From fbefb66b9ec11c71e1fee5a1be01db6066762fc9 Mon Sep 17 00:00:00 2001
From: Christopher Evans <cwevans@wise.st>
Date: Fri, 12 Sep 2025 04:01:57 -0700
Subject: [PATCH] ci: Audit-check: create Cargo.lock before audit-check

Allow on demand action checks

use latest actions/checkout

---

https://github.com/rtic-rs/rtic/pull/1080 switched
to using rustsec/audit-check but didn't setup the
Cargo.lock file. This action has been failing for
three months.

https://github.com/rtic-rs/rtic/actions/workflows/audit.yaml

---

https://github.com/rustsec/audit-check/pull/39
describes how a missing Cargo.lock will be missing
in library crates.
---
 .github/workflows/audit.yaml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/audit.yaml b/.github/workflows/audit.yaml
index 18a10752d1a..9b8fc7f9715 100644
--- a/.github/workflows/audit.yaml
+++ b/.github/workflows/audit.yaml
@@ -2,11 +2,13 @@ name: Security audit
 on:
   schedule:
     - cron: '0 0 * * *'
+  workflow_dispatch:
 jobs:
   security_audit:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
+      - run: cargo generate-lockfile # create Cargo.lock
       - uses: rustsec/audit-check@v2.0.0
         with:
           token: ${{ secrets.GITHUB_TOKEN }}