pingora/.github/workflows/audit.yml at main · opc-source/pingora · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
name: Security Audit

on:
  push:
    branches:
      - master
    paths:
      - "**/Cargo.toml"
  schedule:
    - cron: "0 2 * * *" # run at 2 AM UTC

permissions:
  contents: read

jobs:
  security-audit:
    permissions:
      checks: write # for rustsec/audit-check to create check
      contents: read # for actions/checkout to fetch code
      issues: write # for rustsec/audit-check to create issues
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Generate Cargo.lock
        # https://github.com/rustsec/audit-check/issues/27
        run: cargo generate-lockfile --ignore-rust-version

      - name: Audit Check
        # https://github.com/rustsec/audit-check/issues/2
        uses: rustsec/audit-check@master
        with:
          token: ${{ secrets.GITHUB_TOKEN }}