.github/workflows/audit.yml

on:
  push:
    branches:
      - master
  pull_request:

name: Audit

jobs:
  audit:
    name: Audit (${{ matrix.osname }})
    runs-on: ${{ matrix.os }}
    strategy:
      fail-fast: false
      matrix:
        include:
          - os: macos-latest
            osname: "osx-x64"
          - os: ubuntu-latest
            osname: "linux-x64"
          - os: windows-latest
            osname: "win-x64"
    env:
      BIN_PATH: ./target/release
    steps:
      - name: Install linux dependencies
        if: matrix.os == 'ubuntu-latest'
        shell: bash
        run: |
          sudo apt-get update
          sudo apt-get install pkg-config libx11-dev libasound2-dev libudev-dev
          sudo apt-get install libxcb-render0-dev libxcb-shape0-dev libxcb-xfixes0-dev libspeechd-dev
      - uses: actions/checkout@v4
      - uses: actions/cache@v4
        with:
          path: |
            ~/.cargo/
            target/
          key: ${{ matrix.osname }}-cargo-audit-stable-${{ hashFiles('**/Cargo.toml', './Cargo.lock') }}
      - name: Install audit dependencies
        shell: bash
        run: |
          cargo install cargo-auditable || true
          cargo install cargo-audit --features=binary-scanning || true
      - name: Build audit binaries
        shell: bash
        run: |
          cargo auditable build --release --bins
      - name: Audit binaries
        shell: bash
        run: |
          cargo audit bin $(find $BIN_PATH -maxdepth 1 -type f ${{ matrix.os == 'macos-latest' && '-perm +0111' || '-executable' }} -print) --ignore=RUSTSEC-2020-0071