ci: add audit check in check.yml (#9)

.github/workflows/check.yml

@@ -117,3 +117,22 @@ jobs:
       - name: Check test
         run: |
           nix build .#checks.x86_64-linux.test 2>&1
+
+  check-audit:
+    runs-on: ubuntu-latest
+    needs: build-nixpkg
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Install Nix
+        uses: nixbuild/nix-quick-install-action@v27
+
+      - name: Restore Nix Cache
+        uses: nix-community/cache-nix-action@v5
+        with:
+          primary-key: nix-${{ runner.os }}-${{ hashFiles('flake.nix') }}
+
+      - name: Check test
+        run: |
+          nix build .#checks.x86_64-linux.audit 2>&1

flake.nix

@@ -12,6 +12,10 @@
     flake-utils = {
       url = "github:numtide/flake-utils";
     };
+    advisory-db = {
+      url = "github:rustsec/advisory-db";
+      flake = false;
+    };
   };
 
   outputs =
@@ -21,6 +25,7 @@
       nixpkgs,
       rust-overlay,
       crane,
+      advisory-db,
       ...
     }:
     flake-utils.lib.eachDefaultSystem (
@@ -115,6 +120,12 @@
         };
         checks = {
           inherit (self.packages."${system}") mania;
+          audit = craneLib.cargoAudit (
+            commonArgs
+            // {
+              inherit advisory-db;
+            }
+          );
           clippy = craneLib.cargoClippy (
             commonArgs
             // {