docs(verification): stage E10 PO-12 strong maximality (proof attempt) #64
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # SPDX-License-Identifier: PMPL-1.0-or-later | ||
| # Copyright (c) 2026 Jonathan D.A. Jewell (hyperpolymath) <j.d.a.jewell@open.ac.uk> | ||
| # | ||
| # cargo-audit.yml — Dependency vulnerability scanning for Rust projects. | ||
| # Runs cargo-audit against the RustSec advisory database. | ||
| name: Cargo Audit | ||
| on: | ||
| pull_request: | ||
| branches: ['**'] | ||
| push: | ||
| branches: [main, master] | ||
| schedule: | ||
| # Run weekly on Monday at 06:00 UTC to catch new advisories. | ||
| - cron: '0 6 * * 1' | ||
| permissions: | ||
| contents: read | ||
| jobs: | ||
| audit: | ||
| name: Dependency audit | ||
| runs-on: ubuntu-latest | ||
| if: hashFiles('Cargo.lock') != '' | ||
| steps: | ||
| - name: Checkout repository | ||
| uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 | ||
| - name: Install Rust toolchain | ||
| uses: dtolnay/rust-toolchain@4be9e76fd7c4901c61fb841f559994984270fce7 # stable | ||
| - name: Install cargo-audit | ||
| run: cargo install cargo-audit --locked | ||
| - name: Run cargo audit | ||
| run: cargo audit | ||
| - name: Write summary | ||
| if: always() | ||
| run: | | ||
| echo "## Cargo Audit Results" >> "$GITHUB_STEP_SUMMARY" | ||
| echo "" >> "$GITHUB_STEP_SUMMARY" | ||
| cargo audit 2>&1 | tail -20 >> "$GITHUB_STEP_SUMMARY" || true | ||
