Specify directory to run audit on

kennetpostigo commented 3 years ago

Do the checklist before filing an issue:

[ ] Is this related to the actions-rs Actions? If you think it's a problem related to Github Actions in general, use GitHub Community forum instead: https://github.community
[x] You've read the Contributing section about feature requests: https://github.com/actions-rs/.github/blob/master/CONTRIBUTING.md#feature-requests
[ ] Is this something you can debug and fix? Send a pull request! Bug fixes and documentation fixes are welcome.

Motivation

My rust/cargo project isn't at the top level of my repo, so my audit check always fails because it can't find my Cargo.toml/Cargo.lock file and it doesn't take a manifest-path like other cargo commands do.

Describe your idea, motivation, and how Rust community could benefit from this feature.

Workflow example

It would be awesome if the action would read working-directory or take a manifest-path arg

jobs:
  security_audit:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v1
      - uses: actions-rs/audit-check@v1
        with:
          # consume working-directory
          working-directory: api
          # or read args
          args: --manifest-path api/Cargo.lock
          token: ${{ secrets.GITHUB_TOKEN }}

Additional context

I've tried a couple work arounds but couldn't get any of them working, I hope this isn't an invasive/difficult addition.

martin-g commented 3 years ago

The best would be if it takes into account the current working directory:

defaults:
  run:
    working-directory: lang/rust

See https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#defaultsrun

martin-g commented 3 years ago

It seems this issue is a duplicate of https://github.com/actions-rs/audit-check/issues/116

fzyzcjy commented 2 years ago

any updates?

stefangalowicz commented 2 years ago

I'm also interested in this, since we're using a mono repository.

This is a general problem with GitHub actions, because the defaults: run: working-directory setting is not inherited by actions that are invoked with uses:, but only steps that use run: instead. Therefore every action solves this in its own way.

audit-check is not consistent with actions-rs/clippy-check here by the way, which allows passing with: args:.

MariusVB commented 2 years ago

I'm also interested in this but have found a temporary solution. Just replace {CARGO_SUBDIR} with your cargo project directory in your repo and {DIRS_TO_REMOVE} with all the non-cargo directories in the top-level of your repo:


jobs:
  audit:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      # Moves all files in sub dir to top-level dir
      - run: cd $GITHUB_WORKSPACE && mv {CARGO_SUBDIR}/* .
      # Delete directories not to be audited
      - run: cd $GITHUB_WORKSPACE && rm -rf {DIRS_TO_REMOVE}
      - uses: actions-rs/audit-check@v1
        with:
          token: ${{ secrets.GITHUB_TOKEN }}

nicolaspernoud commented 1 year ago

+1 the workaround works, but is cumbersome...

actions-rs / audit-check