Comments (8)
I seem to remember an article convincingly arguing that the Unix convention of not printing anything in case of success, while it made sense in the original '70s/'80s context, probably didn't make much sense anymore and could now be considered not so userfriendly. Can't find it now, I'm afraid... In any case, whether something is printed seems very much orthogonal to whether the exit code can be relied upon (which should absolutely be the case).
So I think it would definitely make sense to print a single line by default in the success case, but in the absence of that I'd be happy with something that's only exposed through the action.
from cargo-deny-action.
The info-level logging seems pretty noise to me. I still think a brief output command would be better. For this purpose, it's also disappointing that the log output doesn't say anything about completion.
from cargo-deny-action.
This was an intentional decision as it follows the pattern of many other CLI tools to not print any output if the command completes successfully, and automated scenarios such as CI relying solely on the exit code for the binary success/failure of the check, with the ability to change the log level to print out more info, though I don't think that is exposed by the action unfortunately.
I'm not totally opposed to adding something like --stats
to print out the checks + time at the end of the run as long as it is optional, and exposing that in the action.
from cargo-deny-action.
Oh, I didn't even notice this was on the action repo and not cargo-deny itself, derp. One easy thing to do is to just expose the existing log level in the action and default it to info
which prints out some basic stats like how many crates are being checked, and when each check actually starts (though not when it ends, which would be good to add)
from cargo-deny-action.
I do agree that having the action show some output would be good, as a sanity check.
Tested running cargo deny --log-level info check
and it did log out this which is a good fit:
2020-06-04 17:36:48 [INFO] using config from /Users/johan/git/embark/ark/deny.toml
2020-06-04 17:36:48 [INFO] loading license store...
2020-06-04 17:36:48 [INFO] gathering crates for /Users/johan/git/embark/ark/Cargo.toml
2020-06-04 17:36:48 [INFO] Fetching advisory database from 'https://github.com/RustSec/advisory-db.git'
2020-06-04 17:36:48 [INFO] loading advisory database from /Users/johan/.cargo/advisory-db
2020-06-04 17:36:48 [INFO] finished loading advisory database from /Users/johan/.cargo/advisory-db
2020-06-04 17:36:54 [INFO] gathered 529 crates
2020-06-04 17:36:54 [INFO] checking bans...
2020-06-04 17:36:54 [INFO] checking licenses...
2020-06-04 17:36:54 [INFO] checking sources...
2020-06-04 17:36:54 [INFO] checking advisories...
But after that also logged out a lot about advisories that we specifically were skipping, which became quite verbose:
note[RUSTSEC-2020-0016]: `net2` crate has been deprecated; use `socket2` instead
┌── /Users/johan/git/embark/ark/Cargo.lock:266:1 ───
│
266 │ net2 0.2.34 registry+https://github.com/rust-lang/crates.io-index
│ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ unmaintained advisory detected
│
= The [`net2`](https://crates.io/crates/net2) crate has been deprecated
and users are encouraged to considered [`socket2`](https://crates.io/crates/socket2) instead.
= URL: https://github.com/deprecrated/net2-rs/commit/3350e3819adf151709047e93f25583a5df681091
= net2 v0.2.34
├── mio v0.6.22
│ ├── mio-extras v2.0.6
Didn't expect that to be logged out with full dependency chains and all on the info level (when explicitly skipped), but if we fix/change that then just using --log-level info
in the action could fit quite well.
@Jake-Shadle do you think the advisories maybe are just set on the wrong level here?
from cargo-deny-action.
Notes are mapped to the info level, so that's "correct" but I could lower it to be equivalent to debug instead, which makes sense in this case I think.
from cargo-deny-action.
I do think lowering it would be cleaner for this. Alternatively we could do what @djc suggested and have some brief summary output command instead of getting "log" output. But likely easiest to just use the info log output directly even if it looks a little bit messier
from cargo-deny-action.
Oops, didn't know that would resolve the issue on a different repo, will close this once I make a new release.
from cargo-deny-action.
Related Issues (20)
- Automated publishing based of the releases in cargo-deny core repo HOT 2
- Failing to load advisory database HOT 2
- How do I use this with the package / workspace root being a subdirectory? HOT 3
- Enable use of shared `deny.toml` HOT 1
- Support Windows HOT 3
- Please add git to the cargo-deny container HOT 1
- Support changing the Rust version HOT 1
- Latest release says it's 1.2.20 when it should say 1.2.10 HOT 3
- Add CD for docker images to be uptodate with cargo and rust HOT 1
- Fails to parse Cargo.toml with `strip` is used HOT 1
- Cannot check private repositories HOT 5
- Create an issue when check fails
- The marketplace version is significantly lagging behind HOT 1
- Update cargo deny to 0.14.2 HOT 1
- Can't use ssh to fetch private repos
- This action doesn't seem to respect the current working directory. HOT 5
- `EmbarkStudios/cargo-deny-action@v1` fails due to `cargo metadata` - no such file or directory HOT 6
- existing `cargo-deny-action` jobs with `--manifest-path` now fail HOT 3
- Colorize output
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cargo-deny-action.