From f0357de1277e71fbee37ab42967e2800ff247f3f Mon Sep 17 00:00:00 2001 From: leo <77177015+greendoescode@users.noreply.github.com> Date: Fri, 14 Jun 2024 16:03:51 +0100 Subject: [PATCH] fix: audit.yml fix, again --- .github/workflows/audit.yml | 29 +++++++++++++++++++++-------- 1 file changed, 21 insertions(+), 8 deletions(-) diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml index 9db8958..84e22d0 100644 --- a/.github/workflows/audit.yml +++ b/.github/workflows/audit.yml @@ -1,16 +1,29 @@ -# A routine check to see if there are any Rust-specific security vulnerabilities -# in the repo we should be aware of. - -name: audit +name: "Audit Dependencies" on: - workflow_dispatch: + push: + paths: + # Run if workflow changes + - '.github/workflows/audit.yml' + # Run on changed dependencies + - '**/Cargo.toml' + - '**/Cargo.lock' + # Run if the configuration file changes + - '**/audit.toml' + # Rerun periodicly to pick up new advisories schedule: - - cron: "0 0 * * 1" # every Monday + - cron: '0 0 * * *' + # Run manually + workflow_dispatch: + jobs: audit: runs-on: ubuntu-latest + permissions: + contents: read + issues: write steps: - - uses: actions/checkout@v3 - - uses: actions-rs/audit-check@v1.2.0 + - uses: actions/checkout@v4 + - uses: actions-rust-lang/audit@v1 + name: Audit Rust Dependencies with: token: ${{ secrets.TOKEN }}