name: Audit
on:
push:
branches: [ master ]
pull_request:
workflow_dispatch:
permissions: {}
env:
CARGO_TERM_COLOR: always
jobs:
cargo-audit:
name: Cargo Audit
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout Repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd with:
persist-credentials: false
- name: Install cargo-audit
run: cargo install cargo-audit --locked
- name: Check for Audit Warnings
run: cargo audit -D warnings
continue-on-error: true
- name: Check for Audit Vulnerabilities
run: cargo audit
zizmor:
name: Zizmor
runs-on: ubuntu-latest
steps:
- name: Checkout Repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd with:
persist-credentials: false
- name: Install uv
uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b
- name: Run Zizmor
run: uvx zizmor .