Merge #1646: ci: update audit.yml workflow to use actions-rust-lang/audit

notmandatory · notmandatory · commit 7969898c732a · 2024-10-17T11:51:46.000-05:00
66cf476 ci: update audit.yml workflow to use actions-rust-lang/audit (Steve Myers) Pull request description: ### Description Update `audit.yml` workflow to use `actions-rust-lang/audit`. ### Notes to the reviewers The old [`actions-rs/audit-check`](https://github.com/actions-rs/audit-check) is no longer maintained. ### Checklists #### All Submissions: * [x] I've signed all my commits * [x] I followed the [contribution guidelines](https://github.com/bitcoindevkit/bdk/blob/master/CONTRIBUTING.md) * [x] I ran `cargo fmt` and `cargo clippy` before committing Top commit has no ACKs. Tree-SHA512: f876d6289ad1a3c87cd1820d2efc931f1284ac4ad7fc3e0400f5fcf7274c41d27c1d3f3fe173e258b7115a724bf424e0b9240358fa79f84cef5144256628951c
diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml
@@ -3,17 +3,26 @@ name: Audit
 on:
   push:
     paths:
+      # Run if workflow changes
+      - '.github/workflows/audit.yml'
+      # Run on changed dependencies
       - '**/Cargo.toml'
       - '**/Cargo.lock'
+      # Run if the configuration file changes
+      - '**/audit.toml'
+  # Rerun periodically to pick up new advisories
   schedule:
-    - cron: '0 0 * * 0' # Once per week
+    - cron: '0 0 * * *' # Nightly
+  # Run manually
+  workflow_dispatch:
 
 jobs:
-
-  security_audit:
-    runs-on: ubuntu-20.04
+  audit:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      issues: write
     steps:
       - uses: actions/checkout@v4
-      - uses: actions-rs/audit-check@v1
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
+      - uses: actions-rust-lang/audit@v1
+        name: Audit Rust Dependencies
