ci(improvement): audit and dependabot updates (tari-project#588)

Description Update audit and add dependabot Motivation and Context Fix CI error and remove old workflow action How Has This Been Tested? Runs in local fork Co-authored-by: stringhandler <mikethetike@tari.com>
sdbondi · Jul 12, 2023 · c60f3a9 · c60f3a9
1 parent 14d2019
commit c60f3a9
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 6 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,8 @@
+---
+version: 2
+updates:
+  # Maintain dependencies for GitHub Actions
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml
@@ -1,17 +1,27 @@
 ---
-# Runs daily
----
 name: Security audit
 
-on:
+'on':
+  push:
+    paths:
+      # Run if workflow changes
+      - '.github/workflows/audit.yml'
+      # Run on changed dependencies
+      - '**/Cargo.toml'
+      - '**/Cargo.lock'
+      # Run if the configuration file changes
+      - '**/audit.toml'
+  # Rerun periodicly to pick up new advisories
   schedule:
-    - cron: "43 05 * * *"
+    - cron: '43 05 * * *'
+  # Run manually
+  workflow_dispatch:
 
 jobs:
   security_audit:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
-      - uses: actions-rs/audit-check@v1
+      - uses: actions/checkout@v3
+      - uses: rustsec/audit-check@v1.4.1
         with:
           token: ${{ secrets.GITHUB_TOKEN }}