chore(ci): add cargo-deny workflow#56
Conversation
|
Note Gemini is unable to generate a review for this pull request due to the file types involved not being currently supported. |
|
Warning Rate limit exceeded
To keep reviews running without waiting, you can enable usage-based add-on for your organization. This allows additional reviews beyond the hourly cap. Account admins can enable it under billing. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Organization UI Review profile: ASSERTIVE Plan: Pro Run ID: 📒 Files selected for processing (1)
✨ Finishing Touches🧪 Generate unit tests (beta)
✨ Simplify code
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Review rate limit: 0/1 reviews remaining, refill in 38 minutes and 4 seconds.Comment |
|
CodeAnt AI is reviewing your PR. Thanks for using CodeAnt! 🎉We're free for open-source projects. if you're enjoying it, help us grow by sharing. Share on X · |
|
codeant-ai
Bot
added
the
size:S
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 2 potential issues.
Bugbot Autofix is ON, but it could not run because the branch was deleted or merged before autofix could start.
Reviewed by Cursor Bugbot for commit 9d50557. Configure here.
| - uses: EmbarkStudios/cargo-deny-action@v2 | ||
| with: | ||
| command: check advisories | ||
| working-directory: rust |
There was a problem hiding this comment.
Config file not found due to wrong working directory
Medium Severity
The deny.toml configuration file exists at the repository root, but the workflow sets working-directory: rust. When cargo-deny runs from rust/, it won't find the root-level deny.toml, causing it to either use default settings (ignoring project-specific advisory configuration like yanked = "warn" and the ignore list) or fail. The config path needs to reference ../deny.toml or the file needs to be moved into rust/.
Reviewed by Cursor Bugbot for commit 9d50557. Configure here.
| - uses: EmbarkStudios/cargo-deny-action@v2 | ||
| with: | ||
| command: check advisories | ||
| working-directory: rust |
There was a problem hiding this comment.
Invalid action input working-directory silently ignored
High Severity
working-directory is not a recognized input for EmbarkStudios/cargo-deny-action@v2. The documented inputs are rust-version, log-level, command, arguments, manifest-path, command-arguments, and credentials. GitHub Actions silently ignores unknown with inputs, so the action will run from the repo root using the default manifest-path: ./Cargo.toml, but the workspace Cargo.toml lives at rust/Cargo.toml. The manifest-path input is likely what's needed here instead.
Reviewed by Cursor Bugbot for commit 9d50557. Configure here.
|
CodeAnt AI finished reviewing your PR. |
|
CodeAnt AI is running the review. Thanks for using CodeAnt! 🎉We're free for open-source projects. if you're enjoying it, help us grow by sharing. Share on X · |
codeant-ai
Bot
added
size:S
Sequence DiagramThis PR adds a GitHub Actions workflow that runs cargo-deny advisory checks on Rust workspace changes for pushes and pull requests targeting main, and reports the results in CI. sequenceDiagram
participant Developer
participant GitHub
participant CI
participant CargoDeny
Developer->>GitHub: Push or open pull request to main
GitHub->>CI: Trigger cargo-deny workflow
CI->>CargoDeny: Run advisory check for Rust workspace
CargoDeny-->>GitHub: Report advisory status on commit or pull request
Generated by CodeAnt AI |
|
CodeAnt AI finished running the review. Thanks for using CodeAnt! 🎉We're free for open-source projects. if you're enjoying it, help us grow by sharing. Share on X · |
|
CodeAnt AI is running the review. Thanks for using CodeAnt! 🎉We're free for open-source projects. if you're enjoying it, help us grow by sharing. Share on X · |
codeant-ai
Bot
added
size:S
Sequence DiagramThis PR adds a GitHub Actions workflow that runs cargo-deny advisory checks for the Rust workspace on pushes and pull requests targeting main, updating commit and pull request status based on the results. sequenceDiagram
participant Developer
participant GitHub
participant GitHubActions
participant CargoDeny
Developer->>GitHub: Push to main or open PR to main
GitHub->>GitHubActions: Trigger cargo-deny workflow
GitHubActions->>GitHubActions: Checkout repository code
GitHubActions->>CargoDeny: Run cargo-deny advisories check in rust workspace
CargoDeny-->>GitHubActions: Advisory check results
GitHubActions-->>GitHub: Update commit and pull request status
Generated by CodeAnt AI |
|
CodeAnt AI finished running the review. Thanks for using CodeAnt! 🎉We're free for open-source projects. if you're enjoying it, help us grow by sharing. Share on X · |
|
CodeAnt AI is running the review. Thanks for using CodeAnt! 🎉We're free for open-source projects. if you're enjoying it, help us grow by sharing. Share on X · |
codeant-ai
Bot
added
size:S
Sequence DiagramThis PR adds a GitHub Actions workflow that runs cargo deny advisory checks on the Rust workspace for pushes and pull requests to main, and on manual dispatch, blocking changes when advisories are found. sequenceDiagram
participant Developer
participant GitHubActions
participant RustWorkspace
participant CargoDeny
Developer->>GitHubActions: Push or open PR to main or run workflow manually
GitHubActions->>RustWorkspace: Checkout repository code
GitHubActions->>CargoDeny: Run advisory check in rust directory
CargoDeny-->>GitHubActions: Return advisories status
GitHubActions-->>Developer: Report CI result based on advisories
Generated by CodeAnt AI |
|
CodeAnt AI finished running the review. Thanks for using CodeAnt! 🎉We're free for open-source projects. if you're enjoying it, help us grow by sharing. Share on X · |
|
CodeAnt AI is running the review. Thanks for using CodeAnt! 🎉We're free for open-source projects. if you're enjoying it, help us grow by sharing. Share on X · |
codeant-ai
Bot
removed
the
size:S
codeant-ai
Bot
added
the
size:S
Sequence DiagramThis PR adds a GitHub Actions workflow that runs a cargo-deny advisories scan on Rust workspace changes for pushes and pull requests to main, and exposes the result via CI status. sequenceDiagram
participant Developer
participant GitHub
participant CI
participant CargoDeny
Developer->>GitHub: Push changes or open PR to main
GitHub->>CI: Trigger cargo-deny workflow
CI->>CI: Checkout repository code
CI->>CargoDeny: Run advisories check in rust workspace
CargoDeny-->>CI: Advisory scan result
CI-->>Developer: CI status with advisory outcome
Generated by CodeAnt AI |
|
CodeAnt AI finished running the review. Thanks for using CodeAnt! 🎉We're free for open-source projects. if you're enjoying it, help us grow by sharing. Share on X · |
|
CodeAnt AI is running the review. Thanks for using CodeAnt! 🎉We're free for open-source projects. if you're enjoying it, help us grow by sharing. Share on X · |
codeant-ai
Bot
added
size:S
Sequence DiagramThis PR adds a GitHub Actions workflow that runs cargo-deny advisory checks on Rust dependencies for pushes and pull requests to main, failing CI when advisories are detected. sequenceDiagram
participant Developer
participant GitHub
participant Workflow
participant CargoDeny
Developer->>GitHub: Push or open pull request to main
GitHub->>Workflow: Trigger cargo-deny workflow
Workflow->>Workflow: Checkout repository
Workflow->>CargoDeny: Run advisory check in rust directory
CargoDeny-->>Workflow: Return advisories result
Workflow-->>GitHub: Update build status pass or fail
Generated by CodeAnt AI |
|
CodeAnt AI finished running the review. Thanks for using CodeAnt! 🎉We're free for open-source projects. if you're enjoying it, help us grow by sharing. Share on X · |
|
CodeAnt AI is running the review. Thanks for using CodeAnt! 🎉We're free for open-source projects. if you're enjoying it, help us grow by sharing. Share on X · |
codeant-ai
Bot
added
size:S
Sequence DiagramThis PR adds a GitHub Actions workflow that runs cargo-deny advisory checks on Rust dependencies for pushes and pull requests targeting the main branch, causing CI to fail when known advisories are detected. sequenceDiagram
participant Developer
participant GitHub
participant CargoDenyWorkflow
participant CargoDeny
Developer->>GitHub: Push or open PR targeting main
GitHub->>CargoDenyWorkflow: Start cargo-deny workflow
CargoDenyWorkflow->>CargoDeny: Checkout repo and run advisories check in rust directory
CargoDeny-->>CargoDenyWorkflow: Return advisories status
CargoDenyWorkflow-->>GitHub: Mark check passed or failed on commit or PR
Generated by CodeAnt AI |
|
CodeAnt AI finished running the review. Thanks for using CodeAnt! 🎉We're free for open-source projects. if you're enjoying it, help us grow by sharing. Share on X · |
|
CodeAnt AI is running the review. Thanks for using CodeAnt! 🎉We're free for open-source projects. if you're enjoying it, help us grow by sharing. Share on X · |
codeant-ai
Bot
added
size:S
Sequence DiagramThis PR adds a GitHub Actions workflow that runs cargo-deny advisory checks for the Rust workspace on pushes and pull requests to main, failing CI when vulnerable dependencies are detected. sequenceDiagram
participant Developer
participant GitHub
participant CargoDenyJob
participant CargoDeny
Developer->>GitHub: Push or open PR to main
GitHub->>CargoDenyJob: Start cargo-deny workflow
CargoDenyJob->>CargoDenyJob: Checkout repository
CargoDenyJob->>CargoDeny: Run advisories check in rust directory
CargoDeny-->>CargoDenyJob: Advisory scan results
alt Advisories found
CargoDenyJob-->>GitHub: Mark job failed
else No advisories
CargoDenyJob-->>GitHub: Mark job passed
end
Generated by CodeAnt AI |
|
CodeAnt AI finished running the review. Thanks for using CodeAnt! 🎉We're free for open-source projects. if you're enjoying it, help us grow by sharing. Share on X · |
1 participant
User description
Adds workflow to run cargo-deny advisories check on push/PR.
Note
Low Risk
Low risk: adds a new GitHub Actions workflow only, with no production code changes; the main impact is potential new CI failures if advisories are detected.
Overview
Adds a new GitHub Actions workflow,
cargo-deny.yml, that runscargo-denyadvisory checks for the Rust workspace on pushes and PRs tomain(and via manual dispatch).Reviewed by Cursor Bugbot for commit 9d50557. Bugbot is set up for automated code reviews on this repo. Configure here.
CodeAnt-AI Description
Add Rust dependency advisory checks to pull requests and main branch pushes
What Changed
mainnow run a Rust advisory checkImpact
✅ Earlier warning on vulnerable Rust dependencies✅ Fewer insecure dependencies reaching main✅ Safer pull request checks🔄 Retrigger CodeAnt AI Review
Details
💡 Usage Guide
Checking Your Pull Request
Every time you make a pull request, our system automatically looks through it. We check for security issues, mistakes in how you're setting up your infrastructure, and common code problems. We do this to make sure your changes are solid and won't cause any trouble later.
Talking to CodeAnt AI
Got a question or need a hand with something in your pull request? You can easily get in touch with CodeAnt AI right here. Just type the following in a comment on your pull request, and replace "Your question here" with whatever you want to ask:
This lets you have a chat with CodeAnt AI about your pull request, making it easier to understand and improve your code.
Example
Preserve Org Learnings with CodeAnt
You can record team preferences so CodeAnt AI applies them in future reviews. Reply directly to the specific CodeAnt AI suggestion (in the same thread) and replace "Your feedback here" with your input:
This helps CodeAnt AI learn and adapt to your team's coding style and standards.
Example
Retrigger review
Ask CodeAnt AI to review the PR again, by typing:
Check Your Repository Health
To analyze the health of your code repository, visit our dashboard at https://app.codeant.ai. This tool helps you identify potential issues and areas for improvement in your codebase, ensuring your repository maintains high standards of code health.