{"id":36691892,"url":"https://github.com/qernal/github-actions-rust-clippy","last_synced_at":"2026-01-12T11:22:00.851Z","repository":{"id":41145179,"uuid":"338468960","full_name":"qernal/github-actions-rust-clippy","owner":"qernal","description":"GitHub Actions: Clippy/Cargo package","archived":false,"fork":false,"pushed_at":"2022-12-27T02:18:23.000Z","size":164,"stargazers_count":1,"open_issues_count":3,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-10-28T07:22:22.574Z","etag":null,"topics":["actions","opensource"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/qernal.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-02-13T00:52:32.000Z","updated_at":"2023-10-02T10:02:30.000Z","dependencies_parsed_at":"2023-01-11T17:22:04.475Z","dependency_job_id":null,"html_url":"https://github.com/qernal/github-actions-rust-clippy","commit_stats":{"total_commits":44,"total_committers":3,"mean_commits":"14.666666666666666","dds":0.5227272727272727,"last_synced_commit":"a81d3695b821a19ee95e2cbc10e57ad8c3840354"},"previous_names":[],"tags_count":13,"template":false,"template_full_name":null,"purl":"pkg:github/qernal/github-actions-rust-clippy","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/qernal%2Fgithub-actions-rust-clippy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/qernal%2Fgithub-actions-rust-clippy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/qernal%2Fgithub-actions-rust-clippy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/qernal%2Fgithub-actions-rust-clippy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/qernal","download_url":"https://codeload.github.com/qernal/github-actions-rust-clippy/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/qernal%2Fgithub-actions-rust-clippy/sbom","scorecard":{"id":753125,"data":{"date":"2025-08-11","repo":{"name":"github.com/qernal/github-actions-rust-clippy","commit":"a81d3695b821a19ee95e2cbc10e57ad8c3840354"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.8,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":0,"reason":"Found 0/13 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/main.yaml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yaml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/qernal/github-actions-rust-clippy/main.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yaml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/qernal/github-actions-rust-clippy/main.yaml/main?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating clux/muslrust:1.61.0-stable to clux/muslrust:1.61.0-stable@sha256:af134b4101e2d261b84e56825a3cf948fe17c475f230a2d5c0fa67cc70ca401c","Info:   0 out of   1 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   1 third-party GitHubAction dependencies pinned","Info:   0 out of   1 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-22T20:52:21.391Z","repository_id":41145179,"created_at":"2025-08-22T20:52:21.392Z","updated_at":"2025-08-22T20:52:21.392Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28338971,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-12T10:58:46.209Z","status":"ssl_error","status_checked_at":"2026-01-12T10:58:42.742Z","response_time":98,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["actions","opensource"],"created_at":"2026-01-12T11:21:59.546Z","updated_at":"2026-01-12T11:22:00.836Z","avatar_url":"https://github.com/qernal.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Github Actions: Rust Clippy\n\n![MIT licensed](https://img.shields.io/badge/license-MIT-blue.svg)\n\nGithub action to run clippy against a repository, this providers linting with the following features;\n\n- Globbing for repositories that have multiple rust projects in them\n- SSH key for projects that use cargo to pull private Git repositories\n- Error and Warning outputs that highlight specific lines on PR's and commits\n- Specify specific version of Rust to use\n- GitHub PAT use and SSH path rewriting\n\n![alt text](gh_lint_example.png \"GitHub Lint Example\")\n\n## Workflow configuration\n\nTo use this action, define it in your workflow;\n\n```yaml\non: [push, pull_request]\n\njobs:\n  lint:\n    runs-on: self-hosted\n    name: Lint package\n    steps:\n      - uses: actions/checkout@v3\n      - uses: qernal/github-actions-rust-clippy@v2.0.2\n```\n\n## Action parameters\n\n| Parameter | Description | Required |\n| ---- | ---- | ---- |\n| `clippy_args` | Arguments for clippy configuration, space separated list as \"--arg1 --arg2\" | N |\n| `path_glob` | Glob for path finding (when a repository has multiple rust projects) | N |\n| `git_ssh_key` | Base64 encoded SSH key used for cargo when private git repositories are specified | N |\n| `github_pat` | GitHub PAT (token) for PAT authentication when private git repositories are specified | N |\n| `ssh_path_rewrite` | Rewrite SSH GitHub urls into HTTPS equivalent, only used with `github_token` | N |\n| `threads` | Threads to run at once - for concurrency of functions used with `path_glob` (integer) | N |\n| `rust_version` | Version of rust to use, e.g. `1.42` otherwise the latest at action compilation will be used | N |\n\nExample;\n\n```yaml\n    steps:\n      - uses: actions/checkout@v3\n      - uses: qernal/github-actions-rust-clippy@v2.0.2\n        with:\n          args: \"--verbose,--all-targets\"\n          path_glob: \"**/src\"\n          git_ssh_key: \"${{ secrets.base64_ssh_key }}\" # Must be base64 encoded and a valid RSA key\n          rust_version: 1.59\n```\n\n## Manual runs\n\nYou can use the container without the context of the runner, and just run the container like so;\n\n```bash\ndocker run --rm -v `pwd`:/github/workspace ghcr.io/qernal/gh-actions/rust-clippy-x86_64:v2.0.2\n```\n\nReplace the `pwd` with your workspace if you're not running from the current directory\n\n## Development\n\n### Building Locally\n\nIn the root of this repository, the following will buuld the container;\n\n```bash\ndocker build -t ghcr.io/qernal/gh-actions/rust-clippy-x86_64:v2.0.2 -f ./Dockerfile ./\n```\n\n### Running Locally\n\nThe GitHub action call can be simulated locally, an example of this is below;\n\n```bash\n# Glob example of multiple cargos\ndocker run --rm -e INPUT_PATH_GLOB=src/functions/*/*/ -e INPUT_THREADS=4 -e INPUT_GIT_SSH_KEY=\"$(cat ~/.ssh/my_key | base64 -w0)\" -v `pwd`:/github/workspace ghcr.io/qernal/gh-actions/rust-clippy-x86_64:v2.0.2\n\n# Specifiying rust version\ndocker run --rm -e INPUT_RUST_VERSION=1.56 -e INPUT_THREADS=4 -e INPUT_GIT_SSH_KEY=\"$(cat ~/.ssh/my_key | base64 -w0)\" -v `pwd`:/github/workspace ghcr.io/qernal/gh-actions/rust-clippy-x86_64:v2.0.2\n```","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fqernal%2Fgithub-actions-rust-clippy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fqernal%2Fgithub-actions-rust-clippy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fqernal%2Fgithub-actions-rust-clippy/lists"}