Files
goose/.github/workflows/cargo-audit.yml
T

33 lines
946 B
YAML

name: "Cargo Audit"
on:
push:
paths:
# Run if workflow changes
- '.github/workflows/cargo-audit.yml'
# Run on changed dependencies
- '**/Cargo.toml'
- '**/Cargo.lock'
# Run if the configuration file changes
- '**/audit.toml'
# Rerun periodically to pick up new advisories
schedule:
- cron: '0 0 * * *'
# Run manually
workflow_dispatch:
jobs:
audit:
runs-on: ubuntu-latest
permissions:
contents: read
issues: write
steps:
- uses: actions/checkout@v4
# https://github.com/marketplace/actions/cargo-audit-your-rust-dependencies
- uses: actions-rust-lang/audit@72c09e02f132669d52284a3323acdb503cfc1a24
name: Audit Rust Dependencies
with:
# sqlx-mysql pulls in rsa, but goose only uses sqlite. cargo-audit
# can't distinguish used from unused deps (rustsec/rustsec#1119).
ignore: RUSTSEC-2023-0071