Ci/Schedule dependencies checks (#1014)

* ci: Add audit file * ci: Schedule dependencies checks * mnist-inference-web: Remove unused dep * Run when a new release is created * Fix comment
2023-11-30 19:06:27 +01:00 · 2023-11-30 19:06:27 +01:00 · ba1de9c654
parent f73136e3df
commit ba1de9c654
3 changed files with 41 additions and 21 deletions
--- a/.github/workflows/dependencies.yml
+++ b/.github/workflows/dependencies.yml
@ -1,17 +1,11 @@
 name: dependencies

 on:
+  schedule:
+    - cron: '0 21 * * TUE' # Run every Tuesday at 21:00 (UTC)
  push:
-    branches:
-      - main
-    paths:
-      - '**/Cargo.lock'
-      - '**/Cargo.toml'
-  pull_request:
-    types: [opened, synchronize]
-    paths:
-      - '**/Cargo.lock'
-      - '**/Cargo.toml'
+    tags:
+      - 'v*.*.*'

 concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
@ -40,14 +34,14 @@ jobs:
          toolchain: nightly
          components: rustfmt

-      # - name: Install cargo-udeps
-      #   env:
-      #     UDEPS_LINK: https://github.com/est31/cargo-udeps/releases/download
-      #     UDEPS_VERSION: v0.1.43
-      #   run: |
-      #     curl -L "$UDEPS_LINK/$UDEPS_VERSION/cargo-udeps-$UDEPS_VERSION-x86_64-unknown-linux-gnu.tar.gz" |
-      #     tar xz -C $HOME/.cargo/bin --strip-components 2
+      - name: Install cargo-udeps
+        env:
+          UDEPS_LINK: https://github.com/est31/cargo-udeps/releases/download
+          UDEPS_VERSION: v0.1.43
+        run: |
+          curl -L "$UDEPS_LINK/$UDEPS_VERSION/cargo-udeps-$UDEPS_VERSION-x86_64-unknown-linux-gnu.tar.gz" |
+          tar xz -C $HOME/.cargo/bin --strip-components 2

-      # - name: Run cargo-udeps
-      #   run: |
-      #     cargo +nightly udeps --all-targets
+      - name: Run cargo-udeps
+        run: |
+          cargo +nightly udeps --all-targets
--- a/audit.toml
+++ b/audit.toml
@ -0,0 +1,27 @@
+# Audit config file
+#
+# It may be located in the user home (`~/.cargo/audit.toml`) or in the project
+# root (`.cargo/audit.toml`).
+#
+# All of the options which can be passed via CLI arguments can also be
+# permanently specified in this file.
+
+[advisories]
+ignore = [] # advisory IDs to ignore e.g. ["RUSTSEC-2019-0001", ...]
+informational_warnings = ["unmaintained"] # warn for categories of informational advisories
+severity_threshold = "low" # CVSS severity ("none", "low", "medium", "high", "critical")
+
+# Advisory Database Configuration
+[database]
+path = "~/.cargo/advisory-db" # Path where advisory git repo will be cloned
+
+# Output Configuration
+[output]
+deny = ["unmaintained"] # exit on error if unmaintained dependencies are found
+format = "terminal" # "terminal" (human readable report) or "json"
+quiet = false # Only print information on error
+show_tree = true # Show inverse dependency trees along with advisories (default: true)
+
+[yanked]
+enabled = true # Warn for yanked crates in Cargo.lock (default: true)
+update_index = true # Auto-update the crates.io index (default: true)
--- a/examples/mnist-inference-web/Cargo.toml
+++ b/examples/mnist-inference-web/Cargo.toml
@ -19,7 +19,6 @@ wgpu = ["burn/wgpu"]
 burn = { path = "../../burn", default-features = false }
 serde = { workspace = true }
 wasm-bindgen = { version = "0.2.88" }
-wasm-bindgen-futures = "0.4"
 js-sys = "0.3.65"

 [dev-dependencies]