diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml
new file mode 100644
index 0000000..797e920
--- /dev/null
+++ b/.github/workflows/audit.yml
@@ -0,0 +1,29 @@
+name: Security audit
+on:
+ workflow_call:
+ workflow_dispatch:
+ schedule:
+ - cron: "0 0 * * *"
+ push:
+ paths:
+ - "**/Cargo.toml"
+ - "**/Cargo.lock"
+ pull_request:
+ branches: ["master"]
+ paths:
+ - "**/Cargo.toml"
+ - "**/Cargo.lock"
+
+jobs:
+ audit:
+ name: Security Audit
+ runs-on: ubuntu-latest
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v4
+
+ - name: Install cargo-deny
+ uses: taiki-e/install-action@cargo-deny
+
+ - name: Scan for vulnerabilities
+ run: cargo deny check advisories
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
new file mode 100644
index 0000000..1ed92b6
--- /dev/null
+++ b/.github/workflows/build.yml
@@ -0,0 +1,43 @@
+name: Build Cargo Workspace
+
+on:
+ workflow_call:
+ workflow_dispatch:
+ pull_request:
+ branches: ["master"]
+ push:
+ branches:
+ - "*"
+
+env:
+ CARGO_TERM_COLOR: always
+
+jobs:
+ build:
+ name: Build Cargo Workspace
+ runs-on: ubuntu-latest
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v4
+
+ - name: Install Nix
+ uses: DeterminateSystems/nix-installer-action@main
+ with:
+ logger: pretty
+
+ - name: Get build dependencies
+ run: "nix develop .#"
+
+ - uses: actions-rs/toolchain@v1
+ with:
+ toolchain: stable
+ override: true
+
+ - uses: Swatinem/rust-cache@v2
+ name: Cache dependencies
+
+ - uses: actions-rs/cargo@v1
+ name: Build crate
+ with:
+ command: build
+ args: --verbose --all-features
diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml
deleted file mode 100644
index fb572d2..0000000
--- a/.github/workflows/check.yml
+++ /dev/null
@@ -1,19 +0,0 @@
-name: Flake Check
-
-on: [push, pull_request, workflow_dispatch]
-
-jobs:
- check-flake:
- runs-on: ubuntu-latest
-
- steps:
- - name: Checkout
- uses: actions/checkout@v4
-
- - name: Install Nix
- uses: DeterminateSystems/nix-installer-action@main
- with:
- logger: pretty
-
- - name: Check Flake
- run: nix flake check --accept-flake-config
diff --git a/.github/workflows/cachix.yml b/.github/workflows/nix.yml
similarity index 79%
rename from .github/workflows/cachix.yml
rename to .github/workflows/nix.yml
index 679deb7..9a29127 100644
--- a/.github/workflows/cachix.yml
+++ b/.github/workflows/nix.yml
@@ -16,9 +16,26 @@ on:
- README.md
jobs:
+ check-flake:
+ name: "Check flake validity"
+ runs-on: ubuntu-latest
+
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v4
+
+ - name: Install Nix
+ uses: DeterminateSystems/nix-installer-action@main
+ with:
+ logger: pretty
+
+ - name: Check Flake
+ run: nix flake check --accept-flake-config
+
cachix:
name: "Build Exposed Packages"
runs-on: ubuntu-latest
+ needs: check-flake
strategy:
matrix:
package:
diff --git a/.github/workflows/update.yml b/.github/workflows/update.yml
new file mode 100644
index 0000000..ea4ee14
--- /dev/null
+++ b/.github/workflows/update.yml
@@ -0,0 +1,42 @@
+name: "Update repository dependencies"
+
+on:
+ workflow_dispatch:
+ schedule:
+ - cron: "0 4 1 * *"
+
+jobs:
+ main:
+ runs-on: ubuntu-latest
+
+ steps:
+ - name: Install Nix
+ uses: DeterminateSystems/nix-installer-action@main
+
+ - name: Checkout
+ uses: actions/checkout@v3
+
+ - name: Bump nix
+ run: nix flake update
+
+ - name: Install dependencies
+ run: nix profile install --inputs-from . nixpkgs#cargo-bump nixpkgs#cargo
+
+ - name: Bump rust
+ run: |
+ cargo bump patch
+ cargo update
+
+ - name: Create Pull Request
+ uses: peter-evans/create-pull-request@v4
+ with:
+ token: "${{ secrets.github_token }}"
+ title: "ci: update inputs"
+ author: GitHub <noreply@github.com>
+ branch: update
+ branch-suffix: timestamp
+ delete-branch: true
+ commit-message: |
+ Update all inputs
+
+ Co-authored-by: ${{ github.actor }} <${{ github.actor }}@users.noreply.github.com>