Add job to post audit status issue

Author: Nemo157

.github/workflows/nightly.yml

@@ -34,6 +34,8 @@ jobs:
     with:
       toolchain: nightly
       rustflags: -Zallow-features=
+  vet-status:
+    uses: ./.github/workflows/vet-status.yml
 
   create-issue:
     name: create issue
@@ -48,6 +50,7 @@ jobs:
     - updates-nightly
     - minimal-versions
     - minimal-versions-nightly
+    - vet-status
     steps:
     - uses: actions/checkout@v4
       with:
@@ -73,6 +76,7 @@ jobs:
     - updates-nightly
     - minimal-versions
     - minimal-versions-nightly
+    - vet-status
     steps:
     - uses: lee-dohm/close-matching-issues@v2
       with:

.github/workflows/vet-status.yml

@@ -0,0 +1,35 @@
+jobs:
+  vet-status:
+    name: cargo vet status
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+    - uses: actions/checkout@v4
+      if: hashFiles('supply-chain/config.toml') != ''
+      with:
+        repository: 'Nullus157/.github'
+        path: nullus.github
+    - uses: taiki-e/install-action@v2
+      if: hashFiles('supply-chain/config.toml') != ''
+      with:
+        tool: cargo-vet
+    - uses: taiki-e/cache-cargo-install-action@v1
+      if: hashFiles('supply-chain/config.toml') != ''
+      with:
+        tool: toml2json
+    - id: vet_status
+      uses: mathiasvr/command-output@v2.0.0
+      if: hashFiles('supply-chain/config.toml') != ''
+      with:
+        run: ./nullus.github/vet-status
+    - uses: JasonEtco/create-an-issue@v2
+      if: hashFiles('supply-chain/config.toml') != ''
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        VET_STATUS: ${{ steps.vet_status.outputs.stdout }}
+      with:
+        update_existing: true
+        filename: nullus.github/vet-status.md
+
+on:
+  workflow_call:

vet-status

@@ -0,0 +1,28 @@
+#!/usr/bin/env bash
+
+tq() {
+  toml2json "supply-chain/$1" | jq -r "$2 | keys | .[]"
+}
+
+local=($(tq audits.toml '.audits'))
+remote=($(tq imports.lock '.audits["first-party"].audits'))
+audited=($( (echo ${local[@]}; echo ${remote[@]}) | sort -u))
+imported=($(tq imports.lock '.audits | del(."first-party") | .[].audits' | sort -u))
+trusted=($(tq audits.toml '.trusted'))
+exempted=($(tq config.toml '.exemptions'))
+
+log() {
+  title=$1
+  shift
+  echo
+  echo "<details><summary>$title: $#</summary>"
+  echo
+  printf ' * %s\n' "$@"
+  echo
+  echo "</details>"
+}
+
+log Audited "${audited[@]}"
+log Imported "${imported[@]}"
+log Trusted "${trusted[@]}"
+log Exempted "${exempted[@]}"

vet-status.md

@@ -0,0 +1,6 @@
+---
+title: "`cargo vet` status"
+labels: supply-chain/status
+---
+
+{{ env.VET_STATUS }}