diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml new file mode 100644 index 000000000..95aea49a3 --- /dev/null +++ b/.github/workflows/audit.yml @@ -0,0 +1,45 @@ +name: Security Audit + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + +on: + pull_request: + paths: + - ".github/workflows/audit.yml" + - "**/Cargo.toml" + - "**/Cargo.lock" + push: + branches: + - main + - unstable + paths: + - ".github/workflows/audit.yml" + - "**/Cargo.toml" + - "**/Cargo.lock" + schedule: + # Run daily at midnight + - cron: '0 0 * * *' + +permissions: + issues: write + checks: write + pull-requests: read + contents: read + +jobs: + security-audit: + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + project: [bolt-sidecar, bolt-cli, bolt-boost] + name: Security Audit for ${{ matrix.project }} + steps: + - uses: actions/checkout@v4 + - name: Run cargo audit + uses: rustsec/audit-check@v2 + with: + token: ${{ secrets.GITHUB_TOKEN }} + working-directory: ${{ matrix.project }} \ No newline at end of file diff --git a/.github/workflows/bolt_boost_ci.yml b/.github/workflows/boost-ci.yml similarity index 97% rename from .github/workflows/bolt_boost_ci.yml rename to .github/workflows/boost-ci.yml index 3917ec64e..b1859110d 100644 --- a/.github/workflows/bolt_boost_ci.yml +++ b/.github/workflows/boost-ci.yml @@ -2,6 +2,9 @@ name: Bolt Boost CI on: push: + branches: + - unstable + - main paths: - "bolt-boost/**" pull_request: diff --git a/.github/workflows/bolt_cli_ci.yml b/.github/workflows/cli-ci.yml similarity index 100% rename from .github/workflows/bolt_cli_ci.yml rename to .github/workflows/cli-ci.yml diff --git a/.github/workflows/bolt_cli_release_bins.yml b/.github/workflows/cli-release.yml similarity index 100% rename from .github/workflows/bolt_cli_release_bins.yml rename to .github/workflows/cli-release.yml diff --git a/.github/workflows/contracts_ci.yml b/.github/workflows/contracts-ci.yml similarity index 95% rename from .github/workflows/contracts_ci.yml rename to .github/workflows/contracts-ci.yml index 97190cef2..ee0e75051 100644 --- a/.github/workflows/contracts_ci.yml +++ b/.github/workflows/contracts-ci.yml @@ -1,11 +1,12 @@ -name: Bolt-contracts CI +name: Bolt Contracts CI on: push: - paths: - - "bolt-contracts/**" branches: - unstable + - main + paths: + - "bolt-contracts/**" pull_request: paths: - "bolt-contracts/**" diff --git a/.github/workflows/bolt_sidecar_ci.yml b/.github/workflows/sidecar-ci.yml similarity index 100% rename from .github/workflows/bolt_sidecar_ci.yml rename to .github/workflows/sidecar-ci.yml diff --git a/bolt-sidecar/Cargo.lock b/bolt-sidecar/Cargo.lock index 55680741b..5e49e3618 100644 --- a/bolt-sidecar/Cargo.lock +++ b/bolt-sidecar/Cargo.lock @@ -2275,9 +2275,9 @@ dependencies = [ [[package]] name = "clap" -version = "4.5.20" +version = "4.5.21" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b97f376d85a664d5837dbae44bf546e6477a679ff6610010f17276f686d867e8" +checksum = "fb3b4b9e5a7c7514dfa52869339ee98b3156b0bfb4e8a77c4ff4babb64b1604f" dependencies = [ "clap_builder", "clap_derive", @@ -2285,9 +2285,9 @@ dependencies = [ [[package]] name = "clap_builder" -version = "4.5.20" +version = "4.5.21" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "19bc80abd44e4bed93ca373a0704ccbd1b710dc5749406201bb018272808dc54" +checksum = "b17a95aa67cc7b5ebd32aa5370189aa0d79069ef1c64ce893bd30fb24bff20ec" dependencies = [ "anstream", "anstyle", diff --git a/bolt-sidecar/Cargo.toml b/bolt-sidecar/Cargo.toml index 575bcef4d..9660bad66 100644 --- a/bolt-sidecar/Cargo.toml +++ b/bolt-sidecar/Cargo.toml @@ -10,7 +10,7 @@ debug = true [dependencies] # core -clap = { version = "4.5.20", features = ["derive", "env"] } +clap = { version = "4.5.21", features = ["derive", "env"] } tokio = { version = "1", features = ["full"] } axum = { version = "0.7", features = ["macros"] } tower-http = { version = "0.5.2", features = ["timeout"] }