audit.yml

name: Security Audit
# See <https://github.com/marketplace/actions/rust-audit-check>

on:
  push:
    branches: [main]
    paths:
      - "**/Cargo.toml"
      - "**/Cargo.lock"
  schedule:
    - cron: "0 2 * * *" # run at 2 AM UTC

env:
  RUST_VERSION: 1.74

jobs:
  security-audit:
    name: Dependency Security Audit
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Set up Rust
        uses: actions-rs/toolchain@v1
        with:
          profile: minimal
          toolchain: ${{ env.RUST_VERSION }}
          default: true
      - uses: rustsec/audit-check@v1.4.1
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          # False positive from cargo audit.
          # Stems from excluded optional dependency sqlx-mysql.
          # https://github.com/rustsec/rustsec/issues/1119
          ignore: "RUSTSEC-2023-0071"