data = json.loads(completed.stdout)
except json.decoder.JSONDecodeError as _:
error(
f"cargo audit did not produce any JSON output. Exit code: {completed.returncode}"
)
group(
"cargo audit output",
f"""stdout:\n{completed.stdout}\n\n\nstderr:\n{completed.stderr}""",
)
sys.exit(2)
summary = create_summary(data)
entries = create_entries(data)