name: Security
on:
schedule:
- cron: '0 0 * * 0'
workflow_dispatch:
push:
paths:
- 'Cargo.toml'
- 'Cargo.lock'
env:
CARGO_TERM_COLOR: always
jobs:
audit:
runs-on: ubuntu-latest
name: Security audit
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@stable
- name: Rust cache
uses: Swatinem/rust-cache@v2
with:
key: security-audit
- name: Install cargo-audit
uses: taiki-e/install-action@v2
with:
tool: cargo-audit
- name: Run security audit
run: cargo audit
licenses:
runs-on: ubuntu-latest
name: License check
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@stable
- name: Rust cache
uses: Swatinem/rust-cache@v2
with:
key: licenses
- name: Install cargo-deny
uses: taiki-e/install-action@v2
with:
tool: cargo-deny
- name: Check licenses
run: cargo deny check licenses
continue-on-error: true
- name: Check advisories
run: cargo deny check advisories
- name: Check bans
run: cargo deny check bans
continue-on-error: true