Skip to content

fix: generate lockfile before cargo vet#30

Closed
27Bslash6 wants to merge 1 commit intomainfrom
fix/cargo-vet-lockfile
Closed

fix: generate lockfile before cargo vet#30
27Bslash6 wants to merge 1 commit intomainfrom
fix/cargo-vet-lockfile

Conversation

@27Bslash6
Copy link
Copy Markdown
Contributor

@27Bslash6 27Bslash6 commented May 2, 2026
edited by coderabbitai Bot
Loading

Summary

  • Add cargo generate-lockfile step before cargo vet in the scheduled security workflow
  • Cargo.lock is gitignored (library convention), so the CI checkout has no lockfile
  • cargo vet internally runs cargo metadata --locked which refuses to generate one
  • This also fixes the cache key (hashFiles('**/Cargo.lock') was always empty)

Summary by CodeRabbit

  • Chores
    • Internal build process improvements.

@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented May 2, 2026
edited
Loading

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: a87aba67-bf66-417d-b355-8731b82d59e0

📥 Commits

Reviewing files that changed from the base of the PR and between b90d14c and 9a3cff0.

📒 Files selected for processing (1)
  • .github/workflows/security.yml
📝 Walkthrough

Walkthrough

A cargo generate-lockfile step is added to the cargo-vet scheduled job in the security workflow, positioned before the existing dependency cache restoration to ensure a lockfile exists.

Changes

CI Workflow Dependency Preparation

Layer / File(s) Summary
Build Preparation
.github/workflows/security.yml		 New "Generate lockfile" step runs cargo generate-lockfile before cache restoration in the cargo-vet job.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~5 minutes

🐰 A lockfile born before the cache takes flight,
Ensures cargo's dependencies are locked just right.
One step, one line, the workflow gleams bright—
A tiny hop forward through the CI night! ✨

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title 'fix: generate lockfile before cargo vet' directly and clearly describes the main change: adding a cargo generate-lockfile step before cargo vet in the security workflow.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/cargo-vet-lockfile

Review rate limit: 4/5 reviews remaining, refill in 12 minutes.

Comment @coderabbitai help to get the list of available commands and usage tips.

@27Bslash6
Copy link
Copy Markdown
Contributor Author

27Bslash6 commented May 2, 2026

Superseded by broader workflow cleanup PR

@27Bslash6 27Bslash6 closed this May 2, 2026
@27Bslash6 27Bslash6 deleted the fix/cargo-vet-lockfile branch May 2, 2026 11:28
@27Bslash6 27Bslash6 mentioned this pull request May 2, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@27Bslash6