name: Cargo audit

on:
  pull_request:
  push:
    branches:
      - main

permissions:
  contents: read

jobs:
  audit:
    runs-on: ubuntu-latest
    defaults:
      run:
        working-directory: codex-rs
    steps:
      - uses: actions/checkout@v4
      - uses: dtolnay/rust-toolchain@stable
      - name: Install cargo-audit
        uses: taiki-e/install-action@v2
        with:
          tool: cargo-audit
      - name: Run cargo audit
        run: cargo audit --deny warnings