Skip to content

Commit

Permalink
CI/CD: Use private cache of (third-party) GitHub Actions.
Browse files Browse the repository at this point in the history 
This is a step towards implementing the GitHub security hardening advice.

sed -ri 's|(uses: +)([^/]+)/([^@])|\1briansmith/\2-\3|g' .github/workflows/ci.yml
  • Loading branch information
@briansmith
briansmith committed Apr 26, 2021
1 parent 087bc85 commit bb9228a
Showing 1 changed file with 17 additions and 17 deletions.
34 changes: 17 additions & 17 deletions .github/workflows/ci.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,12 +9,12 @@ jobs:
runs-on: ubuntu-18.04

steps:
- uses: actions-rs/toolchain@v1
- uses: briansmith/actions-rs-toolchain@v1
with:
toolchain: stable
profile: minimal
components: rustfmt
- uses: actions/checkout@v2
- uses: briansmith/actions-checkout@v2
with:
persist-credentials: false
- run: cargo fmt --all -- --check
Expand All @@ -23,13 +23,13 @@ jobs:
runs-on: ubuntu-18.04

steps:
- uses: actions-rs/toolchain@v1
- uses: briansmith/actions-rs-toolchain@v1
with:
toolchain: stable
profile: minimal
components: clippy

- uses: actions/checkout@v2
- uses: briansmith/actions-checkout@v2
with:
persist-credentials: false

Expand All @@ -39,12 +39,12 @@ jobs:
runs-on: ubuntu-18.04

steps:
- uses: actions-rs/toolchain@v1
- uses: briansmith/actions-rs-toolchain@v1
with:
toolchain: stable
profile: minimal

- uses: actions/cache@v2
- uses: briansmith/actions-cache@v2
with:
path: |
~/.cargo/bin/cargo-audit
Expand All @@ -54,7 +54,7 @@ jobs:

- run: cargo install cargo-audit --vers "0.13.1"

- uses: actions/checkout@v2
- uses: briansmith/actions-checkout@v2
with:
persist-credentials: false

Expand All @@ -66,12 +66,12 @@ jobs:
runs-on: ubuntu-18.04

steps:
- uses: actions-rs/toolchain@v1
- uses: briansmith/actions-rs-toolchain@v1
with:
toolchain: stable
profile: minimal

- uses: actions/cache@v2
- uses: briansmith/actions-cache@v2
with:
path: |
~/.cargo/bin/cargo-deny
Expand All @@ -81,7 +81,7 @@ jobs:

- run: cargo install cargo-deny --vers "0.8.4"

- uses: actions/checkout@v2
- uses: briansmith/actions-checkout@v2
with:
persist-credentials: false

Expand All @@ -102,13 +102,13 @@ jobs:
- target: x86_64-unknown-linux-gnu

steps:
- uses: actions-rs/toolchain@v1
- uses: briansmith/actions-rs-toolchain@v1
with:
override: true
target: ${{ matrix.target }}
toolchain: ${{ matrix.rust_channel }}

- uses: actions/checkout@v2
- uses: briansmith/actions-checkout@v2
with:
persist-credentials: false

Expand Down Expand Up @@ -145,11 +145,11 @@ jobs:
host_os: ubuntu-18.04

steps:
- uses: actions/checkout@v2
- uses: briansmith/actions-checkout@v2
with:
persist-credentials: false

- uses: actions-rs/toolchain@v1
- uses: briansmith/actions-rs-toolchain@v1
with:
override: true
target: ${{ matrix.target }}
Expand Down Expand Up @@ -185,14 +185,14 @@ jobs:
- if: ${{ contains(matrix.host_os, 'ubuntu') }}
run: sudo apt-get update -y

- uses: actions/checkout@v2
- uses: briansmith/actions-checkout@v2
with:
persist-credentials: false

- if: ${{ !contains(matrix.host_os, 'windows') }}
run: RING_COVERAGE=1 mk/install-build-tools.sh --target=${{ matrix.target }} ${{ matrix.features }}

- uses: actions-rs/toolchain@v1
- uses: briansmith/actions-rs-toolchain@v1
with:
override: true
target: ${{ matrix.target }}
Expand All @@ -205,7 +205,7 @@ jobs:
run: |
RING_COVERAGE=1 mk/cargo.sh +${{ matrix.rust_channel }} test -vv --target=${{ matrix.target }} ${{ matrix.cargo_options }} ${{ matrix.features }} ${{ matrix.mode }}
- uses: codecov/codecov-action@v1
- uses: briansmith/codecov-codecov-action@v1
with:
directory: ./target/${{ matrix.target }}/debug/coverage/reports
fail_ci_if_error: true
Expand Down

0 comments on commit bb9228a

Please sign in to comment.