From 681351af468700ebeaaf86669210b9356ca57ba3 Mon Sep 17 00:00:00 2001
From: Markus Bergkvist <mbergkvist@users.noreply.github.com>
Date: Sat, 11 Nov 2023 13:02:39 +0100
Subject: [PATCH] Add optional input for Cargo lockfile

---
 README.md  | 1 +
 action.yml | 5 +++++
 audit.py   | 4 ++++
 3 files changed, 10 insertions(+)

diff --git a/README.md b/README.md
index a5ecf48..79c1015 100644
--- a/README.md
+++ b/README.md
@@ -54,6 +54,7 @@ Setting `denyWarnings` to true will also enable these warnings, but each warning
 | -------------- | ------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------ |
 | `TOKEN`        | The GitHub access token to allow us to retrieve, create and update issues (automatically set).   | `github.token`                                                           |
 | `denyWarnings` | Any warnings generated will be treated as an error and fail the action.                          | false                                                                    |
+| `file`         | The path to the Cargo.lock file.                                                                 | `Cargo.lock`                                                             |
 | `ignore`       | A comma separated list of Rustsec IDs to ignore.                                                 |                                                                          |
 | `createIssues` | Create/Update issues for each found vulnerability. By default only on `main` or `master` branch. | `github.ref == 'refs/heads/master' \|\| github.ref == 'refs/heads/main'` |
 
diff --git a/action.yml b/action.yml
index 4344cd2..b61508e 100644
--- a/action.yml
+++ b/action.yml
@@ -14,6 +14,10 @@ inputs:
     description: "Any warnings generated will be treated as an error and fail the action"
     required: false
     default: "false"
+  file:
+    description: "Cargo lockfile to inspect"
+    required: false
+    default: "Cargo.lock"
   ignore:
     description: "A comma separated list of Rustsec IDs to ignore"
     required: false
@@ -52,6 +56,7 @@ runs:
       env:
         INPUT_CREATE_ISSUES: ${{ inputs.createIssues }}
         INPUT_DENY_WARNINGS: ${{ inputs.denyWarnings }}
+        INPUT_FILE: ${{ inputs.file }}
         INPUT_IGNORE: ${{ inputs.ignore }}
         INPUT_TOKEN: ${{ inputs.TOKEN }}
         PYTHONPATH: ${{ github.action_path }}
diff --git a/audit.py b/audit.py
index 8bafbb7..8363ee1 100644
--- a/audit.py
+++ b/audit.py
@@ -398,6 +398,10 @@ def run() -> None:
         extra_args.append("--deny")
         extra_args.append("warnings")
 
+    if os.environ["INPUT_FILE"] != "":
+        extra_args.append("--file")
+        extra_args.append(os.environ["INPUT_FILE"])
+
     audit_cmd = ["cargo", "audit", "--json"] + extra_args + ignore_args
     debug(f"Running command: {audit_cmd}")
     completed = subprocess.run(