Run cargo-audit daily or when dependencies have changed (#22)

romac · web-flow · commit 57f399604a81 · 2020-03-09T13:38:52.000+01:00
* Run cargo-audit daily and when dependencies have changed See informalsystems/tendermint-rs#144 (comment) * Change actions/checkout back to v2
diff --git a/.github/workflows/audit.yaml b/.github/workflows/audit.yaml
@@ -1,11 +1,25 @@
-name: Audit Check
-on: [pull_request]
+name: Security Audit
+on:
+  pull_request:
+    paths: Cargo.lock
+  push:
+    branches: develop
+    paths: Cargo.lock
+  schedule:
+    - cron: '0 0 * * *'
 
 jobs:
   security_audit:
+    name: Security Audit
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v2
+      - name: Cache cargo bin
+        uses: actions/cache@v1
+        with:
+          path: ~/.cargo/bin
+          key: ${{ runner.os }}-cargo-audit-v0.11.2
       - uses: actions-rs/audit-check@v1
         with:
+          args: --ignore RUSTSEC-2019-0031
           token: ${{ secrets.GITHUB_TOKEN }}
