From 3b053bfad461a7cc61c9e477062b5af9637319a2 Mon Sep 17 00:00:00 2001
From: Tatsuya Kawano <tatsuya@hibaridb.org>
Date: Sat, 18 Jun 2022 18:17:21 +0800
Subject: [PATCH] Enable Cargo Audit on the CI

---
 .github/workflows/Audit.yml            | 47 ++++++++++++++++++++++++++
 .github/workflows/CI.yml               |  2 +-
 .github/workflows/CIQuantaDisabled.yml |  2 +-
 3 files changed, 49 insertions(+), 2 deletions(-)
 create mode 100644 .github/workflows/Audit.yml

diff --git a/.github/workflows/Audit.yml b/.github/workflows/Audit.yml
new file mode 100644
index 00000000..37c3bd37
--- /dev/null
+++ b/.github/workflows/Audit.yml
@@ -0,0 +1,47 @@
+name: Cargo Audit
+
+on:
+  push:
+    paths:
+      - '**/Cargo.toml'
+      - '**/Cargo.lock'
+  schedule:
+    # https://crontab.guru/
+    - cron: '5 20 * * 5'
+
+jobs:
+  audit:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Moka
+        uses: actions/checkout@v2
+
+      - name: Install Rust toolchain (Nightly)
+        uses: actions-rs/toolchain@v1
+        with:
+          profile: minimal
+          toolchain: nightly
+          override: true
+
+      - uses: Swatinem/rust-cache@v1
+
+      - name: cargo clean
+        uses: actions-rs/cargo@v1
+        with:
+          command: clean
+
+      - name: Check for known security vulnerabilities (Latest versions)
+        uses: actions-rs/audit-check@v1
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Downgrade dependencies to minimal versions
+        uses: actions-rs/cargo@v1
+        with:
+          command: update
+          args: -Z minimal-versions
+
+      - name: Check for known security vulnerabilities (Minimal versions)
+        uses: actions-rs/audit-check@v1
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml
index c0061837..8437d1d2 100644
--- a/.github/workflows/CI.yml
+++ b/.github/workflows/CI.yml
@@ -13,7 +13,7 @@ on:
     - '.vscode/**'
   schedule:
     # Run against the last commit on the default branch on Friday at 8pm (UTC?)
-    - cron:  '0 20 * * 5'
+    - cron: '0 20 * * 5'
 
 jobs:
   test:
diff --git a/.github/workflows/CIQuantaDisabled.yml b/.github/workflows/CIQuantaDisabled.yml
index ec08157b..2ba25b1b 100644
--- a/.github/workflows/CIQuantaDisabled.yml
+++ b/.github/workflows/CIQuantaDisabled.yml
@@ -13,7 +13,7 @@ on:
     - '.vscode/**'
   schedule:
     # Run against the last commit on the default branch on Friday at 8pm (UTC?)
-    - cron:  '0 20 * * 5'
+    - cron: '0 20 * * 5'
 
 jobs:
   test: