Merge pull request #35 from blockworks-foundation/feat/depbot
add dependabot
This commit is contained in:
commit
535429bf3f
|
@ -0,0 +1,27 @@
|
||||||
|
version: 2
|
||||||
|
updates:
|
||||||
|
- package-ecosystem: 'cargo'
|
||||||
|
directory: 'programs/mango-v4'
|
||||||
|
schedule:
|
||||||
|
interval: 'daily'
|
||||||
|
allow:
|
||||||
|
- dependency-type: 'direct'
|
||||||
|
commit-message:
|
||||||
|
prefix: 'v4'
|
||||||
|
open-pull-requests-limit: 5
|
||||||
|
labels:
|
||||||
|
- 'cargo'
|
||||||
|
- 'dependency'
|
||||||
|
|
||||||
|
- package-ecosystem: 'cargo'
|
||||||
|
directory: 'programs/margin-trade'
|
||||||
|
schedule:
|
||||||
|
interval: 'daily'
|
||||||
|
allow:
|
||||||
|
- dependency-type: 'direct'
|
||||||
|
commit-message:
|
||||||
|
prefix: 'margin'
|
||||||
|
open-pull-requests-limit: 5
|
||||||
|
labels:
|
||||||
|
- 'cargo'
|
||||||
|
- 'dependency'
|
|
@ -1,45 +1,23 @@
|
||||||
# CI job for scanning Cargo dependencies for vulnerabilities and report/fail job based on criticality.
|
name: Cargo Audit
|
||||||
# Critically vulnerable dependencies with fix available will mark the run as failed (X)
|
|
||||||
name: Rust Cargo Audit
|
|
||||||
|
|
||||||
on:
|
on:
|
||||||
push:
|
push:
|
||||||
branches: master
|
branches: master
|
||||||
pull_request:
|
pull_request:
|
||||||
|
|
||||||
# Allowing manual runs with ability to choose branch
|
|
||||||
workflow_dispatch:
|
|
||||||
|
|
||||||
# Optimisation option by targeting direct paths to only scan when there are changes to dependencies in the push/PR
|
|
||||||
# push:
|
|
||||||
# paths:
|
|
||||||
# - 'Cargo.toml'
|
|
||||||
# - 'Cargo.lock'
|
|
||||||
# pull_request:
|
|
||||||
# paths:
|
|
||||||
# - 'Cargo.toml'
|
|
||||||
# - 'Cargo.lock'
|
|
||||||
|
|
||||||
# Example of running scheduled scans at 6AM UTC every Monday to regularly check for vulnerable dependencies
|
|
||||||
# schedule:
|
|
||||||
# - cron: '0 6 * * 1'
|
|
||||||
|
|
||||||
# Run the job
|
|
||||||
jobs:
|
jobs:
|
||||||
Cargo-audit:
|
cargo-audit:
|
||||||
name: Cargo Vulnerability Scanner
|
name: Cargo Audit
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
# Check out GitHub repo
|
|
||||||
- uses: actions/checkout@v2
|
- uses: actions/checkout@v2
|
||||||
|
|
||||||
# Install cargo audit
|
|
||||||
- name: Install Cargo Audit
|
- name: Install Cargo Audit
|
||||||
uses: actions-rs/install@v0.1
|
uses: actions-rs/install@v0.1
|
||||||
with:
|
with:
|
||||||
crate: cargo-audit
|
crate: cargo-audit
|
||||||
version: latest
|
version: latest
|
||||||
|
|
||||||
# Run cargo audit using args from .cargo/audit.toml (ignores, etc.)
|
# Run cargo audit using args from .cargo/audit.toml
|
||||||
- name: Run Cargo Audit
|
- name: Run Cargo Audit
|
||||||
run: cargo audit -c always
|
run: cargo audit -c always
|
||||||
|
|
|
@ -13,6 +13,7 @@ jobs:
|
||||||
build:
|
build:
|
||||||
name: Soteria
|
name: Soteria
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
|
if: (github.actor != 'dependabot[bot]')
|
||||||
steps:
|
steps:
|
||||||
- name: Check-out repo
|
- name: Check-out repo
|
||||||
uses: actions/checkout@v2
|
uses: actions/checkout@v2
|
||||||
|
|
Loading…
Reference in New Issue