ci: run cargo audit #9116
Comments
Jefffrey
added
enhancement
|
Marking as good first issue as there is the arrow-rs PR to base off from, and is self contained to only CI for this repo |
|
I noticed there is a fork of original audit-check action. I think this could be trusted since it is run by the Rust Secure Code WG. |
I think I tried that action before but was unable to get it to run in CI, see: apache/arrow-rs#5160 (comment) So I opted for just including the shell steps manually, but if there's another way to get around that above error and use that audit-check action then I'm all for it 👍 |
|
Ah that's great then 👍 Feel free to submit a PR with this added 👀 |
Is your feature request related to a problem or challenge?
Run cargo audit as part of CI
Describe the solution you'd like
See arrow-rs: apache/arrow-rs#5160
Describe alternatives you've considered
Don't do this
Additional context
Looks like this was attempted before: #599
Though this was attempting to run it on schedule. In the arrow-rs PR above it only runs on PR/commits to master
DataFusion probably moves fast enough that commits to main are enough for triggering audit check, but can explore making it scheduled again
Note that will not be able to use the audit GitHub action and will instead need to run it manually, as was not able to use the GitHub action due to some policy blocking external action use (or something like that)
The text was updated successfully, but these errors were encountered: