chainbound · mempirate · Nov 28, 2024 · Nov 28, 2024 · Nov 28, 2024 · Nov 28, 2024
diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml
@@ -0,0 +1,45 @@
+name: Security Audit
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
+on:
+  pull_request:
+    paths: 
+      - ".github/workflows/audit.yml"
+      - "**/Cargo.toml"
+      - "**/Cargo.lock"
+  push:
+    branches:
+      - main
+      - unstable
+    paths: 
+      - ".github/workflows/audit.yml"
+      - "**/Cargo.toml"
+      - "**/Cargo.lock"
+  schedule:
+    # Run daily at midnight
+    - cron: '0 0 * * *'
+
+permissions:
+  issues: write
+  checks: write
+  pull-requests: read
+  contents: read
+
+jobs:
+  security-audit:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        project: [bolt-sidecar, bolt-cli, bolt-boost]
+    name: Security Audit for ${{ matrix.project }}
+    steps:
+      - uses: actions/checkout@v4
+      - name: Run cargo audit
+        uses: rustsec/audit-check@v2
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          working-directory: ${{ matrix.project }}
diff --git a/.github/workflows/bolt_boost_ci.yml → .github/workflows/boost-ci.yml b/.github/workflows/bolt_boost_ci.yml → .github/workflows/boost-ci.yml
@@ -2,6 +2,9 @@ name: Bolt Boost CI
 
 on:
   push:
+    branches:
+      - unstable
+      - main
     paths:
       - "bolt-boost/**"
   pull_request:

diff --git a/.github/workflows/bolt_cli_ci.yml → .github/workflows/cli-ci.yml b/.github/workflows/bolt_cli_ci.yml → .github/workflows/cli-ci.yml
diff --git a/.github/workflows/bolt_cli_release_bins.yml → .github/workflows/cli-release.yml b/.github/workflows/bolt_cli_release_bins.yml → .github/workflows/cli-release.yml
diff --git a/.github/workflows/contracts_ci.yml → .github/workflows/contracts-ci.yml b/.github/workflows/contracts_ci.yml → .github/workflows/contracts-ci.yml
@@ -1,11 +1,12 @@
-name: Bolt-contracts CI
+name: Bolt Contracts CI
 
 on:
   push:
-    paths:
-      - "bolt-contracts/**"
     branches:
       - unstable
+      - main
+    paths:
+      - "bolt-contracts/**"
   pull_request:
     paths:
       - "bolt-contracts/**"

diff --git a/.github/workflows/bolt_sidecar_ci.yml → .github/workflows/sidecar-ci.yml b/.github/workflows/bolt_sidecar_ci.yml → .github/workflows/sidecar-ci.yml
diff --git a/bolt-sidecar/Cargo.lock b/bolt-sidecar/Cargo.lock
diff --git a/bolt-sidecar/Cargo.toml b/bolt-sidecar/Cargo.toml
@@ -10,7 +10,7 @@ debug = true
 
 [dependencies]
 # core
-clap = { version = "4.5.20", features = ["derive", "env"] }
+clap = { version = "4.5.21", features = ["derive", "env"] }
 tokio = { version = "1", features = ["full"] }
 axum = { version = "0.7", features = ["macros"] }
 tower-http = { version = "0.5.2", features = ["timeout"] }