This repository was responsible for building and persisting binary crates cache, which were used later by actions-rs/install Action.
Deprecation warning
It is archived now and will not be updated anymore. actions-rs/install Action will be updated eventually to utilize GitHub runners cache to store compiled binaries.
See workflow file for a list of crates, which are stored in the cache storage.
If you want to suggest a new crate to be added into the crate cache, check if it was asked before already, and if not - create a new issue.
Binary crates cache is stored at the third party server (AWS S3),
meaning that using this tool cache is potentially less secure
than just calling cargo install command.
Pre-built binaries are executed directly in the virtual environments and have full access to them, including access to the environment variables, secrets, access tokens and so on.
Malicious parties potentially might replace these pre-built binaries, leading to the security breach. We try our best to mitigate any potential security problems, but you must acknowledge that fact before using any @actions-rs Action, which uses this cache internally and explicitly enabling this functionality.
- Crates are compiled right here at GitHub
- Crates are signed with 4096 bit RSA key
- That RSA key is stored in the GitHub secrets
- Actions at @actions-rs are validating this signature after the file downloading
- Compiled crates are stored in the AWS S3 bucket and served via AWS CloudFront
- MFA is enabled for AWS root user
- Separate AWS user for files uploading has the console access disabled
and only one permission:
PutObjectfor this S3 bucket - AWS access key and other confidential details are stored in the GitHub secrets
Refer to the @actions-rs/install documentation to learn more about files downloading and validating.
Any contributions are welcomed!
If you want to report a bug or have a feature request, check the Contributing guide.
You can also support author by funding the ongoing project work, see Sponsoring.