name: audit crates
# this checks our dependencies for
# security advisories every saturday

on:
  schedule:
    - cron: "0 0 * * 6"
  workflow_dispatch:

jobs:
  audit:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v3

      - name: setup nix & cachix
        uses: ./.github/actions/setup-nix
        with:
          cachix-token: ${{ secrets.CACHIX_AUTH_TOKEN }}

      - name: run audit
        run: |
          nix build -L .#checks.x86_64-linux.audit