From e6e9cb50d0b12a1606e8c128907fc8ca7d5e687e Mon Sep 17 00:00:00 2001
From: Romain Ruetschi <romain@informal.systems>
Date: Mon, 9 Mar 2020 13:38:52 +0100
Subject: [PATCH] Run cargo-audit daily or when dependencies have changed (#22)

* Run cargo-audit daily and when dependencies have changed

See https://github.com/interchainio/tendermint-rs/pull/144#issuecomment-595322485

* Change actions/checkout back to v2
---
 .github/workflows/audit.yaml | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/audit.yaml b/.github/workflows/audit.yaml
index 53d1675693..e82002aa2d 100644
--- a/.github/workflows/audit.yaml
+++ b/.github/workflows/audit.yaml
@@ -1,11 +1,25 @@
-name: Audit Check
-on: [pull_request]
+name: Security Audit
+on:
+  pull_request:
+    paths: Cargo.lock
+  push:
+    branches: develop
+    paths: Cargo.lock
+  schedule:
+    - cron: '0 0 * * *'
 
 jobs:
   security_audit:
+    name: Security Audit
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v2
+      - name: Cache cargo bin
+        uses: actions/cache@v1
+        with:
+          path: ~/.cargo/bin
+          key: ${{ runner.os }}-cargo-audit-v0.11.2
       - uses: actions-rs/audit-check@v1
         with:
+          args: --ignore RUSTSEC-2019-0031
           token: ${{ secrets.GITHUB_TOKEN }}