name: Daily security audit on: schedule: - cron: '5 9 * * *' jobs: cargo-deny: runs-on: ubuntu-20.04 steps: - name: Checkout repository code uses: actions/checkout@v2 - name: Install rust toolchain uses: actions-rs/toolchain@v1 with: toolchain: stable - name: Install cargo deny run: cargo install --locked cargo-deny - name: Run cargo deny run: | find . -name Cargo.toml -exec cargo deny --manifest-path {} check \ advisories -A advisory-not-detected --hide-inclusion-graph \; &> \ >(uniq &> .github/workflows/support-files/notifications/deny.message ) - uses: actions/upload-artifact@v3 with: name: report path: .github/workflows/support-files/notifications/deny.message notification: needs: cargo-deny runs-on: ubuntu-20.04 steps: - name: Check out repository code uses: actions/checkout@v2 - name: Download report from previous job uses: actions/download-artifact@v3 with: name: report path: .github/workflows/support-files/notifications - name: Keybase - Node Install run: npm install working-directory: .github/workflows/support-files - name: Keybase - Send Notification env: NYM_NOTIFICATION_KIND: security NYM_PROJECT_NAME: "Daily security report" GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" KEYBASE_NYMBOT_USERNAME: "${{ secrets.KEYBASE_NYMBOT_USERNAME }}" KEYBASE_NYMBOT_PAPERKEY: "${{ secrets.KEYBASE_NYMBOT_PAPERKEY }}" KEYBASE_NYMBOT_TEAM: "${{ secrets.KEYBASE_NYMBOT_TEAM }}" KEYBASE_NYM_CHANNEL: "security" uses: docker://keybaseio/client:stable-node with: args: .github/workflows/support-files/notifications/entry_point.sh