From a1176e77be5488d6a7b607257bca88db56b0541d Mon Sep 17 00:00:00 2001 From: Alexander Uvizhev Date: Tue, 10 Feb 2026 11:13:25 +0300 Subject: [PATCH] Add insecure-dep test task to Makefile and CI (#8464) #8106 I added `insecure-deps` target to Makefile and a new step into `check-code` section of test-suite CI workflow that uses the former. That bash multiliner is not ideal, I'd prefer a cargo plugin instead but none exists. I also changed Cargo.toml to test that the new CI check works. Once we see a pipeline fails, I revert the change. Co-Authored-By: Alexander Uvizhev Co-Authored-By: chonghe <44791194+chong-he@users.noreply.github.com> Co-Authored-By: dapplion <35266934+dapplion@users.noreply.github.com> --- .github/workflows/test-suite.yml | 2 ++ Makefile | 6 ++++++ 2 files changed, 8 insertions(+) diff --git a/.github/workflows/test-suite.yml b/.github/workflows/test-suite.yml index 46fa15da86..72ea9d41ae 100644 --- a/.github/workflows/test-suite.yml +++ b/.github/workflows/test-suite.yml @@ -319,6 +319,8 @@ jobs: bins: cargo-audit,cargo-deny - name: Check formatting with cargo fmt run: make cargo-fmt + - name: Check dependencies for unencrypted HTTP links + run: make insecure-deps - name: Lint code for quality and style with Clippy run: make lint-full - name: Certify Cargo.lock freshness diff --git a/Makefile b/Makefile index 9d08c3ebe1..9e2b1d24c5 100644 --- a/Makefile +++ b/Makefile @@ -343,6 +343,12 @@ vendor: udeps: cargo +$(PINNED_NIGHTLY) udeps --tests --all-targets --release --features "$(TEST_FEATURES)" +# Checks Cargo.toml files for unencrypted HTTP links +insecure-deps: + @ BAD_LINKS=$$(find . -name Cargo.toml | xargs grep -n "http://" || true); \ + if [ -z "$$BAD_LINKS" ]; then echo "No insecure HTTP links found"; \ + else echo "$$BAD_LINKS"; echo "Using plain HTTP in Cargo.toml files is forbidden"; exit 1; fi + # Performs a `cargo` clean and cleans the `ef_tests` directory. clean: cargo clean