From 9bf215e47ee33cb0ea522ebea60dc55c25f0ab28 Mon Sep 17 00:00:00 2001
From: Tony Arcieri <bascule@gmail.com>
Date: Sat, 19 Oct 2024 09:31:13 -0600
Subject: [PATCH] CI: security audit fixups (#1700)

- Pin to `ubuntu-24.04` until upgrade is complete at the end of October
- Re-unify security audit since workspace has been re-unified
- Use `rustsec/audit-check@v2` since `actions-rs` is unmaintained
---
 .github/workflows/security-audit.yml | 76 ++--------------------------
 1 file changed, 4 insertions(+), 72 deletions(-)

diff --git a/.github/workflows/security-audit.yml b/.github/workflows/security-audit.yml
index 154937a1..ee7be617 100644
--- a/.github/workflows/security-audit.yml
+++ b/.github/workflows/security-audit.yml
@@ -11,84 +11,16 @@ on:
     - cron: "0 0 * * *"
 
 jobs:
-  security_audit_workspace:
+  security_audit:
     name: Security Audit Workspace
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@v4
       - name: Cache cargo bin
         uses: actions/cache@v4
         with:
           path: ~/.cargo/bin
-          key: ${{ runner.os }}-cargo-audit-v0.20
-      - uses: actions-rs/audit-check@v1
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-
-  security_audit_crypto:
-    name: Security Audit crypto
-    runs-on: ubuntu-latest
-    defaults:
-      run:
-        working-directory: crypto
-    steps:
-      - uses: actions/checkout@v4
-      - name: Cache cargo bin
-        uses: actions/cache@v4
-        with:
-          path: ~/.cargo/bin
-          key: ${{ runner.os }}-cargo-audit-v0.20
-      - uses: actions-rs/audit-check@v1
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-
-  security_audit_elliptic-curve:
-    name: Security Audit elliptic-curve
-    runs-on: ubuntu-latest
-    defaults:
-      run:
-        working-directory: elliptic-curve
-    steps:
-      - uses: actions/checkout@v4
-      - name: Cache cargo bin
-        uses: actions/cache@v4
-        with:
-          path: ~/.cargo/bin
-          key: ${{ runner.os }}-cargo-audit-v0.20
-      - uses: actions-rs/audit-check@v1
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-
-  security_audit_kem:
-    name: Security Audit kem
-    runs-on: ubuntu-latest
-    defaults:
-      run:
-        working-directory: kem
-    steps:
-      - uses: actions/checkout@v4
-      - name: Cache cargo bin
-        uses: actions/cache@v4
-        with:
-          path: ~/.cargo/bin
-          key: ${{ runner.os }}-cargo-audit-v0.20
-      - uses: actions-rs/audit-check@v1
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-
-  security_audit_password-hash:
-    name: Security Audit password-hash
-    runs-on: ubuntu-latest
-    defaults:
-      run:
-        working-directory: password-hash
-    steps:
-      - uses: actions/checkout@v4
-      - name: Cache cargo bin
-        uses: actions/cache@v4
-        with:
-          path: ~/.cargo/bin
-          key: ${{ runner.os }}-cargo-audit-v0.20
-      - uses: actions-rs/audit-check@v1
+          key: ${{ runner.os }}-cargo-audit-v0.20-ubuntu-v24.04
+      - uses: rustsec/audit-check@v1
         with:
           token: ${{ secrets.GITHUB_TOKEN }}