From 367a64e742832b622f76739fda21bf9e9a9423c6 Mon Sep 17 00:00:00 2001
From: Fraser Hutchison <fraser@astria.org>
Date: Wed, 3 Apr 2024 17:57:09 +0100
Subject: [PATCH] add cargo audit to daily CI run

---
 .github/workflows/reusable-run-checker.yml |  6 ++++++
 .github/workflows/scheduled.yml            | 12 ++++++++++++
 .github/workflows/test.yml                 |  4 ++--
 3 files changed, 20 insertions(+), 2 deletions(-)
 create mode 100644 .github/workflows/scheduled.yml

diff --git a/.github/workflows/reusable-run-checker.yml b/.github/workflows/reusable-run-checker.yml
index 31acd5d66f..6a9a7b761c 100644
--- a/.github/workflows/reusable-run-checker.yml
+++ b/.github/workflows/reusable-run-checker.yml
@@ -6,6 +6,9 @@ on:
       run_tests:
         description: If tests need to be run, will be 'true'
         value: ${{ github.event_name != 'pull_request' || jobs.changes.outputs.test_workflow == 'true' || jobs.changes.outputs.crates == 'true' }}
+      run_audit:
+        description: If cargo audit needs to be run, will be 'true'
+        value: ${{ github.event_name != 'pull_request' || jobs.changes.outputs.test_workflow == 'true' || jobs.changes.outputs.lockfile == 'true' }}
       run_docker:
         description: If docker workflow needs to be run, will be 'true'
         value: ${{ github.event_name != 'pull_request' || jobs.changes.outputs.docker_workflow == 'true' || contains(github.event.pull_request.labels.*.name, 'docker-build') }}
@@ -52,6 +55,7 @@ jobs:
       markdown: ${{ steps.filters.outputs.markdown }}
       rustfmt: ${{ steps.filters.outputs.rustfmt }}
       charts: ${{ steps.filters.outputs.charts }}
+      lockfile: ${{ steps.filters.outputs.lockfile }}
     steps:
       - uses: actions/checkout@v4
       - uses: dorny/paths-filter@v3
@@ -89,3 +93,5 @@ jobs:
               - 'rustfmt.toml'
             charts:
               - 'charts/**'
+            lockfile:
+              - 'Cargo.lock'
diff --git a/.github/workflows/scheduled.yml b/.github/workflows/scheduled.yml
new file mode 100644
index 0000000000..596fd37b04
--- /dev/null
+++ b/.github/workflows/scheduled.yml
@@ -0,0 +1,12 @@
+name: Scheduled
+on:
+  schedule:
+    - cron: '0 0 * * *'
+jobs:
+  audit:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: rustsec/audit-check@v1.4.1
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
\ No newline at end of file
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index b6f186626d..fcfc51a73a 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -81,9 +81,9 @@ jobs:
         run: cargo fetch --locked
 
   audit:
-    runs-on: buildjet-2vcpu-ubuntu-2204
+    runs-on: ubuntu-22.04
     needs: run_checker
-    if: needs.run_checker.outputs.run_tests == 'true'
+    if: needs.run_checker.outputs.run_audit == 'true'
     steps:
       - uses: actions/checkout@v4
       - uses: dtolnay/rust-toolchain@1.76.0