From 3430dfde1bf52139685c4a2847d5e18fa940e482 Mon Sep 17 00:00:00 2001 From: richardanyalai Date: Tue, 12 May 2026 18:22:21 +0200 Subject: [PATCH] chore(ci): added dependabot, cargo-audit, cargo-deny --- .github/dependabot.yml | 28 ++++++++++++++++++++++++++++ .github/workflows/security.yml | 29 +++++++++++++++++++++++++++++ 2 files changed, 57 insertions(+) create mode 100644 .github/dependabot.yml create mode 100644 .github/workflows/security.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..6aa4079 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,28 @@ +version: 2 +updates: + - package-ecosystem: cargo + directory: / + schedule: + interval: monthly + open-pull-requests-limit: 10 + commit-message: + prefix: "chore(deps)" + groups: + cargo-minor-and-patch: + update-types: + - minor + - patch + + - package-ecosystem: github-actions + directory: / + schedule: + interval: monthly + open-pull-requests-limit: 5 + commit-message: + prefix: "chore(ci)" + groups: + actions-all: + update-types: + - major + - minor + - patch diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml new file mode 100644 index 0000000..c6c239e --- /dev/null +++ b/.github/workflows/security.yml @@ -0,0 +1,29 @@ +name: Security + +on: + push: + branches: [main, master] + pull_request: + workflow_dispatch: + +jobs: + cargo-audit: + name: Cargo Audit + runs-on: ubuntu-latest + permissions: + checks: write + contents: read + steps: + - uses: actions/checkout@v6 + - uses: rustsec/audit-check@v2.0.0 + with: + token: ${{ secrets.GITHUB_TOKEN }} + + cargo-deny: + name: Cargo Deny + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v6 + - uses: EmbarkStudios/cargo-deny-action@v2 + with: + command: check advisories