audit.yml

name: Audit
on:
  pull_request:
  schedule:
    - cron: '0 0 * * *'

jobs:
  dependencies:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v2

      - name: Audit dependencies (crates)
        uses: actions-rs/audit-check@v1
        with:
          token: ${{ secrets.GITHUB_TOKEN }}

  security:
    runs-on: ubuntu-latest
    permissions:
      actions: read
      contents: read
      security-events: write
    steps:
      - name: Checkout repository
        uses: actions/checkout@v2

      - name: Run DevSkim scanner
        uses: microsoft/DevSkim-Action@v1

      - name: Upload result as build artifact
        uses: actions/upload-artifact@v2
        with: 
          name: devskim-results
          path: devskim-results.sarif   
        
      - name: Upload results to GitHub Security tab
        uses: github/codeql-action/upload-sarif@v1
        with:
          sarif_file: devskim-results.sarif          
  
  code-quality:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v2

      - name: Install stable toolchain
        uses: actions-rs/toolchain@v1
        with:
          profile: minimal
          toolchain: stable
          override: true
          components: clippy, rustfmt

      - name: Run linter (clippy)
        uses: actions-rs/cargo@v1
        with:
          command: clippy
          args: -- -D warnings

      - name: Run formatter (rustfmt)
        uses: actions-rs/cargo@v1
        with:
          command: fmt
          args: --all -- --check