Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

github actions: add cargo audit job #133

Merged
merged 4 commits into from
Apr 11, 2024
Merged

github actions: add cargo audit job #133

merged 4 commits into from
Apr 11, 2024

Conversation

rillian
Copy link
Contributor

@rillian rillian commented Apr 11, 2024

Run cargo audit from the default runner image to give feedback on reported issues with dependencies.

Currently this fails, but running cargo update is suffient to address everything but the unmaintained warning about rusoto crates. Addressing that one requires porting to the aws sdk.

@rillian rillian self-assigned this Apr 11, 2024
@rillian rillian requested a review from a team as a code owner April 11, 2024 17:10
@rillian rillian mentioned this pull request Apr 11, 2024
Merged
rillian and others added 4 commits April 11, 2024 11:26
@rillian @DJAndries
github actions: add cargo audit job
fa4adf5 
Run `cargo audit` from the default runner image to give feedback
on reported issues with dependencies.

Currently this fails, but running `cargo update` is suffient to
address everything but the unmaintained warning about rusoto crates.
Addressing that one requires porting to the aws sdk.
@rillian @DJAndries
github actions: run audit on all pull requests
9bee9cc 
The `pull_request` trigger was redundant with the `push` trigger.
However, it's nice to have audit feedback on any pull request,
regardless of whether it touches dependencies, in order to bring
new issues to attention. Therefore run on pull requests against
the usual default branch names.
@rillian @DJAndries
github actions: Report failure on warnings
0cbb253 
Make it more clear in the status check if there are audit warnings,
which includes yanked and unmaintained crates.

Also check the test client.
@DJAndries
Add temporary cargo audit exception for rusoto
30516e3
@DJAndries
Copy link
Collaborator

Currently this fails, but running cargo update is suffient to address everything but the unmaintained warning about rusoto crates. Addressing that one requires porting to the aws sdk.

Added an exception for rusoto so that the workflow passes. Filed #134 for replacement of rusoto.

rillian
rillian commented Apr 11, 2024
View reviewed changes
Copy link
Contributor Author

@rillian rillian left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Works for me!

DJAndries
DJAndries approved these changes Apr 11, 2024
View reviewed changes
Copy link
Collaborator

@DJAndries DJAndries left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks Ralph! much appreciated

@DJAndries DJAndries merged commit 87ed0f3 into master Apr 11, 2024
6 checks passed
@rillian rillian deleted the audit branch April 11, 2024 18:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@DJAndries DJAndries DJAndries approved these changes

Assignees

@rillian rillian

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@rillian @DJAndries