From b5c7f39d1f878acc9b4b35508a674446299b6800 Mon Sep 17 00:00:00 2001
From: Brandon Williams <brandon@mystenlabs.com>
Date: Wed, 2 Oct 2024 21:44:35 -0500
Subject: [PATCH] chore: separate cargo-deny advisory checks into its own job
 (#19679)

---
 .github/workflows/nightly.yml | 31 -------------------------------
 .github/workflows/rust.yml    | 16 ++++++++++++++--
 2 files changed, 14 insertions(+), 33 deletions(-)

diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
index 0bfaf53094275..3a8a2594877ae 100644
--- a/.github/workflows/nightly.yml
+++ b/.github/workflows/nightly.yml
@@ -39,37 +39,6 @@ jobs:
           command: build
           args: --all-targets --all-features --release
 
-  # This job seems to be consistently producing false-positives, lets disable for now
-  # cargo-udeps:
-  #   runs-on: [ubuntu-ghcloud]
-  #   steps:
-  #     - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11  # Pin v4.1.1
-  #     # Enable caching of the 'librocksdb-sys' crate by additionally caching the
-  #     # 'librocksdb-sys' src directory which is managed by cargo
-  #     - uses: bmwill/rust-cache@v1 # Fork of 'Swatinem/rust-cache' which allows caching additional paths
-  #       with:
-  #         path: ~/.cargo/registry/src/**/librocksdb-sys-*
-  #     - name: Install cargo-udeps, and cache the binary
-  #       uses: baptiste0928/cargo-install@1cd874a5478fdca35d868ccc74640c5aabbb8f1b # pin@v3.0.0
-  #       with:
-  #         crate: cargo-udeps
-  #         locked: true
-  #     - name: Install cargo-hakari, and cache the binary
-  #       uses: baptiste0928/cargo-install@1cd874a5478fdca35d868ccc74640c5aabbb8f1b # pin@v3.0.0
-  #       with:
-  #         crate: cargo-hakari
-  #         locked: true
-  #     # Normally running cargo-udeps requires use of a nightly compiler
-  #     # In order to have a more stable and less noisy experience, lets instead
-  #     # opt to use the stable toolchain specified via the 'rust-toolchain' file
-  #     # and instead enable nightly features via 'RUSTC_BOOTSTRAP'
-  #     - name: run cargo-udeps
-  #       run: |
-  #         # First we need to disable the workspace-hack package
-  #         cargo hakari disable
-  #         cargo hakari remove-deps -y
-  #         RUSTC_BOOTSTRAP=1 cargo udeps
-
   report-status:
     name: Report Status
     runs-on: ubuntu-latest
diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml
index b8c95e4004b41..86f625aa5f5ef 100644
--- a/.github/workflows/rust.yml
+++ b/.github/workflows/rust.yml
@@ -384,7 +384,7 @@ jobs:
           args: --check
 
   cargo-deny:
-    name: cargo-deny (advisories, licenses, bans, ...)
+    name: cargo-deny (bans, licenses, sources)
     needs: diff
     if: needs.diff.outputs.isRust == 'true'
     runs-on: [ ubuntu-latest ]
@@ -393,7 +393,19 @@ jobs:
         with:
           ref: ${{ github.event.inputs.sui_repo_ref || github.ref }}
       - uses: taiki-e/install-action@cargo-deny
-      - run: cargo deny check
+      - run: cargo deny check bans licenses sources
+
+  cargo-deny-advisories:
+    name: cargo-deny (advisories)
+    needs: diff
+    if: needs.diff.outputs.isRust == 'true'
+    runs-on: [ ubuntu-latest ]
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # Pin v4.1.1
+        with:
+          ref: ${{ github.event.inputs.sui_repo_ref || github.ref }}
+      - uses: taiki-e/install-action@cargo-deny
+      - run: cargo deny check advisories
 
   sui-excution-cut:
     name: cutting a new execution layer