From c019e1b25d0065a1b5a9431658d88c53c84c2fe3 Mon Sep 17 00:00:00 2001
From: Stefan Lankes <slankes@eonerc.rwth-aachen.de>
Date: Mon, 7 Oct 2024 18:57:39 +0000
Subject: [PATCH] add workflows to test the container shim

---
 .github/dependabot.yml               | 21 +++++++++++++++
 .github/workflows/ci.yml             | 38 ++++++++++++++++++++++++++++
 .github/workflows/security_audit.yml | 13 ++++++++++
 3 files changed, 72 insertions(+)
 create mode 100644 .github/dependabot.yml
 create mode 100644 .github/workflows/ci.yml
 create mode 100644 .github/workflows/security_audit.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..f55d618
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,21 @@
+# https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
+
+version: 2
+updates:
+
+  - package-ecosystem: "cargo"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      timezone: "Europe/Berlin"
+    groups:
+      netlink:
+        patterns:
+          - "netlink*"
+          - "rtnetlink"
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      timezone: "Europe/Berlin"
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
new file mode 100644
index 0000000..e2157f4
--- /dev/null
+++ b/.github/workflows/ci.yml
@@ -0,0 +1,38 @@
+name: CI
+
+on:
+  pull_request:
+  merge_group:
+
+jobs:
+  clippy:
+    name: Clippy
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: dtolnay/rust-toolchain@stable
+        with:
+          components: clippy
+      - run: cargo clippy --locked -- -D warnings
+
+  fmt:
+    name: Format check
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: dtolnay/rust-toolchain@stable
+        with:
+          components: rustfmt
+      - run: cargo fmt -- --check
+
+  test:
+    name: Build
+    runs-on: ubuntu-latest
+    - uses: actions/checkout@v4
+      with:
+         lfs: true
+    - uses: dtolnay/rust-toolchain@stable
+    - uses: Swatinem/rust-cache@v2
+    - name: Build shim
+      run: |
+        cargo build
diff --git a/.github/workflows/security_audit.yml b/.github/workflows/security_audit.yml
new file mode 100644
index 0000000..9e305d9
--- /dev/null
+++ b/.github/workflows/security_audit.yml
@@ -0,0 +1,13 @@
+name: Security audit
+on:
+  schedule:
+    - cron: '0 0 * * *'
+      
+jobs:
+  security_audit:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions-rs/audit-check@v1
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}