Exclude ci directory from packaged crate (#555)

mulkieran · web-flow · commit 037356f09a43 · 2023-08-17T17:14:21.000-07:00
I do not think there is compelling reason to release the ci support as
part of a Rust source code package. In addition, the crate, as it is
released now, gets flagged in some security scans due to the presence of
Dockerfiles which are considered to be following some unsafe practices.
Most Linux distros package using the vendored appraoch and provide a
vendor tarfile of an application's dependencies. Scanners will tend to
expect that the contents of the vendor tarfile will be source code.
These Dockerfiles are already being flagged by some scanners; other
contents of the ci directory may be flagged in future.
diff --git a/Cargo.toml b/Cargo.toml
@@ -14,6 +14,7 @@ A library to acquire a stack trace (backtrace) at runtime in a Rust program.
 autoexamples = true
 autotests = true
 edition = "2018"
+exclude = ["/ci/"]
 
 [workspace]
 members = ['crates/cpp_smoke_test', 'crates/as-if-std']
