refactor(rust-crates-advisory): move report generation into script

This script is somewhat usable by humans (it even has a help screen!) and can be reused in //users/sterni/nixpkgs-crate-holes. We are using bash since that allows us to exit with the actual exit code of cargo-audit - something that's not possible in execline. Change-Id: I3331ae8222a20e23b8e30dc920ab48af78f0247c Reviewed-on: https://cl.tvl.fyi/c/depot/+/5228 Tested-by: BuildkiteCI Reviewed-by: Profpatsch <mail@profpatsch.de>
2022-02-04 17:28:09 +01:00 · 2022-02-04 17:28:09 +01:00 · de62043a74
commit de62043a74
parent 813e0c0747
2 changed files with 43 additions and 50 deletions
--- a/users/sterni/nixpkgs-crate-holes/default.nix
+++ b/users/sterni/nixpkgs-crate-holes/default.nix
@ -126,37 +126,24 @@ let
    then pkgs.emptyFile
    else
      depot.nix.runExecline "${strAttr}-vulnerability-report" { } [
-        "pipeline"
+        "foreground"
        [
-          bins.cargo-audit
-          "audit"
-          "--json"
-          "-n"
-          "--db"
-          rustsec-advisory-db
-          "-f"
+          "importas"
+          "out"
+          "out"
+          "redirfd"
+          "-w"
+          "1"
+          "$out"
+          depot.tools.rust-crates-advisory.lock-file-report
+          strAttr
          lock
+          "true"
+          strMaintainers
        ]
-        "importas"
-        "out"
-        "out"
-        "redirfd"
-        "-w"
-        "1"
-        "$out"
-        bins.jq
-        "-rj"
-        "-f"
-        ../../../tools/rust-crates-advisory/format-audit-result.jq
-        "--arg"
-        "attr"
-        strAttr
-        "--arg"
-        "maintainers"
-        strMaintainers
-        "--argjson"
-        "checklist"
-        "true"
+        # ignore exit status of report
+        "exit"
+        "0"
      ];

  # GHMF in issues splits paragraphs on newlines