summaryrefslogtreecommitdiffstats
path: root/src/tools/cargo/.github/workflows/audit.yml
diff options
context:
space:
mode:
Diffstat (limited to 'src/tools/cargo/.github/workflows/audit.yml')
-rw-r--r--src/tools/cargo/.github/workflows/audit.yml30
1 files changed, 30 insertions, 0 deletions
diff --git a/src/tools/cargo/.github/workflows/audit.yml b/src/tools/cargo/.github/workflows/audit.yml
new file mode 100644
index 000000000..14e35b7b3
--- /dev/null
+++ b/src/tools/cargo/.github/workflows/audit.yml
@@ -0,0 +1,30 @@
+name: Security audit
+
+permissions:
+ contents: read
+
+on:
+ pull_request:
+ paths:
+ - '**/Cargo.toml'
+ - '**/Cargo.lock'
+ push:
+ branches:
+ - master
+
+jobs:
+ cargo_deny:
+ runs-on: ubuntu-latest
+ strategy:
+ matrix:
+ checks:
+ - advisories
+ - bans licenses sources
+ steps:
+ - uses: actions/checkout@v3
+ - uses: EmbarkStudios/cargo-deny-action@v1
+ # Prevent sudden announcement of a new advisory from failing ci:
+ continue-on-error: ${{ matrix.checks == 'advisories' }}
+ with:
+ command: check ${{ matrix.checks }}
+ rust-version: stable
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-11 03:26:00 +0000