ci: checks - factor out audit so it can run independently
(cherry picked from commit 3c1dd891af)
This commit is contained in:
Trent Nelson
committed by
Trent Nelson
Trent Nelson
parent
1da88658c3
commit
32b05e7ba0
50
ci/do-audit.sh
Executable file
50
ci/do-audit.sh
Executable file
@ -0,0 +1,50 @@
|
|||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
here="$(dirname "$0")"
|
||||||
|
src_root="$(readlink -f "${here}/..")"
|
||||||
|
|
||||||
|
cd "${src_root}"
|
||||||
|
|
||||||
|
source ci/rust-version.sh stable
|
||||||
|
|
||||||
|
cargo_audit_ignores=(
|
||||||
|
# failure is officially deprecated/unmaintained
|
||||||
|
#
|
||||||
|
# Blocked on multiple upstream crates removing their `failure` dependency.
|
||||||
|
--ignore RUSTSEC-2020-0036
|
||||||
|
|
||||||
|
# `net2` crate has been deprecated; use `socket2` instead
|
||||||
|
#
|
||||||
|
# Blocked on https://github.com/paritytech/jsonrpc/issues/575
|
||||||
|
--ignore RUSTSEC-2020-0016
|
||||||
|
|
||||||
|
# stdweb is unmaintained
|
||||||
|
#
|
||||||
|
# Blocked on multiple upstream crates removing their `stdweb` dependency.
|
||||||
|
--ignore RUSTSEC-2020-0056
|
||||||
|
|
||||||
|
# Potential segfault in the time crate
|
||||||
|
#
|
||||||
|
# Blocked on multiple crates updating `time` to >= 0.2.23
|
||||||
|
--ignore RUSTSEC-2020-0071
|
||||||
|
|
||||||
|
# difference is unmaintained
|
||||||
|
#
|
||||||
|
# Blocked on predicates v1.0.6 removing its dependency on `difference`
|
||||||
|
--ignore RUSTSEC-2020-0095
|
||||||
|
|
||||||
|
# hyper is upgraded on master/v1.6 but not for v1.5
|
||||||
|
--ignore RUSTSEC-2021-0020
|
||||||
|
|
||||||
|
# generic-array: arr! macro erases lifetimes
|
||||||
|
#
|
||||||
|
# ed25519-dalek and libsecp256k1 not upgraded for v1.5
|
||||||
|
--ignore RUSTSEC-2020-0146
|
||||||
|
|
||||||
|
)
|
||||||
|
scripts/cargo-for-all-lock-files.sh +"$rust_stable" audit "${cargo_audit_ignores[@]}"
|
||||||
|
|
||||||
|
cd "${src_root}/programs/bpf"
|
||||||
|
"$cargo" stable audit
|
||||||
@ -59,45 +59,10 @@ _ "$cargo" nightly clippy -Zunstable-options --workspace --all-targets -- --deny
|
|||||||
|
|
||||||
_ "$cargo" stable fmt --all -- --check
|
_ "$cargo" stable fmt --all -- --check
|
||||||
|
|
||||||
cargo_audit_ignores=(
|
_ ci/do-audit.sh
|
||||||
# failure is officially deprecated/unmaintained
|
|
||||||
#
|
|
||||||
# Blocked on multiple upstream crates removing their `failure` dependency.
|
|
||||||
--ignore RUSTSEC-2020-0036
|
|
||||||
|
|
||||||
# `net2` crate has been deprecated; use `socket2` instead
|
|
||||||
#
|
|
||||||
# Blocked on https://github.com/paritytech/jsonrpc/issues/575
|
|
||||||
--ignore RUSTSEC-2020-0016
|
|
||||||
|
|
||||||
# stdweb is unmaintained
|
|
||||||
#
|
|
||||||
# Blocked on multiple upstream crates removing their `stdweb` dependency.
|
|
||||||
--ignore RUSTSEC-2020-0056
|
|
||||||
|
|
||||||
# Potential segfault in the time crate
|
|
||||||
#
|
|
||||||
# Blocked on multiple crates updating `time` to >= 0.2.23
|
|
||||||
--ignore RUSTSEC-2020-0071
|
|
||||||
|
|
||||||
# difference is unmaintained
|
|
||||||
#
|
|
||||||
# Blocked on predicates v1.0.6 removing its dependency on `difference`
|
|
||||||
--ignore RUSTSEC-2020-0095
|
|
||||||
|
|
||||||
# hyper is upgraded on master/v1.6 but not for v1.5
|
|
||||||
--ignore RUSTSEC-2021-0020
|
|
||||||
|
|
||||||
# generic-array: arr! macro erases lifetimes
|
|
||||||
#
|
|
||||||
# ed25519-dalek and libsecp256k1 not upgraded for v1.5
|
|
||||||
--ignore RUSTSEC-2020-0146
|
|
||||||
)
|
|
||||||
_ scripts/cargo-for-all-lock-files.sh +"$rust_stable" audit "${cargo_audit_ignores[@]}"
|
|
||||||
|
|
||||||
{
|
{
|
||||||
cd programs/bpf
|
cd programs/bpf
|
||||||
_ "$cargo" stable audit "${cargo_audit_ignores[@]}"
|
|
||||||
for project in rust/*/ ; do
|
for project in rust/*/ ; do
|
||||||
echo "+++ do_bpf_checks $project"
|
echo "+++ do_bpf_checks $project"
|
||||||
(
|
(
|
||||||
|
|||||||
Reference in New Issue
Block a user