Skip to content

fix: remove complex SARIF generation from security workflow #46

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
joshrotenberg merged 3 commits into from
Aug 29, 2025
Merged

fix: remove complex SARIF generation from security workflow #46

joshrotenberg merged 3 commits into from
Aug 29, 2025

Conversation

@joshrotenberg
Copy link
Collaborator

@joshrotenberg joshrotenberg commented Aug 29, 2025
edited
Loading

Fix Security Workflow

Fixes two issues in the security workflow:

  1. Updates Rust version to support edition 2024
  2. Removes overly complex SARIF generation

Problems Fixed

1. Edition 2024 Support

  • Security workflow was using stable toolchain (1.80.0) which doesn't support edition 2024
  • Updated to use Rust 1.89 like our other workflows

2. Complex SARIF Generation

  • Multi-line Python script in YAML was causing syntax errors
  • cargo-audit doesn't natively support SARIF output
  • The conversion was overly complex and slowing down CI

Solution

  • Updated Rust toolchain to 1.89
  • Removed SARIF generation entirely, keeping just cargo audit --deny warnings

Benefits

  • ✅ Fixes workflow errors
  • ⚡ Speeds up CI
  • 🎯 Simpler, more maintainable workflow
  • 📊 Still gets security audit results

Fixes: https://github.com/joshrotenberg/redisctl/actions/runs/17313085658

@joshrotenberg joshrotenberg force-pushed the fix/security-workflow-yaml branch from 9b7399d to 3ba67eb Compare August 29, 2025 02:40
@joshrotenberg joshrotenberg changed the title fix: security workflow YAML syntax error fix: remove complex SARIF generation from security workflow Aug 29, 2025
@joshrotenberg joshrotenberg force-pushed the fix/security-workflow-yaml branch from 3ba67eb to 72251cd Compare August 29, 2025 02:43
@joshrotenberg
fix: update security workflow - Rust 1.89 and cargo-audit 0.21.2
0d01e13 
- Updates Rust version to 1.89 to support edition 2024
- Updates cargo-audit to 0.21.2 (0.20.5 doesn't exist)
- Removes complex Python script for SARIF generation
- Keeps simple cargo audit check which is sufficient
@joshrotenberg joshrotenberg force-pushed the fix/security-workflow-yaml branch from 72251cd to 0d01e13 Compare August 29, 2025 02:47
@joshrotenberg
fix: remove dependency-review job and fix cargo-deny for edition 2024
f55db93 
- Removed dependency-review job as it requires GitHub Advanced Security
- Added Rust 1.89 toolchain installation for cargo-deny to support edition 2024
@joshrotenberg
fix: remove cargo-deny job entirely
c02c37d 
cargo-deny doesn't support Rust edition 2024 yet. Since cargo-audit
already provides security vulnerability checking, we can safely remove
cargo-deny for now.
@joshrotenberg joshrotenberg merged commit cfd2caa into main Aug 29, 2025
10 checks passed
@joshrotenberg joshrotenberg deleted the fix/security-workflow-yaml branch August 29, 2025 03:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@joshrotenberg