audit-check.yml

name: Security audit

on:
  push:
  #schedule:
  #  - cron: '0 0 * * *'
  workflow_dispatch:

jobs:
  audit-check:
    runs-on: ubuntu-latest
    permissions:
      checks: write
      issues: write
    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Run security audit
        uses: rustsec/audit-check@v1
        with:
          token: ${{ secrets.GITHUB_TOKEN }}

      - name: Check if we need to audit MSRV manifest
        id: check_msrv_manifest
        uses: andstor/file-existence-action@v2
        with:
          files: "Cargo.toml.msrv"

      - name: Install MSRV manifest
        if: ${{ steps.check_msrv_manifest.outputs.files_exists == 'true' }}
        run: cp Cargo.toml.msrv Cargo.toml

      - name: Run security audit for MSRV manifest
        if: ${{ steps.check_msrv_manifest.outputs.files_exists == 'true' }}
        uses: rustsec/audit-check@v1
        with:
          token: ${{ secrets.GITHUB_TOKEN }}