Add workflow to run cargo-audit security audit

Move the cargo-audit run from the static analysis job to a dedicated workflow using the github action instead of running the tool manually. This improves the visibility of detected issues as the github action can use the checks interface and also create issues automatically. Signed-off-by: Anderson Toshiyuki Sasaki <[email protected]>
keylime · Sep 7, 2023 · 73ea560 · 73ea560
1 parent d27b209
commit 73ea560
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 2 deletions.
diff --git a/.github/workflows/cargo-audit.yml b/.github/workflows/cargo-audit.yml
@@ -0,0 +1,26 @@
+name: Security audit
+on:
+  push:
+    branches:
+      - master
+    tags:
+      - "v*"
+    paths:
+      - '**/Cargo.toml'
+      - '**/Cargo.lock'
+  pull_request:
+    paths:
+      - '**/Cargo.toml'
+      - '**/Cargo.lock'
+  workflow_dispatch:
+    branches:
+      - master
+
+jobs:
+  security_audit:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions-rs/[email protected]
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml
@@ -20,8 +20,6 @@ jobs:
       run: cargo fmt --all -- --check
     - name: Check for panics
       run: ./tests/nopanic.ci
-    - name: Run cargo audit
-      run: cargo audit
 
   tests:
     name: Fedora tests