actions-rs/audit-check GH Action

[pinkforest]

Folk are using this and seems the maintainer @svartalf seems MIA

There seems to be at least one fork already by @djmitche / GothernburgBitFactory: https://github.com/actions-rs/audit-check/pull/221#issuecomment-1193138925 https://github.com/GothenburgBitFactory/taskwarrior/issues/2830#issuecomment-1179835614

Here: https://github.com/GothenburgBitFactory/audit-check Addressing: https://github.com/actions-rs/audit-check/issues/223

Would it be worthwhile to maintain a fork under GH org until the original maintainer is back

Or maybe we can just add the fork here: https://github.com/rust-secure-code/projects

In most basic form without any actions alternative always might be something like this - but it's pain to maintain vs action-ref:

    - name: Cache cargo bin
      uses: actions/cache@v1
      with:
        path: ~/.cargo/bin
        key: cargo-audit-v0.17.0

    - name: Install cargo-audit
      run: |
        if [ ! -f $HOME/.cargo/bin/cargo-audit ]; then
            cargo install cargo-audit --vers 0.17.0
        fi
    - name: cargo-audit
      run: cargo audit

There is ofc cargo-deny GH action too: https://github.com/EmbarkStudios/cargo-deny-action

[tarcieri]

This might be a better question to post at https://github.com/RustSec as it's specifically RustSec-related.

I think it might make sense to fork the action under that org so @RustSec can manage maintenance.

[tarcieri]

Somewhat related issue here: https://github.com/rustsec/rustsec/issues/303

[pinkforest]

I asked @Shnatsel about it yesterday and was supportive as well to under rustsec org