.github/workflows/security-audit.yml

name: Security Audit
on:
  pull_request:
    paths: '**/Cargo.lock'
  push:
    branches: master
    paths: '**/Cargo.lock'
  schedule:
    - cron: "0 0 * * *"

jobs:
  security_audit_workspace:
    name: Security Audit Workspace
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Cache cargo bin
        uses: actions/cache@v3
        with:
          path: ~/.cargo/bin
          key: ${{ runner.os }}-cargo-audit-v0.12.0
      - uses: actions-rs/audit-check@v1
        with:
          token: ${{ secrets.GITHUB_TOKEN }}

  security_audit_crypto:
    name: Security Audit crypto
    runs-on: ubuntu-latest
    defaults:
      run:
        working-directory: crypto
    steps:
      - uses: actions/checkout@v4
      - name: Cache cargo bin
        uses: actions/cache@v3
        with:
          path: ~/.cargo/bin
          key: ${{ runner.os }}-cargo-audit-v0.12.0
      - uses: actions-rs/audit-check@v1
        with:
          token: ${{ secrets.GITHUB_TOKEN }}

  security_audit_elliptic-curve:
    name: Security Audit elliptic-curve
    runs-on: ubuntu-latest
    defaults:
      run:
        working-directory: elliptic-curve
    steps:
      - uses: actions/checkout@v4
      - name: Cache cargo bin
        uses: actions/cache@v3
        with:
          path: ~/.cargo/bin
          key: ${{ runner.os }}-cargo-audit-v0.12.0
      - uses: actions-rs/audit-check@v1
        with:
          token: ${{ secrets.GITHUB_TOKEN }}

  security_audit_kem:
    name: Security Audit kem
    runs-on: ubuntu-latest
    defaults:
      run:
        working-directory: kem
    steps:
      - uses: actions/checkout@v4
      - name: Cache cargo bin
        uses: actions/cache@v3
        with:
          path: ~/.cargo/bin
          key: ${{ runner.os }}-cargo-audit-v0.12.0
      - uses: actions-rs/audit-check@v1
        with:
          token: ${{ secrets.GITHUB_TOKEN }}

  security_audit_password-hash:
    name: Security Audit password-hash
    runs-on: ubuntu-latest
    defaults:
      run:
        working-directory: password-hash
    steps:
      - uses: actions/checkout@v4
      - name: Cache cargo bin
        uses: actions/cache@v3
        with:
          path: ~/.cargo/bin
          key: ${{ runner.os }}-cargo-audit-v0.12.0
      - uses: actions-rs/audit-check@v1
        with:
          token: ${{ secrets.GITHUB_TOKEN }}