[K9VULN-2634] Check in Cargo.lock, and pass in --locked
to cargo commands
#3250
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
on: | |
push: | |
branches: | |
- "**" | |
pull_request: | |
name: Check Code | |
jobs: | |
check_code: | |
strategy: | |
matrix: | |
config: | |
- { os: ubuntu-latest, target: x86_64-unknown-linux-gnu, gha_alias: 'Linux x64 - ' } | |
- { os: ubuntu-latest, target: aarch64-unknown-linux-gnu, gha_alias: 'Linux aarch64 - ' } | |
- { os: macos-13, target: x86_64-apple-darwin, gha_alias: 'macOS x64 - ' } | |
- { os: macos-latest, target: aarch64-apple-darwin, gha_alias: 'macOS aarch64 - ' } | |
- { os: windows-latest, target: x86_64-pc-windows-msvc, gha_alias: 'Windows x64 - ' } | |
cargo_cmd: | |
- { cmd_name: build, args: '--locked' , gha_alias: "Build - Profile 'debug'" } | |
- { cmd_name: test, args: '--workspace --locked', gha_alias: "Test" } | |
include: | |
- config: { os: ubuntu-latest, target: aarch64-unknown-linux-gnu, gha_alias: '' } | |
cargo_cmd: { cmd_name: clippy, args: '', gha_alias: "Clippy" } | |
- config: { os: ubuntu-latest, target: aarch64-unknown-linux-gnu, gha_alias: '' } | |
cargo_cmd: { cmd_name: fmt, args: '--check', gha_alias: "Rustfmt" } | |
name: ${{ matrix.config.gha_alias }}${{ matrix.cargo_cmd.gha_alias }} | |
runs-on: ${{ matrix.config.os }} | |
env: | |
DD_API_KEY: ${{ secrets.DD_API_KEY }} | |
DD_APP_KEY: ${{ secrets.DD_APP_KEY }} | |
DD_SITE: ${{ vars.DD_SITE }} | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- name: Set up Rust | |
uses: actions-rust-lang/[email protected] | |
- name: Fetch dependencies | |
run: cargo fetch | |
- name: Run cargo ${{ matrix.cargo_cmd.cmd_name }} ${{ matrix.cargo_cmd.args }} | |
uses: actions-rs/cargo@v1 | |
with: | |
command: ${{ matrix.cargo_cmd.cmd_name }} | |
args: ${{ matrix.cargo_cmd.args }} | |
- name: Check python rulesets - part1 | |
run: cargo run --locked --bin datadog-static-analyzer-test-ruleset -- -r python-best-practices -r python-security -r python-code-style -r python-inclusive | |
- name: Check python rulesets - part2 | |
run: cargo run --locked --bin datadog-static-analyzer-test-ruleset -- -r python-django -r python-flask -r python-design | |
- name: Check Java rulesets | |
run: cargo run --locked --bin datadog-static-analyzer-test-ruleset -- -r java-security -r java-best-practices -r java-code-style | |
- name: Check Docker rulesets | |
run: cargo run --locked --bin datadog-static-analyzer-test-ruleset -- -r docker-best-practices |