holocron 0.1.3

Declarative schema & query compiler — one YAML as the source of truth for SQL schema and a type-checked query catalog.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32

name: Security Audit

# Scans the dependency tree for known vulnerabilities (RustSec advisories).
# Runs when dependencies change and weekly, to catch newly-disclosed advisories.
on:
  push:
    branches: [main]
    paths:
      - "**/Cargo.toml"
      - "**/Cargo.lock"
  pull_request:
    branches: [main]
    paths:
      - "**/Cargo.toml"
      - "**/Cargo.lock"
  schedule:
    # Weekly, so newly-disclosed advisories are caught even without code changes.
    - cron: "0 6 * * 1"

permissions:
  contents: read
  issues: write

jobs:
  audit:
    name: Vulnerability Scan (cargo-audit)
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v7
      - uses: rustsec/audit-check@v2
        with:
          token: ${{ secrets.GITHUB_TOKEN }}