Commit Graph

4 Commits

Author SHA1 Message Date
stevenhorsman
3466f888db agent-ctl: Move into root workspace
- Add agent-ctl to be a workspace member to simplify the
dependency management.
- Also add a test target as we've been running it in static-checks
without it doing anything

Assisted-by: IBM Bob
Signed-off-by: stevenhorsman <steven@uk.ibm.com>
2026-05-18 09:47:15 +01:00
stevenhorsman
efe62c9280 kata-ctl: Move into root workspace
Add kata-ctl to be a workspace member to simplify the
dependency management.

Assisted-by: IBM Bob
Signed-off-by: stevenhorsman <steven@uk.ibm.com>
2026-04-30 08:45:27 +01:00
stevenhorsman
a0410e0d5c static-checks: Update cargo deny config
The previous config is not valid, so update it based on information
from https://embarkstudios.github.io/cargo-deny/checks/cfg.html

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
2026-04-11 08:46:32 +01:00
Derek Lee
bed4aab7ee github-actions: Add cargo-deny
Adds cargo-deny to scan for vulnerabilities and license issues regarding
rust crates.

GitHub Actions does not have an obvious way to loop over each of the
Cargo.toml files. To avoid hardcoding it, I worked around the problem
using a composite action that first generates the cargo-deny action by
finding all Cargo.toml files before calling this new generated action in
the master workflow.

Uses recommended deny.toml from cargo-deny repo with the following
modifications:

 ignore = ["RUSTSEC-2020-0071"]
  because chrono is dependent on the version of time with the
  vulnerability and there is no simple workaround

 multiple-versions = "allow"
  Because of the above error and other packages, there are instances
  where some crates require different versions of a crate.

 unknown-git = "allow"
  I don't see a particular issue with allowing crates from other repos.
  An alternative would be the manually set each repo we want in an
  allow-git list, but I see this as more of a nuisance that its worth.
  We could leave this as a warning (default), but to avoid clutter I'm
  going to allow it.

If deny.toml needs to be edited in the future, here's the guide:
https://embarkstudios.github.io/cargo-deny/index.html

Fixes #3359

Signed-off-by: Derek Lee <derlee@redhat.com>
2022-08-30 09:30:03 -07:00