Release v1.0.0

.editorconfig

@@ -0,0 +1,11 @@
+root = true
+
+[*]
+charset = utf-8
+end_of_line = lf
+insert_final_newline = true
+max_line_length = 80
+indent_size =  4
+
+[*.yml]
+indent_size = 2

.eslintignore

@@ -0,0 +1 @@
+dist

.eslintrc.json

@@ -0,0 +1,24 @@
+{
+    "env": {
+        "node": true
+    },
+    "parser": "@typescript-eslint/parser",
+    "parserOptions": {
+        "project": "./tsconfig.json"
+    },
+    "plugins": [
+        "@typescript-eslint"
+    ],
+    "extends": [
+        "eslint:recommended",
+        "plugin:@typescript-eslint/eslint-recommended",
+        "plugin:@typescript-eslint/recommended-requiring-type-checking",
+        "plugin:@typescript-eslint/recommended",
+        "plugin:prettier/recommended",
+        "prettier",
+        "prettier/@typescript-eslint"
+    ],
+    "rules": {
+        "@typescript-eslint/explicit-function-return-type": 0
+    }
+}

.github/FUNDING.yml

@@ -0,0 +1 @@
+custom: https://svartalf.info/donate/

.github/workflows/ci.yml

@@ -0,0 +1,18 @@
+name: Continuous integration
+
+on: [pull_request, push]
+
+jobs:
+  main:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Create npm configuration
+        run: echo "//npm.pkg.github.com/:_authToken=${token}" >> ~/.npmrc
+        env:
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - uses: actions/checkout@v1
+      - run: npm ci
+      - run: npm run lint
+      - run: npm run build
+      - run: npm run test

.gitignore

@@ -0,0 +1,91 @@
+__tests__/runner/*
+
+# Rest pulled from https://github.com/github/gitignore/blob/master/Node.gitignore
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+lerna-debug.log*
+
+# Diagnostic reports (https://nodejs.org/api/report.html)
+report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
+
+# Runtime data
+pids
+*.pid
+*.seed
+*.pid.lock
+
+# Directory for instrumented libs generated by jscoverage/JSCover
+lib-cov
+
+# Coverage directory used by tools like istanbul
+coverage
+*.lcov
+
+# nyc test coverage
+.nyc_output
+
+# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
+.grunt
+
+# Bower dependency directory (https://bower.io/)
+bower_components
+
+# node-waf configuration
+.lock-wscript
+
+# Compiled binary addons (https://nodejs.org/api/addons.html)
+build/Release
+
+# Dependency directories
+node_modules/
+jspm_packages/
+
+# TypeScript v1 declaration files
+typings/
+
+# TypeScript cache
+*.tsbuildinfo
+
+# Optional npm cache directory
+.npm
+
+# Optional eslint cache
+.eslintcache
+
+# Optional REPL history
+.node_repl_history
+
+# Output of 'npm pack'
+*.tgz
+
+# Yarn Integrity file
+.yarn-integrity
+
+# dotenv environment variables file
+.env
+.env.test
+
+# parcel-bundler cache (https://parceljs.org/)
+.cache
+
+# next.js build output
+.next
+
+# nuxt.js build output
+.nuxt
+
+# vuepress build output
+.vuepress/dist
+
+# Serverless directories
+.serverless/
+
+# FuseBox cache
+.fusebox/
+
+# DynamoDB Local files
+.dynamodb/

.npmrc

@@ -0,0 +1 @@
+@actions-rs:registry=https://npm.pkg.github.com

.prettierrc.json

@@ -0,0 +1,7 @@
+{
+  "printWidth": 80,
+  "semi": true,
+  "singleQuote": true,
+  "tabWidth": 4,
+  "trailingComma": "all"
+}

CHANGELOG.md

@@ -0,0 +1,21 @@
+# Changelog
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+
+### Added
+
+- Problem matcher which will highlight warnings and errors in the cargo output
+
+### Changed
+
+- Use `@action-rs/core` package for cargo/cross execution
+
+## [1.0.1] - 2019-09-15
+
+### Added
+
+- First public version

LICENSE

@@ -0,0 +1,22 @@
+
+The MIT License (MIT)
+
+Copyright (c) 2019 actions-rs team and contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

README.md

@@ -1 +1,77 @@
-[WIP]
+# Rust `audit-check` Action
+
+![MIT licensed](https://img.shields.io/badge/license-MIT-blue.svg)
+[![Gitter](https://badges.gitter.im/actions-rs/community.svg)](https://gitter.im/actions-rs/community)
+
+> Security vulnerabilities audit
+
+This GitHub Action is using [cargo-audit](https://github.com/RustSec/cargo-audit)
+to perform an audit for crates with security vulnerabilities.
+
+## Usage
+
+### Audit changes
+
+We can utilize the GitHub Actions ability to execute workflow
+only if [specific files were changed](https://help.github.com/en/articles/workflow-syntax-for-github-actions#onpushpull_requestpaths)
+and execute this Action to check the changed dependencies only:
+
+```yaml
+name: Security audit
+on:
+  push:
+    paths: 
+      - '**/Cargo.toml'
+      - '**/Cargo.lock'
+jobs:
+  security_audit:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - uses: actions-rs/audit-check@v1
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+```
+
+In that case this Action will create a Check with the advisories found:
+
+![Check screenshot](.github/check_screenshot.png)
+
+#### Limitations
+
+Due to [token permissions](https://help.github.com/en/articles/virtual-environments-for-github-actions#token-permissions),
+this Action **WILL NOT** be able to create Checks for Pull Requests from the forked repositories,
+see [actions-rs/clippy-check#2](https://github.com/actions-rs/clippy-check/issues/2) for details.\
+As a fallback this Action will output all advisories found to the stdout.
+
+## Scheduled audit
+
+Another option is to use [`schedule`](https://help.github.com/en/articles/events-that-trigger-workflows#scheduled-events-schedule) event
+and execute this Action periodically against the repository default branch `HEAD`.
+
+```yaml
+name: Security audit
+on:
+  schedule:
+    - cron: '0 0 * * *'
+jobs:
+  audit:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - uses: actions-rs/audit-check@alpha
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+```
+
+With this workflow Action will be executed at midnight on each day
+and check if there any new advisories appear for crate dependencies.\
+For each such advisory an issue will be created:
+
+![Issue screenshot](.github/issue_screenshot.png)
+
+## Inputs
+
+| Name        | Required | Description                                                              | Type   | Default |
+| ------------| -------- | -------------------------------------------------------------------------| ------ | --------|
+| `token`     | ✓        | GitHub token, `${{ secrets.GITHUB_TOKEN }}`                              | string |         |

__tests__/input.test.ts

@@ -0,0 +1,7 @@
+describe('actions-rs/audit', () => {
+    beforeEach(() => {
+    })
+
+    it('Should do something', async () => {
+    });
+});

action.yml

@@ -0,0 +1,13 @@
+name: 'rust-audit-check'
+description: 'Run cargo audit and check for security advisories'
+author: 'actions-rs team'
+branding:
+  icon: play-circle
+  color: black
+inputs:
+  token:
+    required: true
+
+runs:
+  using: 'node12'
+  main: 'dist/index.js'

jest.config.json

@@ -0,0 +1,11 @@
+module.exports = {
+  clearMocks: true,
+  moduleFileExtensions: ['js', 'ts'],
+  testEnvironment: 'node',
+  testMatch: ['**/*.test.ts'],
+  testRunner: 'jest-circus/runner',
+  transform: {
+    '^.+\\.ts$': 'ts-jest'
+  },
+  verbose: true
+}