ci: run cargo audit directly in release workflow #29
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| permissions: | |
| contents: write | |
| id-token: write | |
| on: | |
| push: | |
| tags: | |
| - v[0-9]+.* | |
| jobs: | |
| release-format-check: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Run format check | |
| run: cargo fmt --check | |
| - name: Run cargo-readme check | |
| run: cargo install cargo-readme && cargo readme > TMP_README.md && diff -b TMP_README.md README.md | |
| security-audit: | |
| needs: release-format-check | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install cargo-audit | |
| run: cargo install cargo-audit | |
| - name: Run cargo audit | |
| run: cargo audit | |
| create-release: | |
| needs: security-audit | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: taiki-e/create-gh-release-action@v1 | |
| with: | |
| changelog: CHANGELOG.md | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| upload-assets: | |
| needs: create-release | |
| strategy: | |
| matrix: | |
| include: | |
| - target: aarch64-unknown-linux-gnu | |
| os: ubuntu-latest | |
| - target: x86_64-unknown-linux-gnu | |
| os: ubuntu-latest | |
| - target: universal-apple-darwin | |
| os: macos-latest | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: taiki-e/upload-rust-binary-action@v1 | |
| with: | |
| bin: bgpkit-parser | |
| checksum: sha256 | |
| features: cli | |
| target: ${{ matrix.target }} | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| cargo-publish: | |
| needs: upload-assets | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Publish to crates.io | |
| run: > | |
| cargo publish | |
| --all-features | |
| --verbose | |
| --token ${{ secrets.CARGO_REGISTRY_TOKEN }} | |
| npm-publish: | |
| needs: cargo-publish | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 22 | |
| registry-url: https://registry.npmjs.org | |
| scope: '@bgpkit' | |
| - name: Install wasm-pack | |
| run: cargo install wasm-pack | |
| - name: Add wasm target | |
| run: rustup target add wasm32-unknown-unknown | |
| - name: Build WASM npm package | |
| run: bash src/wasm/build.sh | |
| - name: Upgrade npm for trusted publishing | |
| run: npm install -g npm@latest | |
| - name: Publish @bgpkit/parser to npm | |
| working-directory: pkg | |
| run: npm publish --access public --provenance |