Sulkta-Coop/crafting-table
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Dockerfile: cargo-deny via prebuilt github release binary (cargo install too flaky)

Browse source
This commit is contained in:
Kayos 2026-04-29 14:41:48 -07:00
parent 64415348ce
commit 44535acdf8
1 changed files with 18 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

25
Dockerfile
View file

@ -213,13 +213,24 @@ RUN curl -fsSL https://sh.rustup.rs | sh -s -- -y --default-toolchain stable --p
# at runtime). The /caches/cargo/bin/ dir IS volume-shadowed by the host bind
# mount, so cargo install artifacts there disappear inside the live container.
USER root
RUN /home/crafter/.rustup/toolchains/stable-x86_64-unknown-linux-gnu/bin/cargo install \
--locked --root /usr/local cargo-deny \
&& chmod 755 /usr/local/bin/cargo-deny
# cargo-audit was historically here but its `git2` C-binding dep needs
# libgit2-sys which fails in this base. cargo-deny supersedes it for our
# use: `cargo deny check advisories` does the same RustSec-DB scan that
# cargo-audit does. The rust audit recipe uses cargo-deny accordingly.
# Install cargo-deny via the prebuilt linux x86_64 binary from its GitHub
# release — way more reliable than `cargo install` (which has flaked on
# both cargo-audit's libgit2-sys dep AND on quote's build script under
# the /caches/cargo volume contention). cargo-deny supersedes cargo-audit
# for our purposes: `cargo deny check advisories` runs the same RustSec
# advisory DB scan that cargo-audit does.
RUN ARCH="$(dpkg --print-architecture)" \
&& case "$ARCH" in \
amd64) DENY_TARGET=x86_64-unknown-linux-musl ;; \
arm64) DENY_TARGET=aarch64-unknown-linux-musl ;; \
*) echo "unsupported arch $ARCH for cargo-deny" && exit 1 ;; \
esac \
&& DENY_VERSION=0.16.4 \
&& curl -fsSL "https://github.com/EmbarkStudios/cargo-deny/releases/download/${DENY_VERSION}/cargo-deny-${DENY_VERSION}-${DENY_TARGET}.tar.gz" -o /tmp/cargo-deny.tgz \
&& tar -xzf /tmp/cargo-deny.tgz -C /tmp \
&& cp "/tmp/cargo-deny-${DENY_VERSION}-${DENY_TARGET}/cargo-deny" /usr/local/bin/cargo-deny \
&& chmod 755 /usr/local/bin/cargo-deny \
&& rm -rf /tmp/cargo-deny.tgz "/tmp/cargo-deny-${DENY_VERSION}-${DENY_TARGET}"
USER crafter
# ============================================================