dependencies.yml

# Lifted mostly verbatim from Bevy v0.6.0 under MIT OR Apache-2.0.
# See <https://github.com/bevyengine/bevy/blob/458cb7a9e93dab3127bb99ce7bf8cfc3af18851d/.github/workflows/dependencies.yml>.

name: Dependencies

permissions:
  contents: read

on:
  pull_request:
    paths:
      - '**/Cargo.toml'
      - 'Cargo.lock'
      - 'deny.toml'
  push:
    paths:
      - '**/Cargo.toml'
      - 'Cargo.lock'
      - 'deny.toml'
      - '.github/workflows/dependencies.yml'
    branches-ignore:
      - 'dependabot/**'
  # This used to also be scheduled, but apparently GitHub also turns it off otherwise when deactivating that due to repository inactivity.

env:
  CARGO_TERM_COLOR: always

jobs:
  check-advisories:
    runs-on: ubuntu-22.04
    steps:
      - uses: actions/checkout@v4
      - uses: EmbarkStudios/cargo-deny-action@v1
        with:
          command: check advisories

  check-bans:
    runs-on: ubuntu-22.04
    steps:
      - uses: actions/checkout@v4
      - uses: EmbarkStudios/cargo-deny-action@v1
        with:
          command: check bans

  check-licenses:
    runs-on: ubuntu-22.04
    steps:
      - uses: actions/checkout@v4
      - uses: EmbarkStudios/cargo-deny-action@v1
        with:
          command: check licenses

  check-sources:
    runs-on: ubuntu-22.04
    steps:
      - uses: actions/checkout@v4
      - uses: EmbarkStudios/cargo-deny-action@v1
        with:
          command: check sources

  minimal-versions:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions-rs/toolchain@v1
        with:
          toolchain: nightly
          override: true
      - run: cargo update -Z minimal-versions
      - name: Checked for incompatible minimal versions
        run: cargo check --features _test