rust-secure-code / cargo-auditable

Make production Rust binaries auditable
Apache License 2.0
646 stars 28 forks source link

Run CI with `--frozen` #86

Closed Shnatsel closed 1 year ago

Shnatsel commented 1 year ago

Some distributions run their builds with --frozen. If the Cargo.lock committed into the tree is not up to date, this build will fail.

Now that cargo auditable is packaged by an increasing number of distributions, it's important to keep the package maintainer effort low. We should verify on CI that the package is buildable with --frozen to keep the checked-in Cargo.lock up to date.

See #85 for more details on the issue.

figsoda commented 1 year ago

running with --locked is probably good enough for this purpose