aimdb/.github/workflows/security.yml at 0e997acb4f897cb9954c0404e77347f67333ac8a · aimdb-dev/aimdb · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
name: Security Audit

on:
  push:
    paths:
      - '**/Cargo.toml'
      - '**/Cargo.lock'
      - 'deny.toml'
  pull_request:
    paths:
      - '**/Cargo.toml'
      - '**/Cargo.lock'
      - 'deny.toml'
  schedule:
    # Run security audit weekly on Sundays at 00:00 UTC
    - cron: '0 0 * * 0'
  workflow_dispatch:
    # Allow manual triggering of the security audit

jobs:
  audit:
    name: Security Audit
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v6
      with:
        submodules: recursive

    - name: Install Rust
      uses: dtolnay/rust-toolchain@stable

    - name: Install cargo-audit
      run: cargo install cargo-audit

    - name: Run security audit
      run: cargo audit

  deny:
    name: License and Dependency Check
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v6
      with:
        submodules: recursive

    - name: Install Rust
      uses: dtolnay/rust-toolchain@stable

    - name: Install cargo-deny
      run: cargo install cargo-deny

    - name: Run cargo-deny
      run: cargo deny check