ci: add cargo-audit supply-chain gate, drop orphaned -git PKGBUILD
Hygiene audit found deps clean but CI ran no vulnerability scan, so a future advisory against a locked crate would go undetected. Add an Audit workflow running cargo audit on push/PR — parses Cargo.lock, needs no GTK4 build env. Remove pkg/PKGBUILD: orphaned moonlock-git VCS recipe from the pre-tag-build era, two minors behind; canonical packaging lives in moonarch-pkgbuilds and is auto-bumped by update-pkgver.yaml. Drop the now-dead pkg/* makepkg ignore lines and add .pytest_cache/. No version bump — no change to the binary.
This commit is contained in:
+1
-5
@@ -1,7 +1,3 @@
|
||||
/target
|
||||
|
||||
# makepkg build artifacts
|
||||
pkg/src/
|
||||
pkg/pkg/
|
||||
pkg/moonlock/
|
||||
pkg/*.pkg.tar.*
|
||||
.pytest_cache/
|
||||
|
||||
Reference in New Issue
Block a user