ci: rework

cgzones · cgzones · commit ceb139023fa6 · 2025-02-06T12:27:36.000+01:00
diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml
@@ -0,0 +1,25 @@
+name: Security Audit
+
+on:
+  push:
+    paths:
+      - '**/Cargo.toml'
+      - '**/Cargo.lock'
+  pull_request:
+    paths:
+      - '**/Cargo.toml'
+      - '**/Cargo.lock'
+
+jobs:
+  security_audit:
+    permissions:
+      issues: write
+      issues-reason: to create issues
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+      - uses: rustsec/audit-check@v1.4.1
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/audit_schedule.yml b/.github/workflows/audit_schedule.yml
@@ -0,0 +1,20 @@
+name: Periodic Security audit
+on:
+  schedule:
+    - cron: '0 0 * * 1'
+
+jobs:
+  security_audit:
+    permissions:
+      issues: write
+      issues-reason: to create issues
+      checks: write
+      checks-reason: to create check
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+      - uses: rustsec/audit-check@v1.4.1
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/deny.yml b/.github/workflows/deny.yml
@@ -0,0 +1,20 @@
+name: Dependency Linting
+
+on:
+  push:
+    paths:
+      - '**/Cargo.toml'
+      - '**/Cargo.lock'
+  pull_request:
+    paths:
+      - '**/Cargo.toml'
+      - '**/Cargo.lock'
+
+jobs:
+  dependency_linting:
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+      - uses: EmbarkStudios/cargo-deny-action@v2
diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml
@@ -1,17 +1,14 @@
 name: Rust
 
-on:
-  push:
-    branches: [ "main" ]
-  pull_request:
-    branches: [ "main" ]
+on: [push, pull_request]
 
 env:
   CARGO_TERM_COLOR: always
 
 jobs:
   build:
 
+    name: Rust Build
     runs-on: ubuntu-latest
 
     steps:
@@ -35,36 +32,11 @@ jobs:
     - name: Run tests
       run: cargo test --verbose
 
-  audit:
-
-    runs-on: ubuntu-latest
-
-    steps:
-    - uses: actions/checkout@v4
-
-    - name: Install cargo audit
-      run: cargo install cargo-audit
-
-    - name: Check for vulnerable crates
-      run: cargo audit
-
-  deny:
-
-    runs-on: ubuntu-latest
-
-    steps:
-    - uses: actions/checkout@v4
-
-    - name: Install cargo deny
-      run: cargo install cargo-deny
-
-    - name: Check for denied crates
-      run: cargo deny check
-
   spaces-check:
 
     name: Spaces Check
     runs-on: ubuntu-latest
+
     steps:
       - uses: actions/checkout@v4
 
@@ -75,6 +47,7 @@ jobs:
 
     name: Codespell
     runs-on: ubuntu-latest
+
     steps:
       - uses: actions/checkout@v4
 
