mirror of
https://github.com/aaif-goose/goose.git
synced 2026-07-03 14:10:03 +02:00
81b0a348d6
Signed-off-by: Adrian Cole <adrian@tetrate.io>
33 lines
946 B
YAML
33 lines
946 B
YAML
name: "Cargo Audit"
|
|
on:
|
|
push:
|
|
paths:
|
|
# Run if workflow changes
|
|
- '.github/workflows/cargo-audit.yml'
|
|
# Run on changed dependencies
|
|
- '**/Cargo.toml'
|
|
- '**/Cargo.lock'
|
|
# Run if the configuration file changes
|
|
- '**/audit.toml'
|
|
# Rerun periodically to pick up new advisories
|
|
schedule:
|
|
- cron: '0 0 * * *'
|
|
# Run manually
|
|
workflow_dispatch:
|
|
|
|
jobs:
|
|
audit:
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: read
|
|
issues: write
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
# https://github.com/marketplace/actions/cargo-audit-your-rust-dependencies
|
|
- uses: actions-rust-lang/audit@72c09e02f132669d52284a3323acdb503cfc1a24
|
|
name: Audit Rust Dependencies
|
|
with:
|
|
# sqlx-mysql pulls in rsa, but goose only uses sqlite. cargo-audit
|
|
# can't distinguish used from unused deps (rustsec/rustsec#1119).
|
|
ignore: RUSTSEC-2023-0071
|