From: Steve Myers <steve@notmandatory.org>
Date: Mon, 14 Oct 2024 20:51:52 +0000 (-0500)
Subject: ci: update audit.yml workflow to use actions-rust-lang/audit
X-Git-Tag: v1.0.0-beta.6~33^2
X-Git-Url: http://internal-gitweb-vhost/script/%22https:/struct.EncoderWriter.html?a=commitdiff_plain;h=66cf476014e5869c27d54ebf12e554f3ba925283;p=bdk

ci: update audit.yml workflow to use actions-rust-lang/audit

The old actions-rs/audit-check is no longer maintained.
---

diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml
index a137d332..e0da8e85 100644
--- a/.github/workflows/audit.yml
+++ b/.github/workflows/audit.yml
@@ -3,17 +3,26 @@ name: Audit
 on:
   push:
     paths:
+      # Run if workflow changes
+      - '.github/workflows/audit.yml'
+      # Run on changed dependencies
       - '**/Cargo.toml'
       - '**/Cargo.lock'
+      # Run if the configuration file changes
+      - '**/audit.toml'
+  # Rerun periodically to pick up new advisories
   schedule:
-    - cron: '0 0 * * 0' # Once per week
+    - cron: '0 0 * * *' # Nightly
+  # Run manually
+  workflow_dispatch:
 
 jobs:
-
-  security_audit:
-    runs-on: ubuntu-20.04
+  audit:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      issues: write
     steps:
       - uses: actions/checkout@v4
-      - uses: actions-rs/audit-check@v1
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
\ No newline at end of file
+      - uses: actions-rust-lang/audit@v1
+        name: Audit Rust Dependencies