chore: separate cargo-deny advisory checks into its own job (#19679)

MystenLabs · Oct 3, 2024 · b5c7f39 · b5c7f39
1 parent 928b981
commit b5c7f39
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 33 deletions.
diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
@@ -39,37 +39,6 @@ jobs:
           command: build
           args: --all-targets --all-features --release
 
-  # This job seems to be consistently producing false-positives, lets disable for now
-  # cargo-udeps:
-  #   runs-on: [ubuntu-ghcloud]
-  #   steps:
-  #     - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11  # Pin v4.1.1
-  #     # Enable caching of the 'librocksdb-sys' crate by additionally caching the
-  #     # 'librocksdb-sys' src directory which is managed by cargo
-  #     - uses: bmwill/rust-cache@v1 # Fork of 'Swatinem/rust-cache' which allows caching additional paths
-  #       with:
-  #         path: ~/.cargo/registry/src/**/librocksdb-sys-*
-  #     - name: Install cargo-udeps, and cache the binary
-  #       uses: baptiste0928/cargo-install@1cd874a5478fdca35d868ccc74640c5aabbb8f1b # pin@v3.0.0
-  #       with:
-  #         crate: cargo-udeps
-  #         locked: true
-  #     - name: Install cargo-hakari, and cache the binary
-  #       uses: baptiste0928/cargo-install@1cd874a5478fdca35d868ccc74640c5aabbb8f1b # pin@v3.0.0
-  #       with:
-  #         crate: cargo-hakari
-  #         locked: true
-  #     # Normally running cargo-udeps requires use of a nightly compiler
-  #     # In order to have a more stable and less noisy experience, lets instead
-  #     # opt to use the stable toolchain specified via the 'rust-toolchain' file
-  #     # and instead enable nightly features via 'RUSTC_BOOTSTRAP'
-  #     - name: run cargo-udeps
-  #       run: |
-  #         # First we need to disable the workspace-hack package
-  #         cargo hakari disable
-  #         cargo hakari remove-deps -y
-  #         RUSTC_BOOTSTRAP=1 cargo udeps
-
   report-status:
     name: Report Status
     runs-on: ubuntu-latest

diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml
@@ -384,7 +384,7 @@ jobs:
           args: --check
 
   cargo-deny:
-    name: cargo-deny (advisories, licenses, bans, ...)
+    name: cargo-deny (bans, licenses, sources)
     needs: diff
     if: needs.diff.outputs.isRust == 'true'
     runs-on: [ ubuntu-latest ]
@@ -393,7 +393,19 @@ jobs:
         with:
           ref: ${{ github.event.inputs.sui_repo_ref || github.ref }}
       - uses: taiki-e/install-action@cargo-deny
-      - run: cargo deny check
+      - run: cargo deny check bans licenses sources
+
+  cargo-deny-advisories:
+    name: cargo-deny (advisories)
+    needs: diff
+    if: needs.diff.outputs.isRust == 'true'
+    runs-on: [ ubuntu-latest ]
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # Pin v4.1.1
+        with:
+          ref: ${{ github.event.inputs.sui_repo_ref || github.ref }}
+      - uses: taiki-e/install-action@cargo-deny
+      - run: cargo deny check advisories
 
   sui-excution-cut:
     name: cutting a new execution layer