Skip to content

security-audit

security-audit #76

# yaml-language-server: $schema=https://json.schemastore.org/github-workflow
name: security-audit
permissions:
contents: read
on:
push:
paths:
- "**/Cargo.toml"
schedule:
# Weekly, i.e. on Sunday at 04:42 UTC
- cron: "42 4 * * 0"
workflow_dispatch:
jobs:
run:
runs-on: ubuntu-latest
steps:
- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@stable
- name: Install cargo-audit
run: cargo install cargo-audit
- uses: actions/checkout@v4
- name: Generate Cargo.lock
run: cargo generate-lockfile
- name: Cache Rust toolchain and build artifacts
uses: Swatinem/rust-cache@v2
with:
# The cache should not be shared between different workflows and jobs.
shared-key: ${{ github.workflow }}-${{ github.job }}
# Two jobs might share the same default target but have different build targets.
key: ${{ matrix.target }}
- name: Run security audit
run: cargo audit --deny unsound --deny yanked