chore: Bump github/codeql-action from 3.27.5 to 3.27.9 #254
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Cross Build | |
| on: | |
| pull_request: | |
| push: | |
| branches: | |
| - main | |
| workflow_run: | |
| workflows: ["Test with Code Coverage"] | |
| branches: [main] | |
| types: | |
| - completed | |
| jobs: | |
| test: | |
| name: ${{ matrix.os.name }} | |
| if: ${{ github.event.workflow_run.conclusion == 'success' }} | |
| strategy: | |
| matrix: | |
| os: | |
| - arch: ubuntu-latest | |
| name: Ubuntu | |
| - arch: macos-latest | |
| name: Mac OS X | |
| - arch: windows-latest | |
| name: Windows | |
| rust: [stable] | |
| runs-on: ${{ matrix.os.arch }} | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 | |
| with: | |
| disable-sudo: true | |
| egress-policy: block | |
| allowed-endpoints: > | |
| api.deps.dev:443 | |
| api.github.com:443 | |
| api.osv.dev:443 | |
| api.scorecard.dev:443 | |
| fulcio.sigstore.dev:443 | |
| github.com:443 | |
| oss-fuzz-build-logs.storage.googleapis.com:443 | |
| rekor.sigstore.dev:443 | |
| tuf-repo-cdn.sigstore.dev:443 | |
| www.bestpractices.dev:443 | |
| objects.githubusercontent.com:443 | |
| raw.githubusercontent.com:443 | |
| static.rust-lang.org:443 | |
| static.crates.io:443 | |
| index.crates.io:443 | |
| azure.archive.ubuntu.com:80 | |
| changelogs.ubuntu.com:443 | |
| esm.ubuntu.com:443 | |
| security.ubuntu.com:80 | |
| packages.microsoft.com:443 | |
| - name: Checkout sources | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Install stable toolchain | |
| uses: dtolnay/rust-toolchain@315e265cd78dad1e1dcf3a5074f6d6c47029d5aa # master | |
| with: | |
| toolchain: ${{ matrix.rust }} | |
| - uses: Swatinem/rust-cache@82a92a6e8fbeee089604da2575dc567ae9ddeaab # v2.7.5 | |
| - name: Run cargo test | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: cargo test --all-features | |
| freebsd: | |
| name: FreeBSD | |
| if: ${{ github.event.workflow_run.conclusion == 'success' }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 | |
| with: | |
| egress-policy: block | |
| allowed-endpoints: > | |
| api.deps.dev:443 | |
| api.github.com:443 | |
| api.osv.dev:443 | |
| api.scorecard.dev:443 | |
| fulcio.sigstore.dev:443 | |
| github.com:443 | |
| oss-fuzz-build-logs.storage.googleapis.com:443 | |
| rekor.sigstore.dev:443 | |
| tuf-repo-cdn.sigstore.dev:443 | |
| www.bestpractices.dev:443 | |
| objects.githubusercontent.com:443 | |
| raw.githubusercontent.com:443 | |
| static.rust-lang.org:443 | |
| static.crates.io:443 | |
| index.crates.io:443 | |
| azure.archive.ubuntu.com:80 | |
| changelogs.ubuntu.com:443 | |
| esm.ubuntu.com:443 | |
| packages.microsoft.com | |
| 0.freebsd.pool.ntp.org:443 | |
| 2.freebsd.pool.ntp.org:443 | |
| pkg.freebsd.org:443 | |
| - name: Checkout sources | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: FreeBSD | |
| uses: vmactions/freebsd-vm@debf37ca7b7fa40e19c542ef7ba30d6054a706a4 # v1.1.5 | |
| with: | |
| usesh: true | |
| sync: rsync | |
| copyback: false | |
| prepare: | | |
| mkdir -p /usr/local/etc/pkg/repos | |
| cat << EOF > /usr/local/etc/pkg/repos/FreeBSD.conf | |
| FreeBSD: { | |
| url: "http://pkg.freebsd.org/\${ABI}/latest", | |
| mirror_type: "none", | |
| signature_type: "fingerprints", | |
| fingerprints: "/usr/share/keys/pkg", | |
| enabled: yes | |
| } | |
| EOF | |
| pkg update -f ; pkg install -y curl rust-nightly | |
| run: | | |
| pwd | |
| ls -lah | |
| whoami | |
| env | |
| freebsd-version | |
| sysctl hw.model | |
| sysctl hw.ncpu | |
| sysctl hw.physmem | |
| sysctl hw.usermem | |
| cargo test --all-features | |
| openbsd: | |
| name: OpenBSD | |
| if: ${{ github.event.workflow_run.conclusion == 'success' }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 | |
| with: | |
| egress-policy: block | |
| allowed-endpoints: > | |
| api.deps.dev:443 | |
| api.github.com:443 | |
| api.osv.dev:443 | |
| api.scorecard.dev:443 | |
| fulcio.sigstore.dev:443 | |
| github.com:443 | |
| oss-fuzz-build-logs.storage.googleapis.com:443 | |
| rekor.sigstore.dev:443 | |
| tuf-repo-cdn.sigstore.dev:443 | |
| www.bestpractices.dev:443 | |
| objects.githubusercontent.com:443 | |
| raw.githubusercontent.com:443 | |
| static.rust-lang.org:443 | |
| static.crates.io:443 | |
| index.crates.io:443 | |
| azure.archive.ubuntu.com:80 | |
| changelogs.ubuntu.com:443 | |
| esm.ubuntu.com:443 | |
| packages.microsoft.com:443 | |
| cdn.openbsd.org | |
| pool.ntp.org:443 | |
| time.cloudflare.com:443 | |
| www.google.com:443 | |
| - name: Checkout sources | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: OpenBSD | |
| uses: vmactions/openbsd-vm@0cfe06e734a0ea3a546fca7ebf200b984b94d58a # v1.1.4 | |
| with: | |
| usesh: true | |
| sync: rsync | |
| copyback: false | |
| prepare: | | |
| pkg_add curl rust | |
| run: | | |
| pwd | |
| ls -lah | |
| whoami | |
| env | |
| cargo test --all-features | |
| netbsd: | |
| name: NetBSD | |
| if: ${{ github.event.workflow_run.conclusion == 'success' }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 | |
| with: | |
| egress-policy: block | |
| allowed-endpoints: > | |
| api.deps.dev:443 | |
| api.github.com:443 | |
| api.osv.dev:443 | |
| api.scorecard.dev:443 | |
| fulcio.sigstore.dev:443 | |
| github.com:443 | |
| oss-fuzz-build-logs.storage.googleapis.com:443 | |
| rekor.sigstore.dev:443 | |
| tuf-repo-cdn.sigstore.dev:443 | |
| www.bestpractices.dev:443 | |
| objects.githubusercontent.com:443 | |
| raw.githubusercontent.com:443 | |
| static.rust-lang.org:443 | |
| static.crates.io:443 | |
| index.crates.io:443 | |
| archive.ubuntu.com:80 | |
| azure.archive.ubuntu.com:80 | |
| changelogs.ubuntu.com:443 | |
| esm.ubuntu.com:443 | |
| packages.microsoft.com:443 | |
| security.ubuntu.com:80 | |
| 2.netbsd.pool.ntp.org:443 | |
| cdn.NetBSD.org:443 | |
| - name: Checkout sources | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: NetBSD | |
| uses: vmactions/netbsd-vm@7c9086fdb4cc1aa814cda6e305390c2b966551a9 # v1.1.4 | |
| with: | |
| usesh: true | |
| sync: rsync | |
| copyback: false | |
| prepare: | | |
| /usr/sbin/pkg_add pkgin | |
| pkgin -y install curl rust | |
| run: | | |
| pwd | |
| ls -lah | |
| whoami | |
| env | |
| cargo test --all-features | |
| alpine: | |
| name: Alpine | |
| if: ${{ github.event.workflow_run.conclusion == 'success' }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 | |
| with: | |
| egress-policy: block | |
| allowed-endpoints: > | |
| api.deps.dev:443 | |
| api.github.com:443 | |
| api.osv.dev:443 | |
| api.scorecard.dev:443 | |
| fulcio.sigstore.dev:443 | |
| github.com:443 | |
| oss-fuzz-build-logs.storage.googleapis.com:443 | |
| rekor.sigstore.dev:443 | |
| tuf-repo-cdn.sigstore.dev:443 | |
| www.bestpractices.dev:443 | |
| static.rust-lang.org:443 | |
| static.crates.io:443 | |
| index.crates.io:443 | |
| dl-cdn.alpinelinux.org:80 | |
| gitlab.alpinelinux.org:443 | |
| - name: Checkout sources | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Setup | |
| uses: jirutka/setup-alpine@092137b2b59839555e7432042a9533c64ed482a4 # v1 | |
| with: | |
| branch: edge | |
| - name: Run tests | |
| run: | | |
| apk add cargo | |
| cargo test --all-features | |
| shell: alpine.sh --root {0} | |
| arch: | |
| name: Arch | |
| if: ${{ github.event.workflow_run.conclusion == 'success' }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 | |
| with: | |
| egress-policy: block | |
| allowed-endpoints: > | |
| api.deps.dev:443 | |
| api.github.com:443 | |
| api.osv.dev:443 | |
| api.scorecard.dev:443 | |
| fulcio.sigstore.dev:443 | |
| github.com:443 | |
| oss-fuzz-build-logs.storage.googleapis.com:443 | |
| rekor.sigstore.dev:443 | |
| tuf-repo-cdn.sigstore.dev:443 | |
| www.bestpractices.dev:443 | |
| objects.githubusercontent.com:443 | |
| raw.githubusercontent.com:443 | |
| static.rust-lang.org:443 | |
| static.crates.io:443 | |
| index.crates.io:443 | |
| 2.netbsd.pool.ntp.org:443 | |
| archlinux.org:443 | |
| geo.mirror.pkgbuild.com:443 | |
| openpgpkey.archlinux.org:443 | |
| - name: Checkout sources | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Setup | |
| uses: RangHo/setup-arch@e8cd607443653e6fb211e402d20a9cc75b0ad5f2 # main | |
| with: | |
| packages: "rust" | |
| - name: Run tests | |
| run: | | |
| cargo test --all-features | |
| # TODO: | |
| # - OpenSUSE | |
| # - Rocky Linux | |
| # - Fedora | |
| # - Gentoo | |
| # - Slackware |