ci: Make sure cargo-audit up-to-date

nervosnetwork · Oct 9, 2019 · 014fe92 · 014fe92
1 parent 1633a16
commit 014fe92
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 2 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -80,6 +80,11 @@ matrix:
         - make check-cargotoml
         - make check-whitespaces
         - make check-dirty-rpc-doc
+    - name: Security Audit
+      if: 'tag IS NOT present AND (type = pull_request OR branch in (master, staging, trying) OR repo != nervosnetwork/ckb)'
+      os: linux
+      rust: nightly
+      script: make security-audit
 
     - name: Test benchmarks on Linux
       env: CACHE_NAME=bench

diff --git a/Makefile b/Makefile
@@ -107,8 +107,8 @@ clippy: setup-ckb-test ## Run linter to examine Rust source codes.
 
 .PHONY: security-audit
 security-audit: ## Use cargo-audit to audit Cargo.lock for crates with security vulnerabilities.
-	@cargo audit --version || cargo install cargo-audit
-	@cargo audit
+	@cargo +nightly install cargo-audit -Z install-upgrade
+	cargo audit
 	# expecting to see "Success No vulnerable packages found"
 
 .PHONY: bench-test