Skip to content

Commit

Permalink
Generate Cargo.lock before call cargo audit
Browse files Browse the repository at this point in the history
Starting from v0.18.0, cargo-audit hangs indefinitely if Cargo.lock
does not exist. We discovered this while upgrading the container
from v26 to v28 [1], which among other things updated cargo-audit.

For the binary crates this should not be a problem, since they have
Cargo.lock committed, but for many libraries this may not be true.

If Cargo.lock is not there, we are generating one with the latest
available versions, which may not be very significant. For this and
other reasons it's now suggested that libraries also have a
Cargo.lock [2] committed (thanks Manos for pointing this out).

Note: `cargo generate-lockfile` updates Cargo.lock if it's already
there, but we don't want it, that's why we have the guard.

[1] #138
[2] https://doc.rust-lang.org/nightly/cargo/faq.html#why-have-cargolock-in-version-control

Suggested-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org>
Suggested-by: Patrick Roy <roypat@amazon.co.uk>
Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
  • Loading branch information
stefano-garzarella committed Oct 20, 2023
1 parent 9751aaa commit 352bc23
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion .buildkite/test_description.json
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@
},
{
"test_name": "cargo-audit",
"command": "cargo audit -q --deny warnings",
"command": "[ -e Cargo.lock ] || cargo generate-lockfile; cargo audit -q --deny warnings",
"platform": [
"x86_64"
]
Expand Down

0 comments on commit 352bc23

Please sign in to comment.