Files
wehub-resource-sync 19dc5d82a0
Rust / build (push) Failing after 1s
Rust / docker (push) Failing after 0s
chore: import upstream snapshot with attribution
2026-07-13 12:29:44 +08:00

26 lines
805 B
YAML

name: Security audit
# Scheduled advisory check against the committed Cargo.lock. PR/push CI
# (rust.yml) already runs the full `cargo deny check`, but new RustSec
# advisories can be published against an unchanged lockfile — this catches
# those without requiring a push. Licenses/bans/sources can only change with
# a lockfile change, so the scheduled job checks advisories only.
on:
schedule:
- cron: '37 5 * * *'
workflow_dispatch:
permissions:
contents: read
jobs:
advisories:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- name: Check RustSec advisories
uses: EmbarkStudios/cargo-deny-action@bb137d7af7e4fb67e5f82a49c4fce4fad40782fe # v2.0.20
with:
command: check advisories