name: cargo install author: David Tolnay description: Fast `cargo install` action using a GitHub-based binary cache runs: using: composite steps: - name: Check inputs run: | echo "crate=cargo-outdated" >> $GITHUB_OUTPUT echo "bin=cargo-outdated" >> $GITHUB_OUTPUT shell: bash id: inputs - name: Determine cargo bin directory run: echo "dir=$(dirname $(which cargo))" >> $GITHUB_OUTPUT shell: bash id: cargo - name: Download ${{steps.inputs.outputs.bin}} run: curl --output ${{steps.cargo.outputs.dir}}/${{steps.inputs.outputs.bin}} https://github.com/dtolnay/install/releases/download/${{steps.inputs.outputs.crate}}/${{steps.inputs.outputs.bin}} --location --silent --show-error --fail --retry 5 shell: bash - name: Download ${{steps.inputs.outputs.bin}}.sig run: curl --output ${{runner.temp}}/${{steps.inputs.outputs.bin}}.sig https://github.com/dtolnay/install/releases/download/${{steps.inputs.outputs.crate}}/${{steps.inputs.outputs.bin}}.sig --location --silent --show-error --fail --retry 5 shell: bash - name: Retrieve public key of signing key run: gpg --output ${{runner.temp}}/signing-key.gpg --yes --dearmor ${{github.action_path}}/signing-key.asc shell: bash - name: Verify gpg signature run: gpg --no-default-keyring --keyring ${{runner.temp}}/signing-key.gpg --trusted-key 830334D6A6010C41 --verify ${{runner.temp}}/${{steps.inputs.outputs.bin}}.sig ${{steps.cargo.outputs.dir}}/${{steps.inputs.outputs.bin}} shell: bash - name: Set executable bit run: chmod +x ${{steps.cargo.outputs.dir}}/${{steps.inputs.outputs.bin}} shell: bash