tarcieri
commented
1 month ago This was deliberately removed in #15
Closed wookietreiber closed 1 month ago
tarcieri
commented
1 month ago This was deliberately removed in #15
wookietreiber
commented
1 month ago This was deliberately removed in #15
Yes, I know, but note that for library packages, that don't include a Cargo.lock in the repository, I now have to manually generate the Cargo.lock:
diff --git a/.github/workflows/rust-audit-scheduled.yml b/.github/workflows/rust-audit-scheduled.yml
index 033f1b1..fa92930 100644
--- a/.github/workflows/rust-audit-scheduled.yml
+++ b/.github/workflows/rust-audit-scheduled.yml
@@ -11,7 +11,9 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- - uses: rustsec/audit-check@v1.4.1
+ - name: generate Cargo.lock
+ run: cargo generate-lockfile
+ - uses: rustsec/audit-check@v2.0.0
with:
token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/rust-audit.yml b/.github/workflows/rust-audit.yml
index 30a1d4c..425def4 100644
--- a/.github/workflows/rust-audit.yml
+++ b/.github/workflows/rust-audit.yml
@@ -18,7 +18,9 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- - uses: rustsec/audit-check@v1.4.1
+ - name: generate Cargo.lock
+ run: cargo generate-lockfile
+ - uses: rustsec/audit-check@v2.0.0
with:
token: ${{ secrets.GITHUB_TOKEN }}This is why I was asking if it could be generated conditionally based on existence of Cargo.lock.
tarcieri
commented
1 month ago We used to do that and it was also deliberately removed: https://github.com/rustsec/rustsec/pull/1112
If you know you need to unconditionally generate a Cargo.lock, perhaps in your workflow you can run cargo generate-lockfile yourself.
In v2, if there is no
Cargo.lockin the repository, as is pretty much normal with library crates, the action fails because v2 no longer runscargo generate-lockfile.Can
cargo generate-lockfilebe conditionally run if there is noCargo.lockin the repository, as opposed to running it always and potentially overwriting an existingCargo.lock?