Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Run cargo deny in the test framework #5942

Merged
merged 1 commit into from
Mar 13, 2024
Merged

Run cargo deny in the test framework #5942

merged 1 commit into from
Mar 13, 2024

Conversation

MarkusPettersson98
Copy link
Contributor

@MarkusPettersson98 MarkusPettersson98 commented Mar 12, 2024
edited
Loading

This PR adds a new CI job for the test framework CI - run cargo deny to guard against supply chain vulnerabilities.
This is one step towards bringing the CI for the test framework on par with main workspace CI.

Open questions

In some sense it would be nice to have a separate deny.toml in the test workspace, but on the other hand it would be hard to keep them in sync with everything that should be shared across them. For now, I put the test workspace specific RUSTSEC advisories to allow temporarily in the main deny.toml 🤷

Answer: Duplicate deny.toml in the test workspace and modify as needed 📜 🖊️

This change is Reviewable

@linear Linear
Copy link

linear bot commented Mar 12, 2024

DES-674 Run `cargo deny` on testframework

@MarkusPettersson98 MarkusPettersson98 marked this pull request as draft March 12, 2024 10:26
@MarkusPettersson98
Copy link
Contributor Author

Right, openssl is banned from the main workspace. We probably need two separate deny.toml files then 🤦

@MarkusPettersson98 MarkusPettersson98 force-pushed the run-cargo-deny-on-testframework-des-674 branch from fa6435b to 7b6dc58 Compare March 13, 2024 09:11
@MarkusPettersson98 MarkusPettersson98 marked this pull request as ready for review March 13, 2024 09:32
faern
faern requested changes Mar 13, 2024
View reviewed changes
Copy link
Member

@faern faern left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unfortunately that we need to duplicate so much deny-info. But let's merge this so we get the CI up to speed at least. Hopefully we can simplify it at a later point in time. :lgtm:

Reviewed 1 of 2 files at r1, 2 of 2 files at r2, all commit messages.
Reviewable status: all files reviewed, 1 unresolved discussion (waiting on @MarkusPettersson98)

.github/workflows/testframework-rust-supply-chain.yml line 7 at r2 (raw file):

    paths:
      - .github/workflows/testframework-rust-supply-chain.yml
      - deny.toml

This is now the wrong deny.toml

@MarkusPettersson98 MarkusPettersson98 force-pushed the run-cargo-deny-on-testframework-des-674 branch from fbdcee3 to 6b5efa0 Compare March 13, 2024 15:20
MarkusPettersson98
MarkusPettersson98 commented Mar 13, 2024
View reviewed changes
Copy link
Contributor Author

@MarkusPettersson98 MarkusPettersson98 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewable status: 2 of 3 files reviewed, 1 unresolved discussion (waiting on @faern)

.github/workflows/testframework-rust-supply-chain.yml line 7 at r2 (raw file):

Previously, faern (Linus Färnstrand) wrote…

This is now the wrong deny.toml

Well spotted, fixed!

faern
faern approved these changes Mar 13, 2024
View reviewed changes
Copy link
Member

@faern faern left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed 1 of 1 files at r3, all commit messages.
Reviewable status: :shipit: complete! all files reviewed, all discussions resolved

@MarkusPettersson98 MarkusPettersson98 force-pushed the run-cargo-deny-on-testframework-des-674 branch from 6b5efa0 to 6ab1030 Compare March 13, 2024 15:45
@MarkusPettersson98
Run cargo deny in test workspace
31a74b9 
Security advisories`RUSTSEC-2023-0081` makes `cargo deny` fail when
running it from the test workspace. No fixes have been released for
any of our dependencies which triggers these security advisories,
so we have litle choise other than ignoring them for now and
keeping an eye out for updates upstream.
@MarkusPettersson98 MarkusPettersson98 force-pushed the run-cargo-deny-on-testframework-des-674 branch from 6ab1030 to 31a74b9 Compare March 13, 2024 15:47
@MarkusPettersson98 MarkusPettersson98 merged commit c4af7a7 into main Mar 13, 2024
15 checks passed
@MarkusPettersson98 MarkusPettersson98 deleted the run-cargo-deny-on-testframework-des-674 branch March 13, 2024 15:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@faern faern faern approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@MarkusPettersson98 @faern