ci/actions: fix typo & use the original action

* Apparently GitHub Actions doesn't work like I expected it would with job forks. Revert to the original. * Fix the `actions/checkout` type.
ci/github-actions: add audit
2022-09-03 22:41:52 +03:00 · 2022-09-03 22:38:39 +03:00 · 2022-09-03 22:12:16 +03:00 · 2022-09-03 21:41:59 +03:00 · 2022-09-03 21:19:48 +03:00
5 changed files with 34 additions and 3 deletions
--- a/.cargo/audit.toml
+++ b/.cargo/audit.toml
@ -1,4 +1,8 @@
 [output]
 quiet = false
-deny = ["warnings"]
-informational_warnings = ["unmaintained", "unsound"]
+deny = [
+    "unmaintained",
+    "unsound",
+    "warnings",
+    "yanked",
+]
--- a/.github/workflows/audit.yml
+++ b/.github/workflows/audit.yml
@ -0,0 +1,17 @@
+name: Audit for RUSTSEC advisories
+
+on:
+  push:
+    branches: main
+  schedule:
+    - cron: '0 0 * * *'
+
+jobs:
+  audit:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - uses: actions-rs/audit-check@v1
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1 @@
 /target
-/Cargo.lock
--- a/.gitsigners
+++ b/.gitsigners
@ -0,0 +1 @@
+aydin@mercan.dev sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAILLr2NFDIXvtO32wLsdMaycO7jYHjd1tydv3ClA7B/yxAAAAB3NzaDpnaXQ=
--- a/README.md
+++ b/README.md
@ -9,6 +9,16 @@ Use and extend BearSSL in Rust.
 * `bearssl`: Higher level code for easier use in servers, clients, etc.
    * Versions below `0.0.2` are unrelated to this crate.

+## Development
+
+We prefer commit signing via SSH. The allowed signers are listed in `.gitsigners`.
+To verify, a gitconfig entry such as the following is likely needed:
+
+```ini
+[gpg.ssh]
+    allowedSignersFile = .gitsigners
+```
+
 ## License

 All crates in this repository are available under `BSD-3-Clause`.
Author	SHA1	Message	Date
Aydin Mercan	016f796299	ci/actions: fix typo & use the original action * Apparently GitHub Actions doesn't work like I expected it would with job forks. Revert to the original. * Fix the `actions/checkout` type.	2022-09-03 22:41:52 +03:00
Aydin Mercan	997aa62588	ci/github-actions: add audit * For now auditing should be done daily and on each push to main. * I have used rustsec's fork because it is more featureful and it has some fixes done. Hopefully it should just work.	2022-09-03 22:38:39 +03:00
Aydin Mercan	92814fbaef	cargo: remove lock from gitignore	2022-09-03 22:12:16 +03:00
Aydin Mercan	eb24ca0579	git: add .gitsigners file and document how to use	2022-09-03 21:41:59 +03:00
Aydin Mercan	a8dcc537b4	cargo/audit: fix configuration	2022-09-03 21:19:48 +03:00
				`@ -0,0 +1 @@`
				`aydin@mercan.dev sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAILLr2NFDIXvtO32wLsdMaycO7jYHjd1tydv3ClA7B/yxAAAAB3NzaDpnaXQ=`