audit-check icon indicating copy to clipboard operation
audit-check copied to clipboard

Published 20 hours ago verified publisher icon actions-rs

Specify directory to run audit on

Open kennetpostigo opened this issue 4 years ago • 6 comments
trafficstars

Do the checklist before filing an issue:

  • [ ] Is this related to the actions-rs Actions? If you think it's a problem related to Github Actions in general, use GitHub Community forum instead: https://github.community
  • [x] You've read the Contributing section about feature requests: https://github.com/actions-rs/.github/blob/master/CONTRIBUTING.md#feature-requests
  • [ ] Is this something you can debug and fix? Send a pull request! Bug fixes and documentation fixes are welcome.

Motivation

My rust/cargo project isn't at the top level of my repo, so my audit check always fails because it can't find my Cargo.toml/Cargo.lock file and it doesn't take a manifest-path like other cargo commands do.

Describe your idea, motivation, and how Rust community could benefit from this feature.

Workflow example

It would be awesome if the action would read working-directory or take a manifest-path arg

jobs:
  security_audit:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v1
      - uses: actions-rs/audit-check@v1
        with:
          # consume working-directory
          working-directory: api
          # or read args
          args: --manifest-path api/Cargo.lock
          token: ${{ secrets.GITHUB_TOKEN }}

Additional context

I've tried a couple work arounds but couldn't get any of them working, I hope this isn't an invasive/difficult addition.

kennetpostigo avatar May 23 '21 19:05 kennetpostigo

Related to https://github.com/actions-rs/cargo/issues/86

The best would be if it takes into account the current working directory:

defaults:
  run:
    working-directory: lang/rust

See https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#defaultsrun

martin-g avatar Jul 08 '21 07:07 martin-g

It seems this issue is a duplicate of https://github.com/actions-rs/audit-check/issues/116

martin-g avatar Jul 08 '21 07:07 martin-g

any updates?

fzyzcjy avatar Oct 04 '21 12:10 fzyzcjy

I'm also interested in this, since we're using a mono repository.

This is a general problem with GitHub actions, because the defaults: run: working-directory setting is not inherited by actions that are invoked with uses:, but only steps that use run: instead. Therefore every action solves this in its own way.

audit-check is not consistent with actions-rs/clippy-check here by the way, which allows passing with: args: .

stefangalowicz avatar Oct 15 '21 07:10 stefangalowicz

I'm also interested in this but have found a temporary solution. Just replace {CARGO_SUBDIR} with your cargo project directory in your repo and {DIRS_TO_REMOVE} with all the non-cargo directories in the top-level of your repo:


jobs:
  audit:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      # Moves all files in sub dir to top-level dir
      - run: cd $GITHUB_WORKSPACE && mv {CARGO_SUBDIR}/* .
      # Delete directories not to be audited
      - run: cd $GITHUB_WORKSPACE && rm -rf {DIRS_TO_REMOVE}
      - uses: actions-rs/audit-check@v1
        with:
          token: ${{ secrets.GITHUB_TOKEN }}

MariusVB avatar Oct 26 '21 14:10 MariusVB

+1 the workaround works, but is cumbersome...

nicolaspernoud avatar Mar 29 '23 11:03 nicolaspernoud