From 2ed6775dcfb7f7da195b28ab9e59a4446c037d53 Mon Sep 17 00:00:00 2001 From: Pascal Bach Date: Fri, 5 Nov 2021 04:42:12 +0000 Subject: [PATCH] Add cargo vendor test (#2076) ## Issue Addressed This is related to #1926 and #1712. ## Proposed Changes This PR adds a test that make sure that the used dependencies can be vendored. Being able to vendor the dependencies is important for archival and repdroducibility purpose. It's also required to package lighthouse for some Linux distributions. Specifically [NixOS](https://nixos.org/) and [Yocto](https://www.yoctoproject.org/). ## Additional Info This PR only adds the test, it doesn't clean up the dependencies yet. That's why it is in draft. --- .github/workflows/test-suite.yml | 8 ++++++++ Makefile | 4 ++++ 2 files changed, 12 insertions(+) diff --git a/.github/workflows/test-suite.yml b/.github/workflows/test-suite.yml index a7423e9eb6..95a2b8adfc 100644 --- a/.github/workflows/test-suite.yml +++ b/.github/workflows/test-suite.yml @@ -228,6 +228,14 @@ jobs: run: rustup update stable - name: Run cargo audit to identify known security vulnerabilities reported to the RustSec Advisory Database run: make audit + cargo-vendor: + name: cargo-vendor + runs-on: ubuntu-latest + needs: cargo-fmt + steps: + - uses: actions/checkout@v1 + - name: Run cargo vendor to make sure dependencies can be vendored for packaging, reproducibility and archival purpose + run: CARGO_HOME=$(readlink -f $HOME) make vendor cargo-udeps: name: cargo-udeps runs-on: ubuntu-latest diff --git a/Makefile b/Makefile index 072ba0353e..6856635ebd 100644 --- a/Makefile +++ b/Makefile @@ -166,6 +166,10 @@ audit: cargo install --force cargo-audit cargo audit --ignore RUSTSEC-2020-0071 --ignore RUSTSEC-2020-0159 +# Runs `cargo vendor` to make sure dependencies can be vendored for packaging, reproducibility and archival purpose. +vendor: + cargo vendor + # Runs `cargo udeps` to check for unused dependencies udeps: cargo +$(PINNED_NIGHTLY) udeps --tests --all-targets --release