name: Security Audit on: pull_request: paths: Cargo.lock push: branches: develop paths: Cargo.lock schedule: - cron: '0 0 * * *' jobs: # TODO: use actions-rs/audit-check security_audit: name: Security Audit runs-on: ubuntu-latest steps: - name: Checkout sources uses: actions/checkout@v1 - name: Cache cargo registry uses: actions/cache@v1 with: path: ~/.cargo/registry key: ${{ runner.os }}-cargo-registry-${{ hashFiles('Cargo.lock') }} - name: Cache cargo index uses: actions/cache@v1 with: path: ~/.cargo/git key: ${{ runner.os }}-cargo-index-${{ hashFiles('Cargo.lock') }} - name: Install stable toolchain uses: actions-rs/toolchain@v1 with: toolchain: stable override: true - name: Install cargo audit run: cargo install cargo-audit - name: Run cargo audit uses: actions-rs/cargo@v1 with: command: audit args: --deny-warnings --ignore RUSTSEC-2019-0031 # spin