ci: add audit

2023-03-14 09:59:02 +08:00 · 2023-03-14 09:59:02 +08:00 · aca7e8737e
parent a8ea270547
commit aca7e8737e
2 changed files with 22 additions and 4 deletions
--- a/.github/workflows/audit.yml
+++ b/.github/workflows/audit.yml
@ -0,0 +1,17 @@
+name: Security audit
+on:
+  schedule:
+    - cron: '0 0 * * *'
+  push:
+    paths:
+      - '**/Cargo.toml'
+      - '**/Cargo.lock'
+jobs:
+  security_audit:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: taiki-e/install-action@cargo-deny
+      - name: Scan for vulnerabilities
+        run:
+          cargo deny check advisories
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -7,6 +7,11 @@ on:
    types: [ opened, synchronize, reopened ]
    branches: [ main ]

+env:
+  CARGO_TERM_COLOR: always
+  SQLX_VERSION: 0.6.2
+  SQLX_FEATURES: "rustls,postgres"
+
 jobs:
  test:
    name: Test
@ -24,10 +29,6 @@ jobs:
        image: redis:7
        ports:
          - 6379:6379
-    env:
-      CARGO_TERM_COLOR: always
-      SQLX_VERSION: 0.6.2
-      SQLX_FEATURES: "rustls,postgres"
    steps:
      - uses: actions/checkout@v3
      - uses: dtolnay/rust-toolchain@stable