.github/workflows/ci.yml - third_party/github/OpenPRoT/openprot - Git at Google

 # Licensed under the Apache-2.0 license

 name: CI

 on:
   push:
     branches: [ main, develop ]
   pull_request:
     branches: [ main ]

 env:
   CARGO_TERM_COLOR: always
   RUST_BACKTRACE: 1

 jobs:
   presubmit:
     name: Presubmit Checks
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v6

     - name: Setup Bazel
       uses: bazel-contrib/setup-bazel@0.19.0
       with:
         bazelisk-cache: true
         disk-cache: true
         repository-cache: true

     - name: Presubmit Checks
       # The presubmit workflow performs formatting checks, license checks
       # C/C++ include checks and clippy lints.
       # See workflows.json for the `presubmit` definition.
       run: ./pw presubmit

   test:
     name: Test
     needs: presubmit
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v6

     - name: Setup Bazel
       uses: bazel-contrib/setup-bazel@0.19.0
       with:
         bazelisk-cache: true
         disk-cache: true
         repository-cache: true

     - name: Run tests
       # See workflows.json for the `ci` definition.
       run: ./pw ci

   build:
     name: Build Targets
     needs: test
     runs-on: ubuntu-latest

     steps:
     - uses: actions/checkout@v6

     - name: Setup Bazel
       uses: bazel-contrib/setup-bazel@0.19.0
       with:
         bazelisk-cache: true
         disk-cache: true
         repository-cache: true

     - name: Build
       # See workflows.json for the `default` definition.
       run: ./pw default

   security-audit:
     name: Security Audit
     needs: presubmit
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v6

     - name: Install Rust toolchain
       uses: dtolnay/rust-toolchain@stable
       with:
         components: clippy

     - name: Cache cargo registry
       uses: actions/cache@v5
       with:
         path: |
           ~/.cargo/registry
           ~/.cargo/git
           target
         key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}

     - name: Install cargo-audit
       run: cargo install cargo-audit --locked

     - name: Install cargo-deny
       run: cargo install cargo-deny --version 0.19.0 --locked

     - name: Run security audit
       run: cd third_party/crates_io; cargo audit

     - name: Run cargo deny checks
       run: cd third_party/crates_io; cargo deny check

     - name: Run semgrep security scan
       uses: returntocorp/semgrep-action@v1
       with:
         config: p/rust
	# Licensed under the Apache-2.0 license

	name: CI

	on:
	push:
	branches: [ main, develop ]
	pull_request:
	branches: [ main ]

	env:
	CARGO_TERM_COLOR: always
	RUST_BACKTRACE: 1

	jobs:
	presubmit:
	name: Presubmit Checks
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v6

	- name: Setup Bazel
	uses: bazel-contrib/setup-bazel@0.19.0
	with:
	bazelisk-cache: true
	disk-cache: true
	repository-cache: true

	- name: Presubmit Checks
	# The presubmit workflow performs formatting checks, license checks
	# C/C++ include checks and clippy lints.
	# See workflows.json for the `presubmit` definition.
	run: ./pw presubmit

	test:
	name: Test
	needs: presubmit
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v6

	- name: Setup Bazel
	uses: bazel-contrib/setup-bazel@0.19.0
	with:
	bazelisk-cache: true
	disk-cache: true
	repository-cache: true

	- name: Run tests
	# See workflows.json for the `ci` definition.
	run: ./pw ci

	build:
	name: Build Targets
	needs: test
	runs-on: ubuntu-latest

	steps:
	- uses: actions/checkout@v6

	- name: Setup Bazel
	uses: bazel-contrib/setup-bazel@0.19.0
	with:
	bazelisk-cache: true
	disk-cache: true
	repository-cache: true

	- name: Build
	# See workflows.json for the `default` definition.
	run: ./pw default

	security-audit:
	name: Security Audit
	needs: presubmit
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v6

	- name: Install Rust toolchain
	uses: dtolnay/rust-toolchain@stable
	with:
	components: clippy

	- name: Cache cargo registry
	uses: actions/cache@v5
	with:
	path: \|
	~/.cargo/registry
	~/.cargo/git
	target
	key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}

	- name: Install cargo-audit
	run: cargo install cargo-audit --locked

	- name: Install cargo-deny
	run: cargo install cargo-deny --version 0.19.0 --locked

	- name: Run security audit
	run: cd third_party/crates_io; cargo audit

	- name: Run cargo deny checks
	run: cd third_party/crates_io; cargo deny check

	- name: Run semgrep security scan
	uses: returntocorp/semgrep-action@v1
	with:
	config: p/rust