Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add missing --locked to Cargo commands #66

Merged
merged 1 commit into from
Mar 18, 2025
Merged

Add missing --locked to Cargo commands #66

merged 1 commit into from
Mar 18, 2025
+20 −21

Conversation

edmorley
Copy link
Member

The Cargo --locked argument ensures that Cargo will fail with an error if Cargo.lock is out of sync with Cargo.toml, rather than the lockfile being silently updated.

As such, in CI we should always be using --locked for projects that have committed their lockfile to Git (which should be the case for most projects other than those that are libraries).

After seeing that cnb-otel-collector didn't use --locked in all cases, I audited all of our Rust repos and found others missing --locked too.

GUS-W-18062544.

@edmorley
Add missing --locked to Cargo commands

Verified

This commit was signed with the committer’s verified signature.
edmorley Ed Morley
GPG key ID: 66656A8EC41D1569
Verified
Learn about vigilant mode
Loading
Loading status checks…
9628991 
The Cargo `--locked` argument ensures that Cargo will fail with
an error if `Cargo.lock` is out of sync with `Cargo.toml`, rather
than the lockfile being silently updated.

As such, in CI we should always be using `--locked` for projects
that have committed their lockfile to Git (which should be the
case for most projects other than those that are libraries).

After seeing that `cnb-otel-collector` didn't use `--locked` in
all cases, I audited all of our Rust repos and found others
missing `--locked` too.

GUS-W-18062544.
@edmorley edmorley self-assigned this Mar 18, 2025
@edmorley edmorley requested a review from a team as a code owner March 18, 2025 11:43
@edmorley edmorley enabled auto-merge (squash) March 18, 2025 11:43
@edmorley edmorley merged commit 6cb404c into main Mar 18, 2025
26 checks passed
@edmorley edmorley deleted the edmorley/cargo-locked branch March 18, 2025 12:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Malax Malax

Assignees

@edmorley edmorley

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@edmorley @Malax