name: Bundler Audit
on:
  push:
    branches-ignore:
      - 'dependabot/**'
    paths:
      - 'Gemfile*'
      - '.ruby-version'
      - '.bundler-audit.yml'
      - '.github/workflows/bundler-audit.yml'

  pull_request:
    paths:
      - 'Gemfile*'
      - '.ruby-version'
      - '.bundler-audit.yml'
      - '.github/workflows/bundler-audit.yml'

  schedule:
    - cron: '0 5 * * 1'

jobs:
  security:
    runs-on: ubuntu-latest

    steps:
      - name: Clone repository
        uses: actions/checkout@v4

      - name: Set up Ruby environment
        uses: ./.github/actions/setup-ruby

      - name: Run bundler-audit
        run: bundle exec bundler-audit