search

DataDog / datadog-static-analyzer

Datadog Static Analyzer
https://docs.datadoghq.com/static_analysis/
Apache License 2.0
100 stars 12 forks source link

[STAL-2577] feat: pin rust toolchain to 1.80.1 #509

Closed amaanq closed 1 month ago

amaanq commented 1 month ago

What problem are you trying to solve?

Currently, we do not pin the Rust toolchain to a specific version when building and deploying the analyzer. This is not ideal since we'd like our builds to be reproducible across different machines that might have different default toolchain versions set.

What is your solution?

Adding a rust-toolchain.toml file will allow us to pin the version used to build the analyzer, meaning that no matter what machine or OS version we build it on, it will always use this version.

Alternatives considered

What the reviewer should know

jasonforal commented 1 month ago

1.81.0 was just released today.

Let's pin to 1.80.1.

I don't see a strong reason to immediately jump to to 1.81.0 (None of our code is affected by the low-severity CVE that it fixes).