Skip to content

[K9VULN-2634] Check in Cargo.lock, and pass in --locked to cargo commands #3234

[K9VULN-2634] Check in Cargo.lock, and pass in --locked to cargo commands

[K9VULN-2634] Check in Cargo.lock, and pass in --locked to cargo commands #3234

Workflow file for this run

on:
push:
branches:
- "**"
pull_request:
name: Check Code
jobs:
check_code:
strategy:
matrix:
config:
- { os: ubuntu-latest, target: x86_64-unknown-linux-gnu, gha_alias: 'Linux x64 - ' }
- { os: ubuntu-latest, target: aarch64-unknown-linux-gnu, gha_alias: 'Linux aarch64 - ' }
- { os: macos-13, target: x86_64-apple-darwin, gha_alias: 'macOS x64 - ' }
- { os: macos-latest, target: aarch64-apple-darwin, gha_alias: 'macOS aarch64 - ' }
- { os: windows-latest, target: x86_64-pc-windows-msvc, gha_alias: 'Windows x64 - ' }
cargo_cmd:
- { cmd_name: build, args: '--locked' , gha_alias: "Build - Profile 'debug'" }
- { cmd_name: test, args: '--workspace --locked', gha_alias: "Test" }
include:
- config: { os: ubuntu-latest, target: aarch64-unknown-linux-gnu, gha_alias: '' }
cargo_cmd: { cmd_name: clippy, args: '', gha_alias: "Clippy" }
- config: { os: ubuntu-latest, target: aarch64-unknown-linux-gnu, gha_alias: '' }
cargo_cmd: { cmd_name: fmt, args: '--check', gha_alias: "Rustfmt" }
name: ${{ matrix.config.gha_alias }}${{ matrix.cargo_cmd.gha_alias }}
runs-on: ${{ matrix.config.os }}
env:
DD_API_KEY: ${{ secrets.DD_API_KEY }}
DD_APP_KEY: ${{ secrets.DD_APP_KEY }}
DD_SITE: ${{ vars.DD_SITE }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up Rust
uses: actions-rust-lang/setup-rust-toolchain@v1.10.1
- name: Fetch dependencies
run: cargo fetch
- name: Run cargo ${{ matrix.cargo_cmd.cmd_name }} ${{ matrix.cargo_cmd.args }}
uses: actions-rs/cargo@v1
with:
command: ${{ matrix.cargo_cmd.cmd_name }}
args: ${{ matrix.cargo_cmd.args }}
- name: Check python rulesets - part1
run: cargo run --locked --bin datadog-static-analyzer-test-ruleset -- -r python-best-practices -r python-security -r python-code-style -r python-inclusive
- name: Check python rulesets - part2
run: cargo run --locked --bin datadog-static-analyzer-test-ruleset -- -r python-django -r python-flask -r python-design
- name: Check Java rulesets
run: cargo run --locked --bin datadog-static-analyzer-test-ruleset -- -r java-security -r java-best-practices -r java-code-style
- name: Check Docker rulesets
run: cargo run --locked --bin datadog-static-analyzer-test-ruleset -- -r docker-best-practices