Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Run cargo audit as part of CI builds #166

Closed
anderejd opened this issue Dec 19, 2020 · 7 comments
Closed

Run cargo audit as part of CI builds #166

anderejd opened this issue Dec 19, 2020 · 7 comments
Labels
enhancement New feature or request good first issue Good for newcomers help wanted Extra attention is needed important If you want to contribute, please consider this issue before others.

Comments

@anderejd
Copy link
Contributor

cargo audit exists and we should use it as part of CI builds:

image
@anderejd anderejd added enhancement New feature or request good first issue Good for newcomers help wanted Extra attention is needed important If you want to contribute, please consider this issue before others. labels Dec 19, 2020
@brightly-salty
Copy link

This can be easily accomplished by using this GitHub action.

@anderejd
Copy link
Contributor Author

anderejd commented Jan 1, 2021
edited
Loading

Excuse my ignorance, I need to study GitHub Actions... the linked GitHub action looks over-engineered and seems to depend on nodejs. Why is that better than a single command cargo audit? Is it how GitHub actions must be implemented?

@brightly-salty
Copy link

I probably know even less than you. I do know that cargo-audit recommends using that GitHub Action rather than running cargo audit directly here.

@tarcieri
Copy link
Collaborator

tarcieri commented Jan 1, 2021

There's some functionality in the action which is nice, like auto-filing issues for security vulnerabilities.

If you don't care about that you can just use a simple action which installs, caches, and runs cargo-audit, although that won't change anything about using Node since that's what Actions is using behind the scenes.

@anderejd
Copy link
Contributor Author

anderejd commented Jan 3, 2021

cargo-audit recommends using that GitHub Action rather than running cargo audit directly here

@brightly-salty Thanks for the link and the info, let's go with the official recommendation and use the GitHub action.

There's some functionality in the action which is nice, like auto-filing issues for security vulnerabilities.

If you don't care about that you can just use a simple action which installs, caches, and runs cargo-audit, although that won't change anything about using Node since that's what Actions is using behind the scenes.

@tarcieri If nodejs is what GitHub Actions require, then I have no problem with it, I just prefer to avoid nodejs when possible. Let's use the mentioned GitHub action.

@8573 8573 mentioned this issue Jan 15, 2021
Open
@jmcconnell26 jmcconnell26 mentioned this issue Jan 20, 2021
Closed
@jmcconnell26
Copy link
Contributor

Raised #184 to run cargo audit against head at midnight

@anderejd
Copy link
Contributor Author

Great work, thanks! Closing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request good first issue Good for newcomers help wanted Extra attention is needed important If you want to contribute, please consider this issue before others.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@tarcieri @anderejd @jmcconnell26 @brightly-salty