name: Daily security audit on: schedule: - cron: '5 9 * * *' jobs: cargo-deny: runs-on: ubuntu-20.04 steps: - name: Checkout repository code uses: actions/checkout@v2 - name: Install rust toolchain uses: actions-rs/toolchain@v1 with: toolchain: stable - name: Install cargo deny run: cargo install --locked cargo-deny - name: Run cargo deny run: | find . -name Cargo.toml -exec cargo deny --manifest-path {} check \ advisories -A advisory-not-detected --hide-inclusion-graph \; &> \ >(uniq &> .github/workflows/support-files/notifications/deny.message ) - uses: actions/upload-artifact@v3 with: name: report path: .github/workflows/support-files/notifications/deny.message notification: needs: cargo-deny runs-on: custom-runner-linux steps: - name: Check out repository code uses: actions/checkout@v2 - name: Download report from previous job uses: actions/download-artifact@v3 with: name: report path: .github/workflows/support-files/notifications - name: install npm uses: actions/setup-node@v3 with: node-version: 16 - name: Matrix - Node Install run: npm install working-directory: .github/workflows/support-files - name: Matrix - Send Notification env: NYM_NOTIFICATION_KIND: security NYM_PROJECT_NAME: "Daily security report" GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" MATRIX_SERVER: "${{ secrets.MATRIX_SERVER }}" MATRIX_ROOM: "${{ secrets.MATRIX_ROOM_AUDIT }}" MATRIX_USER_ID: "${{ secrets.MATRIX_USER_ID }}" MATRIX_TOKEN: "${{ secrets.MATRIX_TOKEN }}" MATRIX_DEVICE_ID: "${{ secrets.MATRIX_DEVICE_ID }}" uses: docker://keybaseio/client:stable-node with: args: .github/workflows/support-files/notifications/entry_point.sh