Skip to content

adding system dependencies #23

adding system dependencies

adding system dependencies #23

Workflow file for this run

name: Code Scan
on:
push:
branches:
- main
pull_request:
branches:
- main
schedule:
- cron: '0 12 * * 1'
workflow_dispatch:
permissions:
contents: write
security-events: write # for codeQL to write security events
jobs:
fossa:
name: FOSSA
# Needs access to the FOSSA API key secret, so don't run on pull request events
if: ${{ ! github.event_name == 'pull_request' }}
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Run FOSSA scan and upload build data
uses: fossa-contrib/fossa-action@cdc5065bcdee31a32e47d4585df72d66e8e941c2 # v3.0.0
with:
fossa-api-key: ${{ secrets.FOSSA_API_KEY }}
github-token: ${{ github.token }}
trivy:
name: Trivy
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Run Trivy vulnerability scanner in repo mode
uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0 # v0.29.0
with:
scan-type: fs
scanners: vuln
ignore-unfixed: true
format: sarif
output: trivy-results.sarif
# - name: Upload Trivy scan results to GitHub Security tab
# uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
# with:
# sarif_file: trivy-results.sarif
llvm-cov:
name: llvm-cov
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
# Set up Rust
- name: Set up Rust
uses: actions-rs/toolchain@v1
with:
profile: minimal
toolchain: nightly
override: true
- name: Install cargo-llvm-cov
uses: taiki-e/install-action@cargo-llvm-cov
- name: Install Clippy
run: rustup component add clippy
# Cache Cargo dependencies
- name: Cache Cargo registry
uses: actions/cache@v3
with:
path: ~/.cargo/registry
key: ${{ runner.os }}-cargo-registry-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
${{ runner.os }}-cargo-registry-
- name: Cache Cargo index
uses: actions/cache@v3
with:
path: ~/.cargo/git
key: ${{ runner.os }}-cargo-index-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
${{ runner.os }}-cargo-index-
- name: Cache target directory
uses: actions/cache@v3
with:
path: target
key: ${{ runner.os }}-cargo-target-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
${{ runner.os }}-cargo-target-
- name: Generate code coverage
run: cargo llvm-cov --all-features --workspace --lcov --output-path lcov.info
codeql:
name: SonarQube
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
# Set up Rust
- name: Set up Rust
uses: actions-rs/toolchain@v1
with:
profile: minimal
toolchain: nightly
override: true
- name: Install cargo-llvm-cov
uses: taiki-e/install-action@cargo-llvm-cov
- name: Install Clippy
run: rustup component add clippy
# Cache Cargo dependencies
- name: Cache Cargo registry
uses: actions/cache@v3
with:
path: ~/.cargo/registry
key: ${{ runner.os }}-cargo-registry-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
${{ runner.os }}-cargo-registry-
- name: Cache Cargo index
uses: actions/cache@v3
with:
path: ~/.cargo/git
key: ${{ runner.os }}-cargo-index-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
${{ runner.os }}-cargo-index-
- name: Cache target directory
uses: actions/cache@v3
with:
path: target
key: ${{ runner.os }}-cargo-target-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
${{ runner.os }}-cargo-target-
- name: Generate code coverage
run: cargo llvm-cov --all-features --workspace --lcov --output-path lcov.info
- name: Install cargo-sonar and run Clippy
run: |
cargo install cargo-sonar
cargo clippy --message-format json > my-clippy-report.json
cargo sonar --clippy-path my-clippy-report.json
- name: SonarQube Scan
uses: SonarSource/sonarqube-scan-action@v4
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}