name: Security Audit
on:
pull_request:
merge_group:
push:
branches: [master]
env:
CARGO_TERM_COLOR: always
permissions: {}
jobs:
supply-chain:
name: 'cargo-audit'
runs-on: ubuntu-latest
timeout-minutes: 30
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 with:
persist-credentials: false
- uses: dtolnay/rust-toolchain@22a6a5b0f9f487c5f5587025ae9d4a1caf2a8a78
- uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 with:
cache-on-failure: true
- name: Install cargo-audit
run: cargo install cargo-audit --force --locked
- name: Check for audit warnings
run: cargo audit -D warnings
continue-on-error: true
- name: Check for vulnerabilities
run: cargo audit