From 352bc23beec978a87608eb5da207ae942628f970 Mon Sep 17 00:00:00 2001
From: Stefano Garzarella <sgarzare@redhat.com>
Date: Fri, 20 Oct 2023 09:42:02 +0200
Subject: [PATCH] Generate Cargo.lock before call `cargo audit`

Starting from v0.18.0, cargo-audit hangs indefinitely if Cargo.lock
does not exist. We discovered this while upgrading the container
from v26 to v28 [1], which among other things updated cargo-audit.

For the binary crates this should not be a problem, since they have
Cargo.lock committed, but for many libraries this may not be true.

If Cargo.lock is not there, we are generating one with the latest
available versions, which may not be very significant. For this and
other reasons it's now suggested that libraries also have a
Cargo.lock [2] committed (thanks Manos for pointing this out).

Note: `cargo generate-lockfile` updates Cargo.lock if it's already
there, but we don't want it, that's why we have the guard.

[1] https://github.com/rust-vmm/rust-vmm-ci/pull/138
[2] https://doc.rust-lang.org/nightly/cargo/faq.html#why-have-cargolock-in-version-control

Suggested-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org>
Suggested-by: Patrick Roy <roypat@amazon.co.uk>
Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
---
 .buildkite/test_description.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.buildkite/test_description.json b/.buildkite/test_description.json
index 4f9e4fb..d3c6e1c 100644
--- a/.buildkite/test_description.json
+++ b/.buildkite/test_description.json
@@ -71,7 +71,7 @@
     },
     {
       "test_name": "cargo-audit",
-      "command": "cargo audit -q --deny warnings",
+      "command": "[ -e Cargo.lock ] || cargo generate-lockfile; cargo audit -q --deny warnings",
       "platform": [
         "x86_64"
       ]