From 7e5e97a5ec1530ef6eb2a5a33a8d859733e1bf68 Mon Sep 17 00:00:00 2001 From: Flavio Castelli Date: Wed, 18 Jun 2025 11:48:17 +0200 Subject: [PATCH] fix: do not fail when Cargo.lock is not found Fix a regression introduced by `working-directory` settings, introduced by commit b7dc4eb. The commit started to invoke `cargo-audit` with the `--file /Cargo.lock` flag. However not all the Rust projects have `Cargo.lock` files committed; take libraries as an example. This commit changes the `working-directory` default value to be an empty string. In this way the `--file` flag can be added only when the user actually provides this parameter. Finally, the code has been changed to build the final path to the `Cargo.lock` file in a more robust way. The prior code assumed the action would be run on a unix system. It would have failed on a Windows machine. Signed-off-by: Flavio Castelli --- README.md | 10 +++++----- src/input.ts | 2 +- src/main.ts | 5 ++++- 3 files changed, 10 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 7911819..175b98f 100644 --- a/README.md +++ b/README.md @@ -100,10 +100,10 @@ For each new advisory (including informal) an issue will be created: ## Inputs -| Name | Required | Description | Type | Default | -| ------------| -------- | ---------------------------------------------------------------------------| ------ | --------| -| `token` | ✓ | [GitHub token], usually a `${{ secrets.GITHUB_TOKEN }}` | string | | -| `ignore` | | Comma-separated list of advisory ids to ignore | string | | -| `working-directory`| | The directory of the Cargo.toml / Cargo.lock files to scan. | string | `.` | +| Name | Required | Description | Type | Default | +| -------------------| -------- | ----------------------------------------------------------------------------------------------------- | ------ | --------| +| `token` | ✓ | [GitHub token], usually a `${{ secrets.GITHUB_TOKEN }}` | string | | +| `ignore` | | Comma-separated list of advisory ids to ignore | string | | +| `working-directory`| | The directory of the Cargo.toml / Cargo.lock files to scan. If omitted, the current directory is used | string | `` | [GitHub token]: https://help.github.com/en/actions/configuring-and-managing-workflows/authenticating-with-the-github_token diff --git a/src/input.ts b/src/input.ts index 9cbd319..8258002 100644 --- a/src/input.ts +++ b/src/input.ts @@ -15,6 +15,6 @@ export function get(): Input { return { token: input.getInput('token', { required: true }), ignore: input.getInputList('ignore', { required: false }), - workingDirectory: input.getInput('working-directory', { required: false }) ?? '.', + workingDirectory: input.getInput('working-directory', { required: false }) ?? '', }; } diff --git a/src/main.ts b/src/main.ts index abbb83c..5fce8ed 100644 --- a/src/main.ts +++ b/src/main.ts @@ -1,5 +1,6 @@ import * as process from 'process'; import * as os from 'os'; +import * as path from 'path'; import * as core from '@actions/core'; import * as github from '@actions/github'; @@ -25,7 +26,9 @@ async function getData( commandArray.push('--ignore', item); } commandArray.push('--json'); - commandArray.push('--file', `${workingDirectory}/Cargo.lock`); + if (workingDirectory != '') { + commandArray.push('--file', path.join(workingDirectory, 'Cargo.lock')); + } await cargo.call(commandArray, { ignoreReturnCode: true, listeners: {