name: Security audit
on:
  schedule:
    - cron: '0 0 * * *'
  workflow_dispatch:
jobs:
  security_audit:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v5
      - run: cargo generate-lockfile # create Cargo.lock
      - uses: rustsec/audit-check@v2.0.0
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          # RUSTSEC-2024-0436: Paste (which is mature/stable) only pulled in by examples/
          # dependencies such as esp-hal, riscv, rp2040-hal, stm32f3xx-hal etc.
          ignore: ["RUSTSEC-2024-0436"]