name: Security audit
on:
  pull_request:
    paths:
      - "**/Cargo.toml"
      - "**/Cargo.lock"
  push:
    paths:
      - "**/Cargo.toml"
      - "**/Cargo.lock"
jobs:
  security_audit:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        checks:
          - advisories
          - bans licenses sources

    # Prevent sudden announcement of a new advisory from failing ci:
    continue-on-error: ${{ matrix.checks == 'advisories' }}

    steps:
      - name: Setup | Checkout
        uses: actions/checkout@v4
      - name: Test | Security Audit
        uses: EmbarkStudios/cargo-deny-action@v1.5.15
        with:
          command: check ${{ matrix.checks }}