.github/workflows/security_audit.yml

name: Security Audit
on:
  pull_request:
    paths: Cargo.lock
  push:
    branches: main
    paths: Cargo.lock
  schedule:
    - cron: '0 0 * * *'

jobs:
  # TODO: use actions-rs/audit-check
  security_audit:
    name: Security Audit
    runs-on: ubuntu-latest
    steps:
      - name: Checkout sources
        uses: actions/checkout@v1

      - name: Cache cargo registry
        uses: actions/cache@v1
        with:
          path: ~/.cargo/registry
          key: ${{ runner.os }}-cargo-registry-${{ hashFiles('Cargo.lock') }}

      - name: Cache cargo index
        uses: actions/cache@v1
        with:
          path: ~/.cargo/git
          key: ${{ runner.os }}-cargo-index-${{ hashFiles('Cargo.lock') }}

      - name: Install stable toolchain
        uses: actions-rs/toolchain@v1
        with:
          toolchain: stable
          override: true

      - name: Install cargo audit
        run: cargo install cargo-audit

      - name: Run cargo audit
        uses: actions-rs/cargo@v1
        with:
          command: audit
          args: --deny warnings