From 7d7424d2243080893d34386515471c971bde8b0f Mon Sep 17 00:00:00 2001
From: Jack Grigg <jack@electriccoin.co>
Date: Mon, 29 Apr 2024 15:48:57 +0000
Subject: [PATCH 1/2] CI: Migrate workflow away from `actions-rs`

---
 .github/workflows/aggregate-audits.yml | 17 +++++------------
 1 file changed, 5 insertions(+), 12 deletions(-)

diff --git a/.github/workflows/aggregate-audits.yml b/.github/workflows/aggregate-audits.yml
index 93655f8..6c84244 100644
--- a/.github/workflows/aggregate-audits.yml
+++ b/.github/workflows/aggregate-audits.yml
@@ -22,22 +22,15 @@ jobs:
         with:
           ref: ${{ github.head_ref }}
 
-      - uses: actions-rs/toolchain@v1
-        with:
-          toolchain: stable
-          override: true
+      - uses: dtolnay/rust-toolchain@stable
+        id: toolchain
+      - run: rustup override set ${{steps.toolchain.outputs.name}}
 
       - name: Install cargo-vet
-        uses: actions-rs/cargo@v1
-        with:
-          command: install
-          args: --git https://github.com/mozilla/cargo-vet.git cargo-vet
+        run: cargo install --git https://github.com/mozilla/cargo-vet.git cargo-vet
 
       - name: Aggregate audits
-        uses: actions-rs/cargo@v1
-        with:
-          command: vet
-          args: aggregate --output-file supply-chain/audits.toml supply-chain/sources.txt
+        run: cargo vet aggregate --output-file supply-chain/audits.toml supply-chain/sources.txt
 
       - name: Commit and push aggregated audits
         uses: stefanzweifel/git-auto-commit-action@v5

From 6d1812c0daa48e04cfe96b9b25410768c5c0ee75 Mon Sep 17 00:00:00 2001
From: Jack Grigg <jack@electriccoin.co>
Date: Fri, 19 Jul 2024 01:08:02 +0000
Subject: [PATCH 2/2] Switch to pinned `cargo-vet` version

---
 .github/workflows/aggregate-audits.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/aggregate-audits.yml b/.github/workflows/aggregate-audits.yml
index 6c84244..3d8ade4 100644
--- a/.github/workflows/aggregate-audits.yml
+++ b/.github/workflows/aggregate-audits.yml
@@ -27,7 +27,7 @@ jobs:
       - run: rustup override set ${{steps.toolchain.outputs.name}}
 
       - name: Install cargo-vet
-        run: cargo install --git https://github.com/mozilla/cargo-vet.git cargo-vet
+        run: cargo install cargo-vet --version ~0.9
 
       - name: Aggregate audits
         run: cargo vet aggregate --output-file supply-chain/audits.toml supply-chain/sources.txt