fuzz: Omit lockfiles from version control (#1088)

Each fuzz directory has its own Cargo.lock file because these crates cannot be a part of the the top-level workspace while cargo-fuzz requies nightly features. But these lockfiles are frequently invalidated by non-fuzzing dependency changes and are slow and painful to regenerate. This change deletes these lockfiles from this repository and adds them to .gitignore. The trade-off is that fuzzers may run against more recent dependencies but, now that we're using dependabot, we don't expect much version skew here. We continue to validate that fuzzers build in CI; and fuzzer projects remain under dependabot control so the Cargo.toml files are updated as appropriate.
linkerd · Jun 17, 2021 · 514d057 · 514d057
1 parent e3d39f3
commit 514d057
Show file tree

Hide file tree

Showing 8 changed files with 1 addition and 7,507 deletions.
diff --git a/.github/workflows/advisory.yml b/.github/workflows/advisory.yml
@@ -42,8 +42,6 @@ jobs:
       - run: cargo install cargo-fuzz
       # Iterate through all fuzz crates to ensure each compiles independently.
       - run: cd linkerd/${{matrix.dir}}/fuzz && cargo +nightly fuzz build
-      # Error if the repo isn't clean (i.e. because lock files were modified).
-      - run: git status && git diff-index --quiet HEAD
 
   # It's easy to make changes that are innocuous in dev builds that end up ballooning resources
   # needed for release builds. This job builds the proxy in release-mode to ensure the build isn't

diff --git a/.gitignore b/.gitignore
@@ -2,3 +2,4 @@ target
 **/target
 **/corpus
 **/artifacts
+**/fuzz/Cargo.lock