Security Audit #82

	# Copyright 2023 RobustMQ Team
	#
	# Licensed under the Apache License, Version 2.0 (the "License");
	# you may not use this file except in compliance with the License.
	# You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.

	name: Security Audit

	on:
	push:
	branches: [ "main", "dev-*" ]
	paths:
	- '**/Cargo.toml'
	- '**/Cargo.lock'
	pull_request:
	paths:
	- '**/Cargo.toml'
	- '**/Cargo.lock'
	schedule:
	# Run security audit daily at 00:00 UTC
	- cron: '0 0 * * *'
	workflow_dispatch:

	# Cancel previous runs if a new commit is pushed
	concurrency:
	group: ${{ github.workflow }}-${{ github.ref }}
	cancel-in-progress: true

	jobs:
	security-audit:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v5

	- name: Install cargo-audit
	uses: taiki-e/install-action@v2
	with:
	tool: cargo-audit

	- name: Run cargo audit (vulnerabilities only)
	# Only fail on actual security vulnerabilities, not unmaintained warnings
	# Unmaintained dependencies are reported but don't fail the build
	run: cargo audit

	- name: Check for unmaintained dependencies (warning only)
	# Report unmaintained dependencies but don't fail
	run: cargo audit --deny unmaintained
	continue-on-error: true

Provide feedback