Skip to content

Commit

Permalink
Run cargo audit (#579)
Browse files Browse the repository at this point in the history 
### What

We should run `cargo audit` when package lists change to make sure we
don't introduce any new vulnerabilities.

### How

Turns out an action already exists for this:
https://github.com/marketplace/actions/rust-audit-check
  • Loading branch information
@i-am-tom
i-am-tom authored Aug 19, 2024
1 parent 0b89ef8 commit 1ee2c67
Showing 1 changed file with 23 additions and 0 deletions.
23 changes: 23 additions & 0 deletions .github/workflows/cargo-audit.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
on: [push]

name: cargo audit

jobs:
cargo_audit:
name: cargo audit
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4

- uses: dorny/paths-filter@v3
id: changes
with:
filters: |
cargo:
- "**/Cargo.toml"
- "**/Cargo.lock"
- if: steps.changes.outputs.cargo == 'true'
uses: actions-rs/audit-check@v1
with:
token: ${{ secrets.GITHUB_TOKEN }}

0 comments on commit 1ee2c67

Please sign in to comment.