ok/jj
1
0
Fork 0
forked from mirrors/jj
Code Pull requests Activity
jj/.github/workflows/build.yml
Martin von Zweigbergk af76631021 github: set top-level permissions to readonly for all workflows 
The new code scanner is complaining that actions have permissions to
do too much. It wasn't obvious to me what permissions the jobs need,
but let's see how this works.
2022-03-16 19:59:08 -07:00

90 lines
2 KiB
YAML
Raw Blame History

name: build
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
permissions: read-all
jobs:
build:
runs-on: ${{ matrix.operating-system }}
strategy:
matrix:
operating-system: [ ubuntu-latest, windows-latest, macos-latest ]
steps:
- uses: actions/checkout@v2
- name: Install Rust (stable)
uses: actions-rs/toolchain@v1
with:
toolchain: stable
override: true
profile: minimal
- name: Build
uses: actions-rs/cargo@v1
with:
command: build
args: --workspace --verbose
- name: Test
uses: actions-rs/cargo@v1
with:
command: test
args: --workspace --verbose
env:
RUST_BACKTRACE: 1
rustfmt:
name: Check formatting
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions-rs/toolchain@v1
with:
toolchain: nightly
profile: minimal
components: rustfmt
override: true
- uses: actions-rs/cargo@v1
with:
command: fmt
args: --all -- --check
clippy-stable:
name: Clippy check (stable)
permissions:
pull-requests: write
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions-rs/toolchain@v1
with:
toolchain: stable
profile: minimal
components: clippy
override: true
- uses: actions-rs/clippy-check@v1
with:
token: ${{ secrets.GITHUB_TOKEN }}
args: --all-features --workspace
clippy-nightly:
name: Clippy check (nightly)
permissions:
pull-requests: write
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions-rs/toolchain@v1
with:
toolchain: nightly
profile: minimal
components: clippy
override: true
- uses: actions-rs/clippy-check@v1
with:
token: ${{ secrets.GITHUB_TOKEN }}
args: --all-features --workspace
View git blame Copy permalink