Skip to content

fix(security): skip symbolic links during skill updates #810

fix(security): skip symbolic links during skill updates

fix(security): skip symbolic links during skill updates #810

Workflow file for this run

name: Code Quality Analysis
on:
push:
branches: [main]
pull_request:
branches: [main]
workflow_dispatch:
permissions:
contents: read
pull-requests: read
env:
CARGO_TERM_COLOR: always
jobs:
coverage-and-analysis:
name: Coverage, Codecov, and SonarCloud
runs-on: ubuntu-latest
env:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
steps:
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
fetch-depth: 0
- name: Setup Rust toolchain
uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # v1
with:
toolchain: stable
components: llvm-tools-preview
- name: Cache cargo registry
uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
with:
path: |
~/.cargo/registry
~/.cargo/git
target
key: ${{ runner.os }}-cargo-coverage-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
${{ runner.os }}-cargo-coverage-
- name: Install cargo-llvm-cov
run: cargo install cargo-llvm-cov --locked
- name: Generate Rust coverage reports
run: |
cargo llvm-cov clean --workspace
mkdir -p target/coverage
cargo llvm-cov --workspace --all-features --lcov --output-path target/coverage/rust.lcov.info
cargo llvm-cov report --cobertura --output-path target/coverage/rust-cobertura.xml
- name: Upload coverage to Codecov
if: ${{ env.CODECOV_TOKEN != '' }}
uses: codecov/codecov-action@e79a6962e0d4c0c17b229090214935d2e33f8354 # v6
with:
files: target/coverage/rust.lcov.info
fail_ci_if_error: true
verbose: true
env:
CODECOV_TOKEN: ${{ env.CODECOV_TOKEN }}
- name: Upload coverage to Codecov (tokenless)
if: ${{ env.CODECOV_TOKEN == '' }}
uses: codecov/codecov-action@e79a6962e0d4c0c17b229090214935d2e33f8354 # v6
with:
files: target/coverage/rust.lcov.info
fail_ci_if_error: true
verbose: true
- name: Analyze with SonarCloud
if: ${{ env.SONAR_TOKEN != '' && (github.event_name != 'pull_request' || !github.event.pull_request.head.repo.fork) }}
uses: SonarSource/sonarqube-scan-action@7006c4492b2e0ee0f816d36501671557c97f5995 # v8.1.0
with:
args: >-
-Dsonar.projectBaseDir=.
env:
SONAR_TOKEN: ${{ env.SONAR_TOKEN }}