audit.yml

##
## Performs an audit for crate advisories against cargo dependencies
##

name: Security Audit

# Only run when:
#   - workflow is manually triggered
#   - Cargo.toml/lock is changed
#   - Daily at 0330 UTC
# Note: this will create issues for any crate advisories unless they already exist

on:
  workflow_dispatch:
  push:
    paths:
      - "**/Cargo.toml"
      - "**/Cargo.lock"
  schedule:
    - cron: 30 03 * * *

jobs:
  security_audit:
    if: ${{ false }}
    name: Crate Vulnerability Check
    runs-on: ubuntu-latest
    steps:
      - name: Checkout the latest code
        id: git_checkout
        uses: actions/checkout@v3
      - name: Rust Dependency Check
        id: rust_dep_check
        uses: actions-rs/audit-check@v1
        with:
          token: ${{ secrets.GITHUB_TOKEN }}