chore(ci): add cargo audit workflow and policy (#7108)

- add to ignore current unmaintained advisories (derivative, fxhash, paste) so audits gate new issues only - introduce GitHub Actions workflow to run on push/PR using to install cargo-audit Existing advisories (all "unmaintained"): - https://rustsec.org/advisories/RUSTSEC-2024-0388 - https://rustsec.org/advisories/RUSTSEC-2025-0057 - https://rustsec.org/advisories/RUSTSEC-2024-0436
2026-04-28 02:11:08 +03:00 · 2025-11-24 12:20:55 -08:00
parent 523dabc1ee
commit 4ed4c73d6b
2 changed files with 32 additions and 0 deletions
--- a/codex-rs/.github/workflows/cargo-audit.yml
+++ b/codex-rs/.github/workflows/cargo-audit.yml
@@ -0,0 +1,26 @@
+name: Cargo audit
+
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+
+permissions:
+  contents: read
+
+jobs:
+  audit:
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: codex-rs
+    steps:
+      - uses: actions/checkout@v4
+      - uses: dtolnay/rust-toolchain@stable
+      - name: Install cargo-audit
+        uses: taiki-e/install-action@v2
+        with:
+          tool: cargo-audit
+      - name: Run cargo audit
+        run: cargo audit --deny warnings