feat: add ci & security audit workflows

2025-12-10 18:06:46 -06:00 · 2025-07-14 13:45:06 -05:00
parent a6573a3054
commit 1dda507f41
2 changed files with 178 additions and 0 deletions
--- a/.github/workflows/security-audit.yml
+++ b/.github/workflows/security-audit.yml
@@ -0,0 +1,55 @@
+name: Security Audit
+
+on:
+  workflow_dispatch: # Allow manual triggering
+  push:
+    paths:
+      - "**/Cargo.toml"
+      - "**/Cargo.lock"
+      - "**/package.json"
+      - "**/pnpm-lock.yaml"
+
+jobs:
+  rust-audit:
+    name: Rust Security Audit
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install Rust toolchain
+        uses: dtolnay/rust-toolchain@stable
+
+      - name: Install cargo-audit
+        run: cargo install cargo-audit
+
+      - name: Run cargo audit
+        run: cargo audit --file src-tauri/Cargo.lock
+
+      - name: Install cargo-deny
+        run: cargo install cargo-deny
+
+      - name: Run cargo deny
+        run: cargo deny --manifest-path src-tauri/Cargo.toml check
+
+  npm-audit:
+    name: NPM Security Audit
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: "20"
+          cache: "pnpm"
+
+      - name: Install pnpm
+        uses: pnpm/action-setup@v4
+        with:
+          version: 8
+
+      - name: Install dependencies
+        run: pnpm install
+
+      - name: Run npm audit
+        run: pnpm audit --audit-level moderate