name: Security audit
on:
  schedule:
    - cron: '0 0 * * *'

jobs:
  audit:
    runs-on: ubuntu-latest
    if: github.repository == 'google/OpenSK'
    steps:
      - uses: actions/checkout@v4
        with:
          submodules: "true"
      - uses: actions/setup-python@v5
        with:
          python-version: "3.10"
      - name: Set up OpenSK
        run: ./setup.sh
      - uses: actions-rs/audit-check@v1
        with:
          token: ${{ secrets.GITHUB_TOKEN }}