Merge pull request #2595 from influxdata/crepererum/issue2575

ci: add cargo audit
pull/24376/head
kodiakhq[bot] 2021-09-21 15:36:56 +00:00 committed by GitHub
commit 3e74859822
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 59 additions and 0 deletions

33
.cargo/audit.toml Normal file
View File

@ -0,0 +1,33 @@
[advisories]
ignore = [
# title: term is looking for a new maintainer
# why needed: used by `prettytable-rs` which is directly used by IOx but also by arrow
# upstream issue: https://github.com/phsym/prettytable-rs/issues/119
"RUSTSEC-2018-0015",
# title: memmap is unmaintained
# why needed: used by `symbolic` which is used by `pprof`
# upstream issue: https://github.com/getsentry/symbolic/issues/304
"RUSTSEC-2020-0077",
# title: difference is unmaintained
# why needed: used by `mockito`
# upstream issue: https://github.com/lipanski/mockito/issues/132
"RUSTSEC-2020-0095",
]
[output]
deny = [
"unmaintained",
"unsound",
"yanked",
]
quiet = false
[yanked]
# interaction of workspace-local crates and crates.io is currently broken (e.g. for `query`)
# see https://github.com/rustsec/rustsec/issues/232
enabled = false
# currently broken on CircleCI due to https://github.com/rustsec/rustsec/issues/292
update_index = false

View File

@ -89,6 +89,26 @@ jobs:
name: Clippy
command: cargo clippy --all-targets --workspace -- -D warnings
- cache_save
cargo_audit:
docker:
- image: quay.io/influxdb/rust:ci
environment:
# Disable incremental compilation to avoid overhead. We are not preserving these files anyway.
CARGO_INCREMENTAL: "0"
# Disable full debug symbol generation to speed up CI build
# "1" means line tables only, which is useful for panic tracebacks.
RUSTFLAGS: "-C debuginfo=1"
steps:
- checkout
- rust_components
- cache_restore
- run:
name: Install Cargo Audit
command: cargo install --force cargo-audit
- run:
name: Cargo Audit
command: cargo audit
- cache_save
doc:
docker:
- image: quay.io/influxdb/rust:ci
@ -383,6 +403,7 @@ workflows:
jobs:
- fmt
- lint
- cargo_audit
- protobuf-lint
- test
- test_heappy
@ -406,6 +427,10 @@ workflows:
filters:
branches:
only: main
- cargo_audit:
filters:
branches:
only: main
- test:
filters:
branches:
@ -421,6 +446,7 @@ workflows:
requires: # Only do a release build if all tests have passed
- fmt
- lint
- cargo_audit
- test
- build