zeroclaw/.github/workflows/security.yml

name: Security Audit

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]
  schedule:
    - cron: "0 6 * * 1" # Weekly on Monday 6am UTC

env:
  CARGO_TERM_COLOR: always

jobs:
  audit:
    name: Security Audit
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - uses: dtolnay/rust-toolchain@stable

      - name: Install cargo-audit
        run: cargo install cargo-audit

      - name: Run cargo-audit
        run: cargo audit

  deny:
    name: License & Supply Chain
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - uses: EmbarkStudios/cargo-deny-action@v2
        with:
          command: check advisories licenses sources