From 13a5d73a6c62ebc38b9ba1fe60bf03bb6fb99a1e Mon Sep 17 00:00:00 2001
From: Elias Rohrer <dev@tnull.de>
Date: Tue, 30 Jan 2024 13:14:55 +0100
Subject: [PATCH] Introduce CI workflow running `cargo audit`

In order to continuously monitor our dependencies for security
vulnerabilities, we introduce a new CI job that will use `cargo audit`
to check for any known vulnerabilities.

This job is run on a daily schedule. For each new advisory, a new issue
will be created.
---
 .github/workflows/audit.yml | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 .github/workflows/audit.yml

diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml
new file mode 100644
index 000000000..43c068158
--- /dev/null
+++ b/.github/workflows/audit.yml
@@ -0,0 +1,24 @@
+name: Security audit
+on:
+  schedule:
+    - cron: '0 0 * * *'
+
+jobs:
+  audit:
+    strategy:
+      matrix:
+        platform: [
+          ubuntu-latest,
+          macos-latest,
+          ]
+    runs-on: ${{ matrix.platform }}
+    permissions:
+      issues: write
+      issues-reason: to create issues
+      checks: write
+      checks-reason: to create checks
+    steps:
+      - uses: actions/checkout@v3
+      - uses: rustsec/audit-check@v1.4.1
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}