tauri/.github/workflows/audit.yml

# Copyright 2019-2023 Tauri Programme within The Commons Conservancy
# SPDX-License-Identifier: Apache-2.0
# SPDX-License-Identifier: MIT

name: Audit

on:
  workflow_dispatch:
  schedule:
    - cron: '0 0 * * *'
  push:
    paths:
      - '.github/workflows/audit.yml'
      - '**/Cargo.lock'
      - '**/Cargo.toml'
      - '**/package.json'
      - '**/yarn.lock'

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

jobs:
  audit-rust:
    runs-on: ubuntu-22.04
    steps:
      - uses: actions/checkout@v2
      - name: rust audit
        uses: actions-rs/audit-check@v1
        with:
          token: ${{ secrets.GITHUB_TOKEN }}

  audit-js:
    runs-on: ubuntu-22.04
    steps:
      - uses: actions/checkout@v2
      - name: audit workspace
        run: yarn audit
      - name: audit @tauri-apps/api
        working-directory: tooling/api
        run: yarn audit
      - name: audit @tauri-apps/cli
        working-directory: tooling/cli/node
        run: yarn audit