Skip to content

ci: install cargo-deny via install-action instead of cargo-deny-action#65

Merged
satyakwok merged 2 commits into
mainfrom
ci/harden-cargo-deny
Jun 8, 2026
Merged

ci: install cargo-deny via install-action instead of cargo-deny-action#65
satyakwok merged 2 commits into
mainfrom
ci/harden-cargo-deny

Conversation

@satyakwok
Copy link
Copy Markdown
Member

@satyakwok satyakwok commented Jun 8, 2026

The cargo-deny-action rebuilds a Docker image every run (apk add + curl the musl binary) — flaked twice on transient apk/GH-release hiccups, red-X'ing clean runs. Switch to taiki-e/install-action (cached prebuilt binary, already used for nextest with the same pinned SHA) + an explicit toolchain step so cargo metadata resolves pinned 1.95.0. Same check (cargo deny check --all-features), no policy change.

@satyakwok
ci: install cargo-deny via install-action instead of cargo-deny-action
ce15e30 
The cargo-deny-action rebuilds a Docker image each run (apk add + curl the musl binary), which flaked twice on transient apk-mirror / GitHub-release hiccups and red-X'd otherwise-clean runs. taiki-e/install-action pulls a cached prebuilt binary (already used for nextest here, same pinned SHA) — faster and no per-run Docker build. Adds the rust-toolchain step so cargo metadata resolves the pinned 1.95.0 toolchain (also removes the old musl-toolchain warning noise).
@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented Jun 8, 2026
edited
Loading

Warning

Review limit reached

@satyakwok, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 43 minutes and 48 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: cb49c13c-e3bf-4a78-919e-2c2f561496cd

📥 Commits

Reviewing files that changed from the base of the PR and between 3eacf48 and fbd0df7.

📒 Files selected for processing (1)
  • .github/workflows/ci.yml
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch ci/harden-cargo-deny

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@satyakwok
ci: pass --all-features before the cargo-deny subcommand
fbd0df7 
Newer cargo-deny (from install-action) treats --all-features as a global cargo-metadata flag, so it must precede 'check' (cargo deny --all-features check), not follow it.
@satyakwok satyakwok merged commit 663c9d9 into main Jun 8, 2026
8 checks passed
@satyakwok satyakwok deleted the ci/harden-cargo-deny branch June 8, 2026 07:59
@satyakwok satyakwok self-assigned this Jun 8, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@satyakwok satyakwok

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@satyakwok