Skip to content
This repository was archived by the owner on Nov 15, 2023. It is now read-only.

[DO NOT MERGE] CI: return cargo deny to PRs #9885

Closed
TriplEight wants to merge 7 commits into from
Closed

[DO NOT MERGE] CI: return cargo deny to PRs #9885

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
781d8a9
CI: return cargo deny to PRs
TriplEight Sep 28, 2021
1552f00
CI: fix a warning [skip ci]
TriplEight Sep 28, 2021
413ad5e
CI: use changes properly
TriplEight Sep 28, 2021
4fc9458
Merge remote-tracking branch 'origin/master' into 3x8_return_deny
TriplEight Nov 22, 2021
85e747b
CI: cargo deny to just warn on vulnerabilities
TriplEight Nov 22, 2021
bf83e68
CI: advisory list is now a list
TriplEight Nov 22, 2021
455faba
CI: debug
TriplEight Nov 22, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 13 additions & 5 deletions .gitlab-ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -323,7 +323,17 @@ test-prometheus-alerting-rules:
cargo-deny:
stage: test
<<: *docker-env
<<: *nightly-pipeline
rules:
- if: $CI_PIPELINE_SOURCE == "pipeline"
when: never
- if: $CI_PIPELINE_SOURCE == "web"
- if: $CI_PIPELINE_SOURCE == "schedule"
- if: $CI_COMMIT_REF_NAME == "master"
- if: $CI_COMMIT_REF_NAME =~ /^[0-9]+$/ # PRs
changes:
- "Cargo.lock"
- "**/Cargo.toml"
- if: $CI_COMMIT_REF_NAME =~ /^v[0-9]+\.[0-9]+.*$/ # i.e. v1.0, v2.1rc1
script:
- cargo deny check --hide-inclusion-graph -c .maintain/deny.toml
after_script:
Expand All @@ -335,8 +345,6 @@ cargo-deny:
when: always
paths:
- deny.log
# FIXME: Temporarily allow to fail.
allow_failure: true

cargo-fmt:
stage: test
Expand Down Expand Up @@ -377,7 +385,7 @@ node-bench-regression-guard:
# this is a DAG
- job: cargo-check-benches
artifacts: true
# this does not like a DAG, just polls the artifact
# this does not work like a DAG, just polls the artifact
- project: $CI_PROJECT_PATH
job: cargo-check-benches
ref: master
Expand All @@ -390,7 +398,7 @@ node-bench-regression-guard:
- echo "node-bench-regression-guard depends on the results of a cargo-check-benches job"
- echo "In case of this job failure, check your pipeline's cargo-check-benches"
- 'node-bench-regression-guard --reference artifacts/benches/master-*
--compare-with artifacts/benches/$CI_COMMIT_REF_NAME-$CI_COMMIT_SHORT_SHA'
--compare-with artifacts/benches/$CI_COMMIT_REF_NAME-$CI_COMMIT_SHORT_SHA'

cargo-check-subkey:
stage: test
Expand Down
4 changes: 2 additions & 2 deletions .maintain/deny.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,9 +34,9 @@ targets = [
# The path where the advisory database is cloned/fetched into
db-path = "~/.cargo/advisory-db"
# The url of the advisory database to use
db-url = "https://github.com/rustsec/advisory-db"
db-urls = ["https://github.com/rustsec/advisory-db"]
# The lint level for security vulnerabilities
vulnerability = "deny"
vulnerability = "warn"
# The lint level for unmaintained crates
unmaintained = "warn"
# The lint level for crates that have been yanked from their source registry
Expand Down
1 change: 1 addition & 0 deletions Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -230,6 +230,7 @@ members = [
# probably concerns this list.
#
# This list is ordered alphabetically.
# FIXME:
[profile.dev.package]
blake2 = { opt-level = 3 }
blake2-rfc = { opt-level = 3 }
Expand Down