From 3c1dd891af1f8e2a80d0c7603fad72fdaab160ab Mon Sep 17 00:00:00 2001 From: Trent Nelson Date: Sun, 28 Feb 2021 12:55:31 -0700 Subject: [PATCH] ci: checks - factor out audit so it can run independently --- ci/do-audit.sh | 48 +++++++++++++++++++++++++++++++++++++++++++++++ ci/test-checks.sh | 36 +---------------------------------- 2 files changed, 49 insertions(+), 35 deletions(-) create mode 100755 ci/do-audit.sh diff --git a/ci/do-audit.sh b/ci/do-audit.sh new file mode 100755 index 0000000000..f3b2bccb26 --- /dev/null +++ b/ci/do-audit.sh @@ -0,0 +1,48 @@ +#!/usr/bin/env bash + +set -e + +here="$(dirname "$0")" +src_root="$(readlink -f "${here}/..")" + +cd "${src_root}" + +source ci/rust-version.sh stable + +cargo_audit_ignores=( + # failure is officially deprecated/unmaintained + # + # Blocked on multiple upstream crates removing their `failure` dependency. + --ignore RUSTSEC-2020-0036 + + # `net2` crate has been deprecated; use `socket2` instead + # + # Blocked on https://github.com/paritytech/jsonrpc/issues/575 + --ignore RUSTSEC-2020-0016 + + # stdweb is unmaintained + # + # Blocked on multiple upstream crates removing their `stdweb` dependency. + --ignore RUSTSEC-2020-0056 + + # Potential segfault in the time crate + # + # Blocked on multiple crates updating `time` to >= 0.2.23 + --ignore RUSTSEC-2020-0071 + + # difference is unmaintained + # + # Blocked on predicates v1.0.6 removing its dependency on `difference` + --ignore RUSTSEC-2020-0095 + + # generic-array: arr! macro erases lifetimes + # + # Blocked on libsecp256k1 releasing with upgraded dependencies + # https://github.com/paritytech/libsecp256k1/issues/66 + --ignore RUSTSEC-2020-0146 + +) +scripts/cargo-for-all-lock-files.sh +"$rust_stable" audit "${cargo_audit_ignores[@]}" + +cd "${src_root}/programs/bpf" +"$cargo" stable audit diff --git a/ci/test-checks.sh b/ci/test-checks.sh index 8a6c0a800e..d3868262e5 100755 --- a/ci/test-checks.sh +++ b/ci/test-checks.sh @@ -59,44 +59,10 @@ _ "$cargo" nightly clippy -Zunstable-options --workspace --all-targets -- --deny _ "$cargo" stable fmt --all -- --check -cargo_audit_ignores=( - # failure is officially deprecated/unmaintained - # - # Blocked on multiple upstream crates removing their `failure` dependency. - --ignore RUSTSEC-2020-0036 - - # `net2` crate has been deprecated; use `socket2` instead - # - # Blocked on https://github.com/paritytech/jsonrpc/issues/575 - --ignore RUSTSEC-2020-0016 - - # stdweb is unmaintained - # - # Blocked on multiple upstream crates removing their `stdweb` dependency. - --ignore RUSTSEC-2020-0056 - - # Potential segfault in the time crate - # - # Blocked on multiple crates updating `time` to >= 0.2.23 - --ignore RUSTSEC-2020-0071 - - # difference is unmaintained - # - # Blocked on predicates v1.0.6 removing its dependency on `difference` - --ignore RUSTSEC-2020-0095 - - # generic-array: arr! macro erases lifetimes - # - # Blocked on libsecp256k1 releasing with upgraded dependencies - # https://github.com/paritytech/libsecp256k1/issues/66 - --ignore RUSTSEC-2020-0146 - -) -_ scripts/cargo-for-all-lock-files.sh +"$rust_stable" audit "${cargo_audit_ignores[@]}" +_ ci/do-audit.sh { cd programs/bpf - _ "$cargo" stable audit "${cargo_audit_ignores[@]}" for project in rust/*/ ; do echo "+++ do_bpf_checks $project" (