Show explicit result if check results in no warnings/errors about cargo-deny-action HOT 8 CLOSED

I seem to remember an article convincingly arguing that the Unix convention of not printing anything in case of success, while it made sense in the original '70s/'80s context, probably didn't make much sense anymore and could now be considered not so userfriendly. Can't find it now, I'm afraid... In any case, whether something is printed seems very much orthogonal to whether the exit code can be relied upon (which should absolutely be the case).

So I think it would definitely make sense to print a single line by default in the success case, but in the absence of that I'd be happy with something that's only exposed through the action.

from cargo-deny-action.

The info-level logging seems pretty noise to me. I still think a brief output command would be better. For this purpose, it's also disappointing that the log output doesn't say anything about completion.

from cargo-deny-action.

This was an intentional decision as it follows the pattern of many other CLI tools to not print any output if the command completes successfully, and automated scenarios such as CI relying solely on the exit code for the binary success/failure of the check, with the ability to change the log level to print out more info, though I don't think that is exposed by the action unfortunately.

I'm not totally opposed to adding something like --stats to print out the checks + time at the end of the run as long as it is optional, and exposing that in the action.

from cargo-deny-action.

Oh, I didn't even notice this was on the action repo and not cargo-deny itself, derp. One easy thing to do is to just expose the existing log level in the action and default it to info which prints out some basic stats like how many crates are being checked, and when each check actually starts (though not when it ends, which would be good to add)

from cargo-deny-action.

I do agree that having the action show some output would be good, as a sanity check.

Tested running cargo deny --log-level info check and it did log out this which is a good fit:

2020-06-04 17:36:48 [INFO] using config from /Users/johan/git/embark/ark/deny.toml
2020-06-04 17:36:48 [INFO] loading license store...
2020-06-04 17:36:48 [INFO] gathering crates for /Users/johan/git/embark/ark/Cargo.toml
2020-06-04 17:36:48 [INFO] Fetching advisory database from 'https://github.com/RustSec/advisory-db.git'
2020-06-04 17:36:48 [INFO] loading advisory database from /Users/johan/.cargo/advisory-db
2020-06-04 17:36:48 [INFO] finished loading advisory database from /Users/johan/.cargo/advisory-db
2020-06-04 17:36:54 [INFO] gathered 529 crates
2020-06-04 17:36:54 [INFO] checking bans...
2020-06-04 17:36:54 [INFO] checking licenses...
2020-06-04 17:36:54 [INFO] checking sources...
2020-06-04 17:36:54 [INFO] checking advisories...

But after that also logged out a lot about advisories that we specifically were skipping, which became quite verbose:

note[RUSTSEC-2020-0016]: `net2` crate has been deprecated; use `socket2` instead

     ┌── /Users/johan/git/embark/ark/Cargo.lock:266:1 ───
     │
 266 │ net2 0.2.34 registry+https://github.com/rust-lang/crates.io-index
     │ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ unmaintained advisory detected
     │
     = The [`net2`](https://crates.io/crates/net2) crate has been deprecated
       and users are encouraged to considered [`socket2`](https://crates.io/crates/socket2) instead.
     = URL: https://github.com/deprecrated/net2-rs/commit/3350e3819adf151709047e93f25583a5df681091
     = net2 v0.2.34
       ├── mio v0.6.22
       │   ├── mio-extras v2.0.6

Didn't expect that to be logged out with full dependency chains and all on the info level (when explicitly skipped), but if we fix/change that then just using --log-level info in the action could fit quite well.

@Jake-Shadle do you think the advisories maybe are just set on the wrong level here?

from cargo-deny-action.

Notes are mapped to the info level, so that's "correct" but I could lower it to be equivalent to debug instead, which makes sense in this case I think.

from cargo-deny-action.

I do think lowering it would be cleaner for this. Alternatively we could do what @djc suggested and have some brief summary output command instead of getting "log" output. But likely easiest to just use the info log output directly even if it looks a little bit messier

from cargo-deny-action.

Oops, didn't know that would resolve the issue on a different repo, will close this once I make a new release.

from cargo-deny-action.