rust-secure-code / cargo-auditable

Make production Rust binaries auditable
Apache License 2.0
646 stars 28 forks source link

Add cargo-dist, reintroduce rust-audit-info to the workspace #152

Closed Shnatsel closed 5 months ago

Shnatsel commented 5 months ago

@ashleygwilliams could you take a look and let me know if this is sufficient for integration into cargo dist (similar to https://github.com/CycloneDX/cyclonedx-rust-cargo/pull/559), or would you like me to enable certain installer scripts as well?

Shnatsel commented 5 months ago

Sadly this will not publish the latest existing release.

I've experimented in a fork, and Github requires both the tag and the commit it refers to to be newer than the commit when the tag-triggered action is introduced for it to trigger.

So I guess you can drop the question marks from this paragraph in the documentation:

TO BE EXTREMELY PEDANTIC: The workflow will trigger whenever Github sees that the git tag and the commit it refers to are part of the repo and the timestamp(?) of both(?) is after the commit that introduced the workflow's yml file. That last part is an absolute headache, and may require you to delete the tag both locally and on github if you created it before the workflow. Basically, setup cargo-dist before you start cutting releases!

Shnatsel commented 5 months ago

Closing in favor of #154