ci: update audit workflow

Signed-off-by: simonsan <[email protected]>
rustic-rs · Nov 5, 2024 · 5daa724 · 5daa724
1 parent 9d31e5f
commit 5daa724
Showing 1 changed file with 27 additions and 9 deletions.
diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml
@@ -2,15 +2,18 @@ name: Security audit
 
 on:
   pull_request:
+    paths:
+      - '**/Cargo.toml'
+      - '**/Cargo.lock'
+      - '**.yml'
   schedule:
     # Runs at 00:00 UTC everyday
     - cron: "0 0 * * *"
   push:
     paths:
-      - "**/Cargo.toml"
-      - "**/Cargo.lock"
-      - "crates/**/Cargo.toml"
-      - "crates/**/Cargo.lock"
+      - '**/Cargo.toml'
+      - '**/Cargo.lock'
+      - '**.yml'
   merge_group:
     types: [checks_requested]
 
@@ -24,18 +27,18 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4
       # Ensure that the latest version of Cargo is installed
       - name: Install Rust toolchain
         uses: dtolnay/rust-toolchain@1482605bfc5719782e1267fd0c0cc350fe7646b8 # v1
         with:
           toolchain: stable
-      - uses: Swatinem/rust-cache@a95ba195448af2da9b00fb742d14ffaaf3c21f43 # v2
+      - uses: Swatinem/rust-cache@82a92a6e8fbeee089604da2575dc567ae9ddeaab # v2
 
       - name: Generate lockfile (Cargo.lock)
         run: cargo generate-lockfile
 
-      - uses: rustsec/audit-check@dd51754d4e59da7395a4cd9b593f0ff2d61a9b95 # v1.4.1
+      - uses: rustsec/audit-check@69366f33c96575abad1ee0dba8212993eecbe998 # v2.0.0
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
 
@@ -44,8 +47,23 @@ jobs:
     name: Run cargo-deny
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4
 
-      - uses: EmbarkStudios/cargo-deny-action@a50c7d5f86370e02fae8472c398f15a36e517bb8 # v1
+      - uses: EmbarkStudios/cargo-deny-action@8371184bd11e21dcf8ac82ebf8c9c9f74ebf7268 # v2
         with:
           command: check bans licenses sources
+
+  result:
+    if: ${{ github.repository_owner == 'rustic-rs' }}
+    name: Result (Audit)
+    runs-on: ubuntu-latest
+    needs:
+      - audit
+      - cargo-deny
+    steps:
+      - name: Mark the job as successful
+        run: exit 0
+        if: success()
+      - name: Mark the job as unsuccessful
+        run: exit 1
+        if: "!success()"