Merge pull request #400 from flavio/fix-gha-audit

automation: fix GHA invoking cargo audit
sigstore · Oct 7, 2024 · e536360 · e536360
2 parents 368055c + fa5d156
commit e536360
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 23 deletions.
diff --git a/.github/workflows/security-audit-cron.yml b/.github/workflows/security-audit-cron.yml
diff --git a/...hub/workflows/security-audit-reactive.yml → .github/workflows/security-audit.yml b/...hub/workflows/security-audit-reactive.yml → .github/workflows/security-audit.yml
@@ -1,22 +1,26 @@
 name: Security audit
 on:
+  schedule:
+    - cron: "0 0 * * *"
   push:
     paths:
       - "**/Cargo.toml"
       - "**/Cargo.lock"
 
-permissions:
-  contents: read
+# Declare default permissions as read only.
+permissions: read-all
 
 jobs:
-  security_audit:
+  audit:
     permissions:
       checks: write # for rustsec/audit-check to create check
       contents: read # for actions/checkout to fetch code
       issues: write # for rustsec/audit-check to create issues
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+      - name: Generate lockfile
+        run: cargo generate-lockfile
       - uses: rustsec/audit-check@69366f33c96575abad1ee0dba8212993eecbe998 # v2.0.0
         with:
           token: ${{ secrets.GITHUB_TOKEN }}