name: Security audit
on:
  pull_request:
    paths:
      - '**/Cargo.toml'
      - '**/Cargo.lock'
  push:
    paths:
      - '**/Cargo.toml'
      - '**/Cargo.lock'
  schedule:
  - cron: '3 3 3 * *'
permissions:
  contents: read
jobs:
  security_audit:
    permissions:
      issues: write # to create issues (actions-rs/audit-check)
      checks: write # to create check (actions-rs/audit-check)
    runs-on: ubuntu-latest
    steps:
    - name: Checkout repository
      uses: actions/checkout@v3
    - uses: actions-rs/audit-check@v1
      with:
        token: ${{ secrets.GITHUB_TOKEN }}