From 7e57c5cefe3814541489f7a34cc16b473860a44c Mon Sep 17 00:00:00 2001
From: Trent Nelson <trent@solana.com>
Date: Fri, 2 Oct 2020 12:24:05 -0600
Subject: [PATCH] CI: Split cargo-audit off to its own buildkite job run with
 cargo 1.46.0

Needed to support new cargo audit advisory format https://github.com/RustSec/advisory-db/issues/414
---
 ci/buildkite.yml   |  6 ++++++
 ci/rust-version.sh |  7 +++++++
 ci/test-audit.sh   | 11 +++++++++++
 ci/test-checks.sh  |  2 --
 4 files changed, 24 insertions(+), 2 deletions(-)
 create mode 100755 ci/test-audit.sh

diff --git a/ci/buildkite.yml b/ci/buildkite.yml
index 1123bb8611..801c5f7b23 100644
--- a/ci/buildkite.yml
+++ b/ci/buildkite.yml
@@ -15,6 +15,12 @@ steps:
 
   - wait
 
+  - command: ". ci/rust-version.sh; ci/docker-run.sh $$rust_audit_docker_image ci/test-audit.sh"
+    name: "audit"
+    timeout_in_minutes: 20
+
+  - wait
+
   - command: ". ci/rust-version.sh; ci/docker-run.sh $$rust_nightly_docker_image ci/test-checks.sh"
     name: "checks"
     timeout_in_minutes: 20
diff --git a/ci/rust-version.sh b/ci/rust-version.sh
index 9141d8507b..0f234fd23e 100644
--- a/ci/rust-version.sh
+++ b/ci/rust-version.sh
@@ -34,6 +34,9 @@ export rust_stable_docker_image=solanalabs/rust:"$stable_version"
 export rust_nightly=nightly-"$nightly_version"
 export rust_nightly_docker_image=solanalabs/rust-nightly:"$nightly_version"
 
+export rust_audit="1.46.0"
+export rust_audit_docker_image=solanalabs/rust-nightly:2020-08-17
+
 [[ -z $1 ]] || (
 
   rustup_install() {
@@ -47,6 +50,9 @@ export rust_nightly_docker_image=solanalabs/rust-nightly:"$nightly_version"
   set -e
   cd "$(dirname "${BASH_SOURCE[0]}")"
   case $1 in
+  audit)
+     rustup_install "$rust_audit"
+     ;;
   stable)
      rustup_install "$rust_stable"
      ;;
@@ -56,6 +62,7 @@ export rust_nightly_docker_image=solanalabs/rust-nightly:"$nightly_version"
   all)
      rustup_install "$rust_stable"
      rustup_install "$rust_nightly"
+     rustup_install "$rust_audit"
     ;;
   *)
     echo "Note: ignoring unknown argument: $1"
diff --git a/ci/test-audit.sh b/ci/test-audit.sh
new file mode 100755
index 0000000000..6d55995632
--- /dev/null
+++ b/ci/test-audit.sh
@@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+set -e
+
+source ci/_
+source ci/rust-version.sh audit
+
+export RUST_BACKTRACE=1
+export RUSTFLAGS="-D warnings"
+
+_ cargo +"$rust_audit" audit --version
+_ scripts/cargo-for-all-lock-files.sh +"$rust_audit" audit --ignore RUSTSEC-2020-0002 --ignore RUSTSEC-2020-0008
diff --git a/ci/test-checks.sh b/ci/test-checks.sh
index a23a324575..2c83d57f77 100755
--- a/ci/test-checks.sh
+++ b/ci/test-checks.sh
@@ -31,8 +31,6 @@ _ cargo +"$rust_stable" fmt --all -- --check
 _ cargo +"$rust_stable" clippy --version
 _ cargo +"$rust_stable" clippy --workspace -- --deny=warnings
 
-_ cargo +"$rust_stable" audit --version
-_ scripts/cargo-for-all-lock-files.sh +"$rust_stable" audit --ignore RUSTSEC-2020-0002 --ignore RUSTSEC-2020-0008
 _ ci/order-crates-for-publishing.py
 
 {