name: cargo audit your Rust Dependencies description: | Audit Rust dependencies with cargo audit and the RustSec Advisory DB branding: icon: "shield" color: "red" inputs: TOKEN: description: "The GitHub access token to allow us to retrieve, create and update issues (automatically set)" required: false default: ${{ github.token }} denyWarnings: description: "Any warnings generated will be treated as an error and fail the action" required: false default: "false" file: description: "The path to the Cargo.lock file to inspect" required: false default: "" ignore: description: "A comma separated list of Rustsec IDs to ignore" required: false default: "" createIssues: description: Create/Update issues for each found vulnerability. required: false default: "${{ github.ref == 'refs/heads/master' || github.ref == 'refs/heads/main' }}" workingDirectory: description: "Run `cargo audit` from the given working directory" required: false default: "" runs: using: composite steps: - name: Identify cargo installation directory run: echo "cargohome=${CARGO_HOME:-$HOME/.cargo}" >> $GITHUB_OUTPUT shell: bash id: cargo-home - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 id: cache with: path: | ${{ steps.cargo-home.outputs.cargohome }}/bin/cargo-audit* ${{ steps.cargo-home.outputs.cargohome }}/.crates.toml ${{ steps.cargo-home.outputs.cargohome }}/.crates2.json key: cargo-audit-v0.22.0 - name: Install cargo-audit if: steps.cache.outputs.cache-hit != 'true' # Update both this version number and the cache key run: cargo install cargo-audit --vers 0.22.0 --no-default-features shell: bash - run: | import audit audit.run() shell: python env: INPUT_CREATE_ISSUES: ${{ inputs.createIssues }} INPUT_DENY_WARNINGS: ${{ inputs.denyWarnings }} INPUT_FILE: ${{ inputs.file }} INPUT_IGNORE: ${{ inputs.ignore }} INPUT_TOKEN: ${{ inputs.TOKEN }} INPUT_WORKING_DIRECTORY: ${{ inputs.workingDirectory }} PYTHONPATH: ${{ github.action_path }} REPO: ${{ github.repository }}