Commit 38edb2c
committed
Split
Instead of conditionally applying `continue-on-error: true` at the
job level to the `advisories` job, this splits `cargo-deny` into
two job definitions, `cargo-deny-advisories` and `cargo-deny`,
where *neither* has `continue-on-error` but `cargo-deny-advisories`
is omitted as a dependency of the `tests-pass` job that makes jobs
effectively required for PR auto-merge. This way, when there is an
unaddressed advisory, the `cargo-deny-advisories` job unambiguously
fails, even failing the workflow, but PRs can still auto-merge.
One implication of this is that, on Dependabot security update PRs,
`@dependabot merge` and `@dependabot squash and merge` commands
will only perform a merge if `cargo deny check advisories` reports
no other outstanding advisories. This is because, when Dependabot
is told to merge a PR, it only goes ahead with the merge if all
checks pass (i.e. report a successful conclusion). This would be
convenient for cases where, if the fix is not complete, further
manual review is desired. It would otherwise be inconvenient, but
then a usual PR auto-merge could be done instead (which is the more
common practice here anyway).cargo-deny job into two non-matrix jobs1 parent 5173e9a commit 38edb2c
1 file changed
+12
-9
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
192 | 192 | | |
193 | 193 | | |
194 | 194 | | |
195 | | - | |
| 195 | + | |
| 196 | + | |
| 197 | + | |
196 | 198 | | |
197 | 199 | | |
198 | | - | |
199 | | - | |
200 | | - | |
201 | | - | |
202 | | - | |
| 200 | + | |
| 201 | + | |
| 202 | + | |
| 203 | + | |
| 204 | + | |
203 | 205 | | |
204 | | - | |
205 | | - | |
| 206 | + | |
| 207 | + | |
206 | 208 | | |
207 | 209 | | |
208 | 210 | | |
209 | 211 | | |
210 | 212 | | |
211 | | - | |
| 213 | + | |
212 | 214 | | |
213 | 215 | | |
214 | 216 | | |
| |||
300 | 302 | | |
301 | 303 | | |
302 | 304 | | |
| 305 | + | |
303 | 306 | | |
304 | 307 | | |
305 | 308 | | |
| |||
0 commit comments