v2 fails on library crates with no Cargo.lock file #27
Comments
|
This was deliberately removed in #15 |
Yes, I know, but note that for library packages, that don't include a diff --git a/.github/workflows/rust-audit-scheduled.yml b/.github/workflows/rust-audit-scheduled.yml
index 033f1b1..fa92930 100644
--- a/.github/workflows/rust-audit-scheduled.yml
+++ b/.github/workflows/rust-audit-scheduled.yml
@@ -11,7 +11,9 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- - uses: rustsec/audit-check@v1.4.1
+ - name: generate Cargo.lock
+ run: cargo generate-lockfile
+ - uses: rustsec/audit-check@v2.0.0
with:
token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/rust-audit.yml b/.github/workflows/rust-audit.yml
index 30a1d4c..425def4 100644
--- a/.github/workflows/rust-audit.yml
+++ b/.github/workflows/rust-audit.yml
@@ -18,7 +18,9 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- - uses: rustsec/audit-check@v1.4.1
+ - name: generate Cargo.lock
+ run: cargo generate-lockfile
+ - uses: rustsec/audit-check@v2.0.0
with:
token: ${{ secrets.GITHUB_TOKEN }}This is why I was asking if it could be generated conditionally based on existence of |
|
We used to do that and it was also deliberately removed: rustsec/rustsec#1112 If you know you need to unconditionally generate a |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In v2, if there is no
Cargo.lockin the repository, as is pretty much normal with library crates, the action fails because v2 no longer runscargo generate-lockfile.Can
cargo generate-lockfilebe conditionally run if there is noCargo.lockin the repository, as opposed to running it always and potentially overwriting an existingCargo.lock?The text was updated successfully, but these errors were encountered: