From 1c5fb1e43c605ab0efc167bc3a9458108794297b Mon Sep 17 00:00:00 2001 From: mulhern Date: Mon, 2 Oct 2023 21:03:49 -0400 Subject: [PATCH] Run audit both with and without auditable information Signed-off-by: mulhern --- .github/workflows/nightly.yml | 42 ++++++++++++++++++++++++++++++++--- Makefile | 12 ++++++++++ 2 files changed, 51 insertions(+), 3 deletions(-) diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index 13f51019d15..25b4619de78 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -81,9 +81,6 @@ jobs: strategy: matrix: include: - - task: make -f Makefile audit - toolchain: 1.72.0 # CURRENT DEVELOPMENT RUST TOOLCHAIN - components: cargo # Allowed because a failure may occur after a new Rust stable # version is released. - task: make -f Makefile clippy @@ -118,6 +115,45 @@ jobs: - name: Test ${{ matrix.task }} on ${{ matrix.toolchain }} toolchain run: ${{ matrix.task }} + cargo-audit-checks: + continue-on-error: true + strategy: + matrix: + include: + - task: make -f Makefile audit + - task: AUDITABLE=1 PROFILEDIR=debug make -f Makefile audit-all-rust + runs-on: ubuntu-22.04 + container: + image: fedora:38 # CURRENT DEVELOPMENT ENVIRONMENT + steps: + - uses: actions/checkout@v3 + - name: Install dependencies for Fedora + run: > + dnf install -y + clang + curl + cryptsetup-devel + dbus-devel + libblkid-devel + make + ncurses + openssl-devel + python-requests + python-semantic_version + systemd-devel + - uses: dtolnay/rust-toolchain@master + with: + components: cargo + toolchain: 1.72.0 # CURRENT DEVELOPMENT RUST TOOLCHAIN + - uses: baptiste0928/cargo-install@v2 + with: + crate: cargo-audit + - uses: baptiste0928/cargo-install@v2 + with: + crate: cargo-auditable + - name: Run matrix task + run: ${{ matrix.task }} + checks-with-ci-repo: runs-on: ubuntu-22.04 container: diff --git a/Makefile b/Makefile index 99d41d9940b..a9f4d05510a 100644 --- a/Makefile +++ b/Makefile @@ -156,6 +156,17 @@ license: audit: cargo audit -D warnings +## Audit Rust executables +audit-all-rust: build-all-rust + cargo audit -D warnings bin \ + ./target/${PROFILEDIR}/stratisd \ + ./target/${PROFILEDIR}/stratisd-min \ + ./target/${PROFILEDIR}/stratis-min \ + ./target/${PROFILEDIR}/stratis-utils \ + ./target/${PROFILEDIR}/stratis-str-cmp \ + ./target/${PROFILEDIR}/stratis-base32-decode \ + ./target/${PROFILEDIR}/stratis-dumpmetadata + ## Check for spelling errors check-typos: typos @@ -462,6 +473,7 @@ clippy: clippy-macros clippy-min clippy-udev-utils clippy-no-ipc .PHONY: audit + audit-all-rust build build-all build-all-man