Audit #595

	---
	name: Audit
	"on":
	push:
	branches:
	- trunk
	pull_request:
	branches:
	- trunk
	schedule:
	- cron: "0 0 * * TUE"
	jobs:
	ruby:
	name: Audit Ruby Dependencies
	runs-on: ubuntu-latest

	steps:
	- name: Checkout repository
	uses: actions/checkout@v4.1.1

	- name: Install Ruby toolchain
	uses: ruby/setup-ruby@d4526a55538b775af234ba4af27118ed6f8f6677 # v1.172.0
	with:
	ruby-version: ".ruby-version"
	bundler-cache: true

	- name: bundler-audit
	run: bundle exec bundle-audit check --update

	rust:
	name: Audit Rust Dependencies
	runs-on: ubuntu-latest
	strategy:
	matrix:
	checks:
	- advisories
	- bans licenses sources

	# Prevent sudden announcement of a new advisory from failing ci:
	continue-on-error: ${{ matrix.checks == 'advisories' }}

	steps:
	- name: Checkout repository
	uses: actions/checkout@v4.1.1

	- name: Install Rust toolchain
	uses: artichoke/setup-rust/audit@v1.11.0

	- name: Generate Cargo.lock
	run: \|
	if [[ ! -f "Cargo.lock" ]]; then
	cargo generate-lockfile --verbose
	fi

	- uses: EmbarkStudios/cargo-deny-action@68cd9c5e3e16328a430a37c743167572e3243e7e # v1.5.15
	with:
	arguments: --locked --all-features
	command: check ${{ matrix.checks }}
	command-arguments: --show-stats

Provide feedback