1name: Security audit 2 3permissions: 4 contents: read 5 6on: 7 pull_request: 8 paths: 9 - '**/Cargo.toml' 10 - '**/Cargo.lock' 11 push: 12 branches: 13 - main 14 15env: 16 RUST_BACKTRACE: 1 17 CARGO_TERM_COLOR: always 18 CLICOLOR: 1 19 20jobs: 21 security_audit: 22 permissions: 23 issues: write # to create issues (actions-rs/audit-check) 24 checks: write # to create check (actions-rs/audit-check) 25 runs-on: ubuntu-latest 26 # Prevent sudden announcement of a new advisory from failing ci: 27 continue-on-error: true 28 steps: 29 - name: Checkout repository 30 uses: actions/checkout@v3 31 - uses: actions-rs/audit-check@v1 32 with: 33 token: ${{ secrets.GITHUB_TOKEN }} 34 35 cargo_deny: 36 permissions: 37 issues: write # to create issues (actions-rs/audit-check) 38 checks: write # to create check (actions-rs/audit-check) 39 runs-on: ubuntu-latest 40 strategy: 41 matrix: 42 checks: 43 - bans licenses sources 44 steps: 45 - uses: actions/checkout@v3 46 - uses: EmbarkStudios/cargo-deny-action@v1 47 with: 48 command: check ${{ matrix.checks }} 49 rust-version: stable 50