diff --git a/README.md b/README.md index df9c483..32e1bf6 100644 --- a/README.md +++ b/README.md @@ -49,13 +49,14 @@ cargo audit supports multiple warning types, such as unsound code or yanked crat Configuration is only possible via the `informational_warnings` parameter in the configuration file ([#318](https://github.com/rustsec/rustsec/issues/318)). Setting `denyWarnings` to true will also enable these warnings, but each warning is upgraded to an error. -| Name | Description | Default | -| -------------- | ------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------ | -| `TOKEN` | The GitHub access token to allow us to retrieve, create and update issues (automatically set). | `github.token` | -| `denyWarnings` | Any warnings generated will be treated as an error and fail the action. | false | -| `file` | The path to the Cargo.lock file. | | -| `ignore` | A comma separated list of Rustsec IDs to ignore. | | -| `createIssues` | Create/Update issues for each found vulnerability. By default only on `main` or `master` branch. | `github.ref == 'refs/heads/master' \|\| github.ref == 'refs/heads/main'` | +| Name | Description | Default | +| ------------------ | ------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------ | +| `TOKEN` | The GitHub access token to allow us to retrieve, create and update issues (automatically set). | `github.token` | +| `denyWarnings` | Any warnings generated will be treated as an error and fail the action. | false | +| `file` | The path to the Cargo.lock file to inspect file. | | +| `ignore` | A comma separated list of Rustsec IDs to ignore. | | +| `createIssues` | Create/Update issues for each found vulnerability. By default only on `main` or `master` branch. | `github.ref == 'refs/heads/master' \|\| github.ref == 'refs/heads/main'` | +| `workingDirectory` | Run `cargo audit` from the given working directory | | ## License diff --git a/action.yml b/action.yml index e325f12..3cfe10c 100644 --- a/action.yml +++ b/action.yml @@ -15,7 +15,7 @@ inputs: required: false default: "false" file: - description: "Cargo lockfile to inspect" + description: "The path to the Cargo.lock file to inspect" required: false default: "" ignore: @@ -26,6 +26,10 @@ inputs: description: Create/Update issues for each found vulnerability. required: false default: "${{ github.ref == 'refs/heads/master' || github.ref == 'refs/heads/main' }}" + workingDirectory: + description: "Run `cargo audit` from the given working directory" + required: false + default: "" runs: using: composite @@ -59,5 +63,6 @@ runs: INPUT_FILE: ${{ inputs.file }} INPUT_IGNORE: ${{ inputs.ignore }} INPUT_TOKEN: ${{ inputs.TOKEN }} + INPUT_WORKING_DIRECTORY: ${{ inputs.workingDirectory }} PYTHONPATH: ${{ github.action_path }} REPO: ${{ github.repository }} diff --git a/audit.py b/audit.py index b214dfd..3e69e62 100644 --- a/audit.py +++ b/audit.py @@ -404,10 +404,15 @@ def run() -> None: extra_args.append("--file") extra_args.append(os.environ["INPUT_FILE"]) + working_directory = None + if os.environ["INPUT_WORKING_DIRECTORY"] != "": + working_directory = os.environ["INPUT_WORKING_DIRECTORY"] + audit_cmd = ["cargo", "audit", "--json"] + extra_args + ignore_args debug(f"Running command: {audit_cmd}") completed = subprocess.run( audit_cmd, + cwd=working_directory, capture_output=True, text=True, check=False,