Merge branch 'cicd-audit-dependencies' into 'main'

Audit dependencies for CICD See merge request veilid/veilid!381
2025-04-19 15:25:54 -04:00 · 2025-04-12 02:11:55 +00:00 · 2025-04-12 02:11:55 +00:00 · 1ca1b46136
commit 1ca1b46136
parent 72b1434abc 6f1bda79a6
1 changed files with 16 additions and 0 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -8,6 +8,7 @@ variables:
 stages:
  - prepare
  - test
+  - audit_dependencies
  - build_packages
  - distribute
  - release
@ -29,6 +30,21 @@ format:
        - veilid-*/**/*.rs #Should fire when rust source files are changed
        - '**/*[Cc]argo*'

+audit_dependencies:
+  stage: audit_dependencies
+  image: rust:latest
+  before_script:
+    - cargo install cargo-audit --locked 
+  script:
+    - cargo audit
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+  # Allowing to fail since there are some dependencies 
+  # with vulnerabilities.
+  # Once the affected ones will be upgraded, if we want
+  # to be more strict setup to false
+  allow_failure: true
+
 # base earthly setup for jobs
 .base:
  tags: [ saas-linux-medium-amd64 ]