ci: checks - factor out audit so it can run independently
This commit is contained in:
Trent Nelson
Trent Nelson
parent
21f66179ba
commit
3c1dd891af
|
|
@ -0,0 +1,48 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
here="$(dirname "$0")"
|
||||||
|
src_root="$(readlink -f "${here}/..")"
|
||||||
|
|
||||||
|
cd "${src_root}"
|
||||||
|
|
||||||
|
source ci/rust-version.sh stable
|
||||||
|
|
||||||
|
cargo_audit_ignores=(
|
||||||
|
# failure is officially deprecated/unmaintained
|
||||||
|
#
|
||||||
|
# Blocked on multiple upstream crates removing their `failure` dependency.
|
||||||
|
--ignore RUSTSEC-2020-0036
|
||||||
|
|
||||||
|
# `net2` crate has been deprecated; use `socket2` instead
|
||||||
|
#
|
||||||
|
# Blocked on https://github.com/paritytech/jsonrpc/issues/575
|
||||||
|
--ignore RUSTSEC-2020-0016
|
||||||
|
|
||||||
|
# stdweb is unmaintained
|
||||||
|
#
|
||||||
|
# Blocked on multiple upstream crates removing their `stdweb` dependency.
|
||||||
|
--ignore RUSTSEC-2020-0056
|
||||||
|
|
||||||
|
# Potential segfault in the time crate
|
||||||
|
#
|
||||||
|
# Blocked on multiple crates updating `time` to >= 0.2.23
|
||||||
|
--ignore RUSTSEC-2020-0071
|
||||||
|
|
||||||
|
# difference is unmaintained
|
||||||
|
#
|
||||||
|
# Blocked on predicates v1.0.6 removing its dependency on `difference`
|
||||||
|
--ignore RUSTSEC-2020-0095
|
||||||
|
|
||||||
|
# generic-array: arr! macro erases lifetimes
|
||||||
|
#
|
||||||
|
# Blocked on libsecp256k1 releasing with upgraded dependencies
|
||||||
|
# https://github.com/paritytech/libsecp256k1/issues/66
|
||||||
|
--ignore RUSTSEC-2020-0146
|
||||||
|
|
||||||
|
)
|
||||||
|
scripts/cargo-for-all-lock-files.sh +"$rust_stable" audit "${cargo_audit_ignores[@]}"
|
||||||
|
|
||||||
|
cd "${src_root}/programs/bpf"
|
||||||
|
"$cargo" stable audit
|
||||||
|
|
@ -59,44 +59,10 @@ _ "$cargo" nightly clippy -Zunstable-options --workspace --all-targets -- --deny
|
||||||
|
|
||||||
_ "$cargo" stable fmt --all -- --check
|
_ "$cargo" stable fmt --all -- --check
|
||||||
|
|
||||||
cargo_audit_ignores=(
|
_ ci/do-audit.sh
|
||||||
# failure is officially deprecated/unmaintained
|
|
||||||
#
|
|
||||||
# Blocked on multiple upstream crates removing their `failure` dependency.
|
|
||||||
--ignore RUSTSEC-2020-0036
|
|
||||||
|
|
||||||
# `net2` crate has been deprecated; use `socket2` instead
|
|
||||||
#
|
|
||||||
# Blocked on https://github.com/paritytech/jsonrpc/issues/575
|
|
||||||
--ignore RUSTSEC-2020-0016
|
|
||||||
|
|
||||||
# stdweb is unmaintained
|
|
||||||
#
|
|
||||||
# Blocked on multiple upstream crates removing their `stdweb` dependency.
|
|
||||||
--ignore RUSTSEC-2020-0056
|
|
||||||
|
|
||||||
# Potential segfault in the time crate
|
|
||||||
#
|
|
||||||
# Blocked on multiple crates updating `time` to >= 0.2.23
|
|
||||||
--ignore RUSTSEC-2020-0071
|
|
||||||
|
|
||||||
# difference is unmaintained
|
|
||||||
#
|
|
||||||
# Blocked on predicates v1.0.6 removing its dependency on `difference`
|
|
||||||
--ignore RUSTSEC-2020-0095
|
|
||||||
|
|
||||||
# generic-array: arr! macro erases lifetimes
|
|
||||||
#
|
|
||||||
# Blocked on libsecp256k1 releasing with upgraded dependencies
|
|
||||||
# https://github.com/paritytech/libsecp256k1/issues/66
|
|
||||||
--ignore RUSTSEC-2020-0146
|
|
||||||
|
|
||||||
)
|
|
||||||
_ scripts/cargo-for-all-lock-files.sh +"$rust_stable" audit "${cargo_audit_ignores[@]}"
|
|
||||||
|
|
||||||
{
|
{
|
||||||
cd programs/bpf
|
cd programs/bpf
|
||||||
_ "$cargo" stable audit "${cargo_audit_ignores[@]}"
|
|
||||||
for project in rust/*/ ; do
|
for project in rust/*/ ; do
|
||||||
echo "+++ do_bpf_checks $project"
|
echo "+++ do_bpf_checks $project"
|
||||||
(
|
(
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue