Check dependencies more exhaustively, using cargo-deny

2023-04-07 21:23:47 +02:00
parent 1229fa4461
commit 2d23af2f98
3 changed files with 104 additions and 20 deletions
--- a/.github/workflows/audit.yml
+++ b/.github/workflows/audit.yml
@@ -1,20 +0,0 @@
-name: Dependencies
-
-env:
-  CARGO_TERM_COLOR: always
-
-on:
-  schedule:
-    # every monday at 4AM (UTC?)
-    - cron: '0 4 * * 1'
-jobs:
-  audit:
-    name: Security Audit
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout repo
-        uses: actions/checkout@v2
-
-      - uses: actions-rs/audit-check@v1
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
--- a/.github/workflows/deps.yml
+++ b/.github/workflows/deps.yml
@@ -0,0 +1,35 @@
+name: Dependencies
+
+env:
+  CARGO_TERM_COLOR: always
+
+on:
+  schedule:
+    # every monday at 4AM (UTC?)
+    - cron: '0 4 * * 1'
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  bans-licenses-sources:
+    name: Bans, Licenses, Sources
+    runs-on: ubuntu-latest
+    if: github.event.name != 'schedule'
+
+    steps:
+      - uses: actions/checkout@v3
+      - uses: EmbarkStudios/cargo-deny-action@v1
+        with:
+          command: check bans licenses sources
+
+  advisories:
+    name: Advisories
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v3
+      - uses: EmbarkStudios/cargo-deny-action@v1
+        with:
+          command: check advisories