ci: add cargo audit cron job (#8)

* ci: add cargo audit cron job

* fix doc warnings

* update codeowners

Author: Fraser999

.github/CODEOWNERS

@@ -1,2 +1,2 @@
 * @init4tech/engineering
-.github/workflows @rswanson
+.github/workflows @init4tech/devops

.github/workflows/rust-audit-security.yml

@@ -0,0 +1,19 @@
+name: Security Audit
+# This workflow uses rustsec/audit-check to check for security vulnerabilities
+# On scheduled runs: automatically creates GitHub issues for findings
+# On push/PR: creates status checks that fail when vulnerabilities are found
+
+on:
+  schedule:
+    # Run daily at 09:00 UTC
+    - cron: '0 9 * * *'
+  workflow_dispatch: # Allow manual runs
+
+permissions: # these permissions are required for the workflow to run
+  contents: read  # Required to checkout the repository
+  issues: write   # Required to create issues (scheduled runs)
+  checks: write   # Required to create status checks (push/PR)
+
+jobs:
+  security-audit:
+    uses: init4tech/actions/.github/workflows/rust-audit-security.yml@main

src/sys/txn_manager.rs

@@ -42,7 +42,7 @@ pub(crate) struct Commit {
     pub(crate) span: tracing::Span,
 }
 
-/// Messages sent to the [`TxnManager`].
+/// Messages sent to the [`LifecycleHandle`].
 pub(crate) enum LifecycleEvent {
     Begin(Begin),
     Abort(Abort),
@@ -99,7 +99,7 @@ pub(crate) struct RwSyncLifecycle {
 }
 
 impl RwSyncLifecycle {
-    /// Creates a new [`TxnManager`], spawns a background task, returns
+    /// Creates a new [`LifecycleHandle`], spawns a background task, returns
     /// a sender to communicate with it.
     pub(crate) fn spawn(env: EnvPtr) -> LifecycleHandle {
         let (tx, rx) = sync_channel(0);
@@ -133,12 +133,12 @@ impl RwSyncLifecycle {
         sender.send(mdbx_result(unsafe { ffi::mdbx_txn_commit_ex(tx.0, latency.0) })).unwrap();
     }
 
-    /// Spawns a new [`std::thread`] that listens to incoming [`RwSyncLifecycle::Message`] messages,
+    /// Spawns a new [`std::thread`] that listens to incoming [`LifecycleEvent`] messages,
     /// executes an FFI function, and returns the result on the provided channel.
     ///
-    /// - [`RwSyncLifecycle::Message::Begin`] opens a new transaction with [`ffi::mdbx_txn_begin_ex`]
-    /// - [`RwSyncLifecycle::Message::Abort`] aborts a transaction with [`ffi::mdbx_txn_abort`]
-    /// - [`RwSyncLifecycle::Message::Commit`] commits a transaction with [`ffi::mdbx_txn_commit_ex`]
+    /// - [`LifecycleEvent::Begin`] opens a new transaction with [`ffi::mdbx_txn_begin_ex`]
+    /// - [`LifecycleEvent::Abort`] aborts a transaction with [`ffi::mdbx_txn_abort`]
+    /// - [`LifecycleEvent::Commit`] commits a transaction with [`ffi::mdbx_txn_commit_ex`]
     fn start_message_listener(self) {
         let task = move || {
             loop {

src/tx/iter/dupfixed_key.rs

@@ -135,7 +135,7 @@ where
     /// Fetch the next page of values for the current key.
     ///
     /// Unlike
-    /// [`IterDupFixed::fetch_next_page`](crate::tx::aliases::IterDupFixed),
+    /// [`IterDupFixed::fetch_next_page`](super::IterDupFixed),
     /// this does NOT move to the next key when pages are exhausted. It simply
     /// returns `Ok(false)` to signal exhaustion.
     ///