Add cargo-audit step to check for dependecy security issues

2019-04-10 16:22:36 -07:00 · 2019-04-10 16:22:36 -07:00 · c7ffc5b44d
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@ -13,15 +13,9 @@ orbs:
 jobs:
  test:
    docker:
-      - image: mozilla/cidockerbases:rust-2019-01-09
+      - image: mozilla/cidockerbases:rust-2019-04-10
    steps:
      - checkout
-      - run:
-          name: Rustfmt
-          command: cargo fmt -- --check
-      - run:
-          name: Clippy
-          command: cargo clippy --all-targets --all-features
      - run:
          name: Build
          command: cargo build --release
@ -35,6 +29,22 @@ jobs:
          file: target/cov/
          flags: flags cargo_kcov

+  lint:
+    docker:
+      - image: mozilla/cidockerbases:rust-2019-04-10
+    steps:
+      - checkout
+      - run:
+          name: Rustfmt
+          command: cargo fmt -- --check
+      - run:
+          name: Clippy
+          command: cargo clippy --all-targets --all-features
+      - run:
+          name: Package Audit
+          command: cargo audit
+
+
  build:
    docker:
      - image: mozilla/cidockerbases:docker-2019-01-09
@ -97,9 +107,20 @@ workflows:
  test:
    jobs:
      - test
+      - lint

  build-publish:
    jobs:
+      - test:
+          filters:
+            tags:
+              only: /.*/
+
+      - lint:
+          filters:
+            tags:
+              only: /.*/
+
      - build:
          filters:
            tags:
@ -107,6 +128,8 @@ workflows:

      - publish:
          requires:
+            - test
+            - lint
            - build
          filters:
            tags: