name: Audit Rust

on:
  workflow_dispatch:
  schedule:
    - cron: "0 0 * * *"
  push:
    branches:
      - dev
    paths:
      - ".github/workflows/audit-rust.yml"
      - "**/Cargo.lock"
      - "**/Cargo.toml"
  pull_request:
    branches:
      - dev
    paths:
      - ".github/workflows/audit-rust.yml"
      - "**/Cargo.lock"
      - "**/Cargo.toml"

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

jobs:
  audit-rust:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3

      - name: Download cargo-audit
        run: |
          set +f
          curl -s https://api.github.com/repos/rustsec/rustsec/releases/latest | grep "browser_download_url.*cargo-audit-x86_64-unknown-linux-musl.*" | cut -d : -f 2,3 | tr -d \" | wget -qi -
          tar -xvzf ./cargo-audit*.tgz
          mv ./cargo-audit*/cargo-audit ./cargo-audit
          chmod +x ./cargo-audit
          set -f

      - name: Run cargo-audit
        run: ./cargo-audit audit -D unmaintained -D yanked