name: "Audit dependencies"
on:
push:
paths:
- .github/workflows/audit.yml
- "**/Cargo.toml"
- "**/Cargo.lock"
pull_request:
paths:
- "**/Cargo.toml"
- "**/Cargo.lock"
schedule:
- cron: "0 6 * * 1" workflow_dispatch:
permissions:
contents: read
jobs:
audit:
runs-on: ubuntu-latest
env:
CARGO_AUDIT_VERSION: "0.22.1"
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd with:
persist-credentials: false
- name: Install Rust toolchain
uses: actions-rust-lang/setup-rust-toolchain@46268bd060767258de96ed93c1251119784f2ab6 with:
cache: true
- name: Cache advisory database
uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae with:
path: ~/.cargo/advisory-db
key: advisory-db-${{ github.ref_name }}-v1
restore-keys: advisory-db-
- name: Install cargo-audit
uses: taiki-e/cache-cargo-install-action@417450f3c33ee20393705369577571770643d4c7 with:
tool: cargo-audit@${{ env.CARGO_AUDIT_VERSION }}
- name: Run cargo audit
run: |
cargo audit --json > audit-results.json
cargo audit
- name: Upload audit results
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a if: always()
with:
name: audit-results
path: audit-results.json