name: Bundler Audit
on:
  merge_group:
  push:
    branches:
      - 'main'
      - 'stable-*'
    paths:
      - 'Gemfile*'
      - '.ruby-version'
      - '.github/workflows/bundler-audit.yml'

  pull_request:
    paths:
      - 'Gemfile*'
      - '.ruby-version'
      - '.github/workflows/bundler-audit.yml'

  schedule:
    - cron: '0 5 * * 1'

jobs:
  security:
    runs-on: ubuntu-latest

    env:
      BUNDLE_ONLY: development

    steps:
      - name: Clone repository
        uses: actions/checkout@v4

      - name: Set up Ruby
        uses: ruby/setup-ruby@v1
        with:
          bundler-cache: true

      - name: Run bundler-audit
        run: bundle exec bundler-audit check --update