burn/.github/workflows/dependencies.yml

57 lines
1.4 KiB
YAML
Raw Permalink Normal View History

2023-11-19 23:35:03 +08:00
name: dependencies
on:
schedule:
- cron: '0 21 * * TUE' # Run every Tuesday at 21:00 (UTC)
2023-11-19 23:35:03 +08:00
push:
tags:
2023-12-12 22:42:33 +08:00
- 'v*.*.*' # Run when a new version is being published
2023-11-19 23:35:03 +08:00
env:
#
# Dependency versioning
#
# Udeps version
UDEPS_VERSION: "0.1.143"
2023-11-19 23:35:03 +08:00
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
dependencies:
runs-on: ubuntu-latest
steps:
- name: checkout
uses: actions/checkout@v4
- name: Audit Rust dependencies
2023-12-12 22:42:33 +08:00
# If a vulnerability is found, a new issue will automatically be opened
# since this action runs on main branch
2023-11-19 23:35:03 +08:00
uses: actions-rust-lang/audit@v1
- name: Detect multiple versions of the same crate
Combined PRs (#2108) * Bump serde_json from 1.0.121 to 1.0.122 Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.121 to 1.0.122. - [Release notes](https://github.com/serde-rs/json/releases) - [Commits](https://github.com/serde-rs/json/compare/v1.0.121...v1.0.122) --- updated-dependencies: - dependency-name: serde_json dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump regex from 1.10.5 to 1.10.6 Bumps [regex](https://github.com/rust-lang/regex) from 1.10.5 to 1.10.6. - [Release notes](https://github.com/rust-lang/regex/releases) - [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md) - [Commits](https://github.com/rust-lang/regex/compare/1.10.5...1.10.6) --- updated-dependencies: - dependency-name: regex dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump wgpu from 22.0.0 to 22.1.0 Bumps [wgpu](https://github.com/gfx-rs/wgpu) from 22.0.0 to 22.1.0. - [Release notes](https://github.com/gfx-rs/wgpu/releases) - [Changelog](https://github.com/gfx-rs/wgpu/blob/wgpu-v22.1.0/CHANGELOG.md) - [Commits](https://github.com/gfx-rs/wgpu/compare/wgpu-v22.0.0...wgpu-v22.1.0) --- updated-dependencies: - dependency-name: wgpu dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump tempfile from 3.10.1 to 3.11.0 Bumps [tempfile](https://github.com/Stebalien/tempfile) from 3.10.1 to 3.11.0. - [Changelog](https://github.com/Stebalien/tempfile/blob/master/CHANGELOG.md) - [Commits](https://github.com/Stebalien/tempfile/compare/v3.10.1...v3.11.0) --- updated-dependencies: - dependency-name: tempfile dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump flate2 from 1.0.30 to 1.0.31 Bumps [flate2](https://github.com/rust-lang/flate2-rs) from 1.0.30 to 1.0.31. - [Release notes](https://github.com/rust-lang/flate2-rs/releases) - [Commits](https://github.com/rust-lang/flate2-rs/commits) --- updated-dependencies: - dependency-name: flate2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump EmbarkStudios/cargo-deny-action from 1 to 2 Bumps [EmbarkStudios/cargo-deny-action](https://github.com/embarkstudios/cargo-deny-action) from 1 to 2. - [Release notes](https://github.com/embarkstudios/cargo-deny-action/releases) - [Commits](https://github.com/embarkstudios/cargo-deny-action/compare/v1...v2) --- updated-dependencies: - dependency-name: EmbarkStudios/cargo-deny-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2024-08-05 23:43:58 +08:00
uses: EmbarkStudios/cargo-deny-action@v2
2023-11-19 23:35:03 +08:00
with:
command: check bans licenses sources
- name: Install Rust nightly
uses: dtolnay/rust-toolchain@nightly
with:
toolchain: nightly
components: rustfmt
- name: Install cargo-udeps
env:
UDEPS_LINK: https://github.com/est31/cargo-udeps/releases/download
run: |
curl -L "$UDEPS_LINK/v$UDEPS_VERSION/cargo-udeps-v$UDEPS_VERSION-x86_64-unknown-linux-gnu.tar.gz" |
tar xz -C $HOME/.cargo/bin --strip-components 2
- name: Run cargo-udeps
run: |
cargo +nightly udeps --all-targets