From e81493d2f67aea131b8e60920e67c38e139aa790 Mon Sep 17 00:00:00 2001 From: silas <95582913+silas-x@users.noreply.github.com> Date: Fri, 8 Apr 2022 18:28:50 +0100 Subject: [PATCH 1/4] add dependabot --- .github/dependabot.yml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 000000000..0462c5b03 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,27 @@ +version: 2 +updates: + - package-ecosystem: 'cargo' + directory: 'programs/mango-v4' + schedule: + interval: 'daily' + allow: + - dependency-type: 'direct' + commit-message: + prefix: 'v4' + open-pull-requests-limit: 5 + label: + - 'cargo' + - 'dependency' + + - package-ecosystem: 'cargo' + directory: 'programs/margin-trade' + schedule: + interval: 'daily' + allow: + - dependency-type: 'direct' + commit-message: + prefix: 'margin' + open-pull-requests-limit: 5 + label: + - 'cargo' + - 'dependency' From 1d9619a4ce28fe59db70de61b87158e9010d4a1b Mon Sep 17 00:00:00 2001 From: silas <95582913+silas-x@users.noreply.github.com> Date: Fri, 8 Apr 2022 18:35:31 +0100 Subject: [PATCH 2/4] syntax fix for labels --- .github/dependabot.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 0462c5b03..02b10fdc1 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -9,7 +9,7 @@ updates: commit-message: prefix: 'v4' open-pull-requests-limit: 5 - label: + labels: - 'cargo' - 'dependency' @@ -22,6 +22,6 @@ updates: commit-message: prefix: 'margin' open-pull-requests-limit: 5 - label: + labels: - 'cargo' - 'dependency' From 070eea343977159e63b81d861fd52288045523f1 Mon Sep 17 00:00:00 2001 From: silas <95582913+silas-x@users.noreply.github.com> Date: Fri, 8 Apr 2022 18:40:43 +0100 Subject: [PATCH 3/4] skip Soteria on dependabot change --- .github/workflows/ci-soteria.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ci-soteria.yml b/.github/workflows/ci-soteria.yml index 69c5d6df4..8ffd82afe 100644 --- a/.github/workflows/ci-soteria.yml +++ b/.github/workflows/ci-soteria.yml @@ -13,6 +13,7 @@ jobs: build: name: Soteria runs-on: ubuntu-latest + if: (github.actor != 'dependabot[bot]') steps: - name: Check-out repo uses: actions/checkout@v2 From 0f9b123fc7d37000e0c0caa7d90631786589c01f Mon Sep 17 00:00:00 2001 From: silas <95582913+silas-x@users.noreply.github.com> Date: Fri, 8 Apr 2022 18:43:14 +0100 Subject: [PATCH 4/4] tidy up comments --- .github/workflows/ci-cargo-audit.yml | 32 +++++----------------------- 1 file changed, 5 insertions(+), 27 deletions(-) diff --git a/.github/workflows/ci-cargo-audit.yml b/.github/workflows/ci-cargo-audit.yml index d56c23d1e..532ef2766 100644 --- a/.github/workflows/ci-cargo-audit.yml +++ b/.github/workflows/ci-cargo-audit.yml @@ -1,45 +1,23 @@ -# CI job for scanning Cargo dependencies for vulnerabilities and report/fail job based on criticality. -# Critically vulnerable dependencies with fix available will mark the run as failed (X) -name: Rust Cargo Audit +name: Cargo Audit on: push: branches: master pull_request: - # Allowing manual runs with ability to choose branch - workflow_dispatch: - - # Optimisation option by targeting direct paths to only scan when there are changes to dependencies in the push/PR - # push: - # paths: - # - 'Cargo.toml' - # - 'Cargo.lock' - # pull_request: - # paths: - # - 'Cargo.toml' - # - 'Cargo.lock' - - # Example of running scheduled scans at 6AM UTC every Monday to regularly check for vulnerable dependencies - # schedule: - # - cron: '0 6 * * 1' - -# Run the job jobs: - Cargo-audit: - name: Cargo Vulnerability Scanner + cargo-audit: + name: Cargo Audit runs-on: ubuntu-latest steps: - # Check out GitHub repo - uses: actions/checkout@v2 - - # Install cargo audit + - name: Install Cargo Audit uses: actions-rs/install@v0.1 with: crate: cargo-audit version: latest - # Run cargo audit using args from .cargo/audit.toml (ignores, etc.) + # Run cargo audit using args from .cargo/audit.toml - name: Run Cargo Audit run: cargo audit -c always