Merge pull request #52 from RAprogramm/new_version

New version

Author: RAprogramm

.cargo/audit.toml

@@ -0,0 +1,5 @@
+[advisories]
+ignore = ["RUSTSEC-2023-0071"] # rsa / Marvin Attack; тянется опционально через sqlx-mysql, мы mysql не используем
+severity_threshold = "low"
+informational_warnings = ["unmaintained"] # опционально
+

.cargo/config.toml

@@ -0,0 +1,3 @@
+[patch.crates-io]
+masterror-derive = { path = "masterror-derive" }
+masterror-template = { path = "masterror-template" }

.github/actions/cargo-deny/action.yml

@@ -0,0 +1,41 @@
+name: "Cargo Deny Check"
+description: "Install and run cargo-deny against the workspace"
+inputs:
+  version:
+    description: "cargo-deny crate version to install"
+    required: false
+    default: "0.18.4"
+  checks:
+    description: "Space-separated list of cargo deny check types (leave empty to run all)"
+    required: false
+    default: "advisories bans licenses sources"
+runs:
+  using: "composite"
+  steps:
+    - name: Ensure cargo-deny
+      shell: bash
+      env:
+        CARGO_DENY_VERSION: ${{ inputs.version }}
+      run: |
+        set -euo pipefail
+        current_version=""
+        if command -v cargo-deny >/dev/null 2>&1; then
+          current_version="$(cargo-deny --version | awk '{print $2}')"
+        fi
+        if [ "$current_version" = "$CARGO_DENY_VERSION" ]; then
+          echo "cargo-deny $CARGO_DENY_VERSION already installed"
+          exit 0
+        fi
+        echo "Installing cargo-deny $CARGO_DENY_VERSION"
+        cargo install cargo-deny --locked --force --version "$CARGO_DENY_VERSION"
+    - name: Run cargo-deny
+      shell: bash
+      env:
+        CHECKS: ${{ inputs.checks }}
+      run: |
+        set -euo pipefail
+        if [ -z "${CHECKS// }" ]; then
+          cargo-deny check
+        else
+          cargo-deny check ${CHECKS}
+        fi

.github/workflows/reusable-ci.yml

@@ -182,6 +182,9 @@ jobs:
             cargo +${{ steps.msrv.outputs.msrv }} clippy --workspace --all-targets -- -D warnings
           fi
 
+      - name: Cargo deny
+        uses: ./.github/actions/cargo-deny
+
       - name: Tests (MSRV)
         shell: bash
         run: |
@@ -192,6 +195,12 @@ jobs:
             cargo +${{ steps.msrv.outputs.msrv }} test --workspace --no-fail-fast
           fi
 
+      - name: Install cargo-audit
+        run: cargo install --locked cargo-audit
+
+      - name: Security audit
+        run: cargo audit --deny warnings
+
       - name: Auto-commit README changes (any branch)
         if: always()
         run: |

.hooks/pre-commit

@@ -16,6 +16,12 @@ cargo clippy --workspace --all-targets --all-features -- -D warnings
 echo "🧪 Running tests (all features)..."
 cargo test --workspace --all-features
 
+echo "🛡️ Running cargo audit..."
+if ! command -v cargo-audit >/dev/null 2>&1; then
+  cargo install --locked cargo-audit >/dev/null
+fi
+cargo audit
+
 # Uncomment if you want to validate SQLx offline data
 # echo "📦 Validating SQLx prepare..."
 # cargo sqlx prepare --check --workspace