name: Security audit
on:
push:
paths:
- '**/Cargo.toml'
- '**/Cargo.lock'
pull_request:
paths:
- '**/Cargo.toml'
- '**/Cargo.lock'
schedule:
- cron: '12 12 12 * *'
env:
CARGO_TERM_COLOR: always
CLICOLOR: 1
RUST_BACKTRACE: 1
jobs:
security_audit:
runs-on: ubuntu-latest
permissions:
checks: write
steps:
- name: Checkout repository
uses: actions/checkout@v6
- name: Install Rust
uses: actions-rs/toolchain@v1.0.6
with:
toolchain: stable
profile: minimal
override: true
- name: Cargo Audit
uses: actions-rs/audit-check@v1.2.0
with:
token: ${{ secrets.GITHUB_TOKEN }}
cargo_deny:
runs-on: ubuntu-latest
permissions:
checks: write
strategy:
matrix:
checks:
- bans licenses sources
steps:
- name: Checkout repository
uses: actions/checkout@v6
- name: Cargo Deny
uses: EmbarkStudios/cargo-deny-action@v2
with:
command: check ${{ matrix.checks }}
rust-version: stable