burn/.github/workflows/dependencies.yml

name: dependencies

on:
  schedule:
    - cron: '0 21 * * TUE' # Run every Tuesday at 21:00 (UTC)
  push:
    tags:
      - 'v*.*.*' # Run when a new version is being published

env:
  #
  # Dependency versioning
  #

  # Udeps version
  UDEPS_VERSION: "0.1.143"

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

jobs:
  dependencies:
    runs-on: ubuntu-latest

    steps:

      - name: checkout
        uses: actions/checkout@v4

      - name: Audit Rust dependencies
        # If a vulnerability is found, a new issue will automatically be opened
        # since this action runs on main branch
        uses: actions-rust-lang/audit@v1

      - name: Detect multiple versions of the same crate
        uses: EmbarkStudios/cargo-deny-action@v2
        with:
          command: check bans licenses sources

      - name: Install Rust nightly
        uses: dtolnay/rust-toolchain@nightly
        with:
          toolchain: nightly
          components: rustfmt

      - name: Install cargo-udeps
        env:
          UDEPS_LINK: https://github.com/est31/cargo-udeps/releases/download
        run: |
          curl -L "$UDEPS_LINK/v$UDEPS_VERSION/cargo-udeps-v$UDEPS_VERSION-x86_64-unknown-linux-gnu.tar.gz" |
          tar xz -C $HOME/.cargo/bin --strip-components 2

      - name: Run cargo-udeps
        run: |
          cargo +nightly udeps --all-targets
ci/Check dependencies (#895) 2023-11-19 23:35:03 +08:00			`name: dependencies`

			`on:`
Ci/Schedule dependencies checks (#1014) * ci: Add audit file * ci: Schedule dependencies checks * mnist-inference-web: Remove unused dep * Run when a new release is created * Fix comment 2023-12-01 02:06:27 +08:00			`schedule:`
			`- cron: '0 21 * * TUE' # Run every Tuesday at 21:00 (UTC)`
ci/Check dependencies (#895) 2023-11-19 23:35:03 +08:00			`push:`
Ci/Schedule dependencies checks (#1014) * ci: Add audit file * ci: Schedule dependencies checks * mnist-inference-web: Remove unused dep * Run when a new release is created * Fix comment 2023-12-01 02:06:27 +08:00			`tags:`
Ci/Improve scheduled tasks (#1028) 2023-12-12 22:42:33 +08:00			`- 'v..*' # Run when a new version is being published`
ci/Check dependencies (#895) 2023-11-19 23:35:03 +08:00
ci: Move software versions in a single point (#1235) 2024-02-06 23:06:12 +08:00			`env:`
			`#`
			`# Dependency versioning`
			`#`

			`# Udeps version`
			`UDEPS_VERSION: "0.1.143"`

ci/Check dependencies (#895) 2023-11-19 23:35:03 +08:00			`concurrency:`
			`group: ${{ github.workflow }}-${{ github.ref }}`
			`cancel-in-progress: true`

			`jobs:`
			`dependencies:`
			`runs-on: ubuntu-latest`

			`steps:`

			`- name: checkout`
			`uses: actions/checkout@v4`

			`- name: Audit Rust dependencies`
Ci/Improve scheduled tasks (#1028) 2023-12-12 22:42:33 +08:00			`# If a vulnerability is found, a new issue will automatically be opened`
			`# since this action runs on main branch`
ci/Check dependencies (#895) 2023-11-19 23:35:03 +08:00			`uses: actions-rust-lang/audit@v1`

			`- name: Detect multiple versions of the same crate`
Combined PRs (#2108) * Bump serde_json from 1.0.121 to 1.0.122 Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.121 to 1.0.122. - [Release notes](https://github.com/serde-rs/json/releases) - [Commits](https://github.com/serde-rs/json/compare/v1.0.121...v1.0.122) --- updated-dependencies: - dependency-name: serde_json dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump regex from 1.10.5 to 1.10.6 Bumps [regex](https://github.com/rust-lang/regex) from 1.10.5 to 1.10.6. - [Release notes](https://github.com/rust-lang/regex/releases) - [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md) - [Commits](https://github.com/rust-lang/regex/compare/1.10.5...1.10.6) --- updated-dependencies: - dependency-name: regex dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump wgpu from 22.0.0 to 22.1.0 Bumps [wgpu](https://github.com/gfx-rs/wgpu) from 22.0.0 to 22.1.0. - [Release notes](https://github.com/gfx-rs/wgpu/releases) - [Changelog](https://github.com/gfx-rs/wgpu/blob/wgpu-v22.1.0/CHANGELOG.md) - [Commits](https://github.com/gfx-rs/wgpu/compare/wgpu-v22.0.0...wgpu-v22.1.0) --- updated-dependencies: - dependency-name: wgpu dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump tempfile from 3.10.1 to 3.11.0 Bumps [tempfile](https://github.com/Stebalien/tempfile) from 3.10.1 to 3.11.0. - [Changelog](https://github.com/Stebalien/tempfile/blob/master/CHANGELOG.md) - [Commits](https://github.com/Stebalien/tempfile/compare/v3.10.1...v3.11.0) --- updated-dependencies: - dependency-name: tempfile dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump flate2 from 1.0.30 to 1.0.31 Bumps [flate2](https://github.com/rust-lang/flate2-rs) from 1.0.30 to 1.0.31. - [Release notes](https://github.com/rust-lang/flate2-rs/releases) - [Commits](https://github.com/rust-lang/flate2-rs/commits) --- updated-dependencies: - dependency-name: flate2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump EmbarkStudios/cargo-deny-action from 1 to 2 Bumps [EmbarkStudios/cargo-deny-action](https://github.com/embarkstudios/cargo-deny-action) from 1 to 2. - [Release notes](https://github.com/embarkstudios/cargo-deny-action/releases) - [Commits](https://github.com/embarkstudios/cargo-deny-action/compare/v1...v2) --- updated-dependencies: - dependency-name: EmbarkStudios/cargo-deny-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> 2024-08-05 23:43:58 +08:00			`uses: EmbarkStudios/cargo-deny-action@v2`
ci/Check dependencies (#895) 2023-11-19 23:35:03 +08:00			`with:`
			`command: check bans licenses sources`

			`- name: Install Rust nightly`
			`uses: dtolnay/rust-toolchain@nightly`
			`with:`
			`toolchain: nightly`
			`components: rustfmt`

Ci/Schedule dependencies checks (#1014) * ci: Add audit file * ci: Schedule dependencies checks * mnist-inference-web: Remove unused dep * Run when a new release is created * Fix comment 2023-12-01 02:06:27 +08:00			`- name: Install cargo-udeps`
			`env:`
			`UDEPS_LINK: https://github.com/est31/cargo-udeps/releases/download`
			`run: \|`
ci: Move software versions in a single point (#1235) 2024-02-06 23:06:12 +08:00			`curl -L "$UDEPS_LINK/v$UDEPS_VERSION/cargo-udeps-v$UDEPS_VERSION-x86_64-unknown-linux-gnu.tar.gz" \|`
Ci/Schedule dependencies checks (#1014) * ci: Add audit file * ci: Schedule dependencies checks * mnist-inference-web: Remove unused dep * Run when a new release is created * Fix comment 2023-12-01 02:06:27 +08:00			`tar xz -C $HOME/.cargo/bin --strip-components 2`

			`- name: Run cargo-udeps`
			`run: \|`
			`cargo +nightly udeps --all-targets`