CI/CD Hardening: Fixing StepSecurity Flagged Issues #111

Workflow file for this run

	name: CI

	on:
	pull_request:
	branches:
	- neon
	- master
	push:
	branches:
	- neon
	- master

	env:
	RUSTFLAGS: -Dwarnings
	RUST_BACKTRACE: 1

	jobs:
	rustfmt:
	name: rustfmt
	runs-on: ubuntu-latest
	steps:
	- name: Harden the runner (Audit all outbound calls)
	uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
	with:
	egress-policy: audit

	- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	- uses: sfackler/actions/rustup@55af96fecc6b2ff28431120e3d9b723e5c1bccbf # master
	- uses: sfackler/actions/rustfmt@55af96fecc6b2ff28431120e3d9b723e5c1bccbf # master

	clippy:
	name: clippy
	runs-on: ubuntu-latest
	steps:
	- name: Harden the runner (Audit all outbound calls)
	uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
	with:
	egress-policy: audit

	- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	- uses: sfackler/actions/rustup@55af96fecc6b2ff28431120e3d9b723e5c1bccbf # master
	- run: echo "version=$(rustc --version)" >> $GITHUB_OUTPUT
	id: rust-version
	- uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2
	with:
	path: ~/.cargo/registry/index
	key: index-${{ runner.os }}-${{ github.run_number }}
	restore-keys: \|
	index-${{ runner.os }}-
	- run: cargo generate-lockfile
	- uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2
	with:
	path: ~/.cargo/registry/cache
	key: registry-${{ runner.os }}-${{ steps.rust-version.outputs.version }}-${{ hashFiles('Cargo.lock') }}
	- run: cargo fetch
	- uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2
	with:
	path: target
	key: clippy-target-${{ runner.os }}-${{ steps.rust-version.outputs.version }}-${{ hashFiles('Cargo.lock') }}y
	- run: cargo clippy --all --all-targets

	check-wasm32:
	name: check-wasm32
	runs-on: ubuntu-latest
	steps:
	- name: Harden the runner (Audit all outbound calls)
	uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
	with:
	egress-policy: audit

	- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
	- uses: sfackler/actions/rustup@55af96fecc6b2ff28431120e3d9b723e5c1bccbf # master
	- run: echo "version=$(rustc --version)" >> $GITHUB_OUTPUT
	id: rust-version
	- run: rustup target add wasm32-unknown-unknown
	- uses: actions/cache@2f8e54208210a422b2efd51efaa6bd6d7ca8920f # v3.4.3
	with:
	path: ~/.cargo/registry/index
	key: index-${{ runner.os }}-${{ github.run_number }}
	restore-keys: \|
	index-${{ runner.os }}-
	- run: cargo generate-lockfile
	- uses: actions/cache@2f8e54208210a422b2efd51efaa6bd6d7ca8920f # v3.4.3
	with:
	path: ~/.cargo/registry/cache
	key: registry-${{ runner.os }}-${{ steps.rust-version.outputs.version }}-${{ hashFiles('Cargo.lock') }}
	- run: cargo fetch
	- uses: actions/cache@2f8e54208210a422b2efd51efaa6bd6d7ca8920f # v3.4.3
	with:
	path: target
	key: check-wasm32-target-${{ runner.os }}-${{ steps.rust-version.outputs.version }}-${{ hashFiles('Cargo.lock') }}
	- run: cargo check --target wasm32-unknown-unknown --manifest-path tokio-postgres/Cargo.toml --no-default-features --features js

	test:
	name: test
	runs-on: ubuntu-latest
	steps:
	- name: Harden the runner (Audit all outbound calls)
	uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
	with:
	egress-policy: audit

	- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	- run: docker compose up -d
	- uses: sfackler/actions/rustup@55af96fecc6b2ff28431120e3d9b723e5c1bccbf # master
	with:
	version: 1.83.0
	- run: echo "version=$(rustc --version)" >> $GITHUB_OUTPUT
	id: rust-version
	- uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2
	with:
	path: ~/.cargo/registry/index
	key: index-${{ runner.os }}-${{ github.run_number }}
	restore-keys: \|
	index-${{ runner.os }}-
	- run: cargo generate-lockfile
	- uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2
	with:
	path: ~/.cargo/registry/cache
	key: registry-${{ runner.os }}-${{ steps.rust-version.outputs.version }}-${{ hashFiles('Cargo.lock') }}
	- run: cargo fetch
	- uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2
	with:
	path: target
	key: test-target-${{ runner.os }}-${{ steps.rust-version.outputs.version }}-${{ hashFiles('Cargo.lock') }}y
	- run: cargo test --all
	- run: cargo test --manifest-path tokio-postgres/Cargo.toml --no-default-features
	- run: cargo test --manifest-path tokio-postgres/Cargo.toml --all-features

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CI/CD Hardening: Fixing StepSecurity Flagged Issues #111

Workflow file

CI/CD Hardening: Fixing StepSecurity Flagged Issues #111

Jobs

Run details

Workflow file for this run