Skip to content

Pin cargo-about through mise for license report#224

Merged
romainbrenguier merged 1 commit into
masterfrom
romain/fix-CI
Apr 27, 2026
Merged

Pin cargo-about through mise for license report#224
romainbrenguier merged 1 commit into
masterfrom
romain/fix-CI

Conversation

@romainbrenguier

@romainbrenguier romainbrenguier commented Apr 24, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Summary

Pin cargo-about in mise.toml so the jobs already using mise-action provide the tool needed by the Rust license report task.

Verification

  • Confirmed the failing jobs already run jdx/mise-action

Part of SKUNK-1662

@romainbrenguier romainbrenguier requested a review from a team as a code owner April 24, 2026 15:20
@sonar-review-alpha

sonar-review-alpha Bot commented Apr 24, 2026
edited
Loading

Copy link
Copy Markdown

Summary

What changed: Moved cargo-about tool management from manual CI installation to version-pinned dependency in mise.toml. The tool is no longer installed upfront in GitHub Actions workflows; instead, it's managed via mise (a version manager) with version 0.8.4 pinned. Updated documentation to reflect the new workflow where developers run mise install and the Gradle build task self-bootstraps the tool if needed.

Why: Makes the Rust license report generation self-contained and reproducible by eliminating the need for manual installation steps in CI and ensuring consistent tool versions across environments.

What reviewers should know

Key points for review:

  • The Gradle task :analyzer:generateRustLicenseReport must be capable of bootstrapping cargo-about if it's missing (the logic is not visible in this diff). Verify it handles tool installation or detection gracefully.
  • CI now relies on mise to provide cargo-about. Ensure developers have mise set up locally and that CI runners have it available.
  • The version pinning (0.8.4) in mise.toml is the source of truth; check that this version is compatible with the project's Rust setup.
  • README update clearly communicates the new prerequisite—reviewers should verify no other docs still reference the old cargo install approach.

Start reading: Look at the Gradle build logic in the analyzer module if you want to understand how the self-bootstrap mechanism works (not included in this diff).

  • Generate Walkthrough
  • Generate Diagram

🗣️ Give feedback

ghislainpiot
ghislainpiot reviewed Apr 24, 2026
View reviewed changes
Comment thread buildSrc/src/main/kotlin/rust-license-file-generator.gradle.kts
sonar-review-alpha[bot]

This comment was marked as resolved.

Sign in to view

sonar-review-alpha[bot]

This comment was marked as outdated.

Sign in to view

@romainbrenguier romainbrenguier changed the title Fix cargo-about bootstrap for Rust license report Pin cargo-about through mise for license report Apr 24, 2026
sonar-review-alpha[bot]
sonar-review-alpha Bot reviewed Apr 24, 2026
View reviewed changes

@sonar-review-alpha sonar-review-alpha Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! ✅

🗣️ Give feedback

@sonarqube-next

sonarqube-next Bot commented Apr 24, 2026

Copy link
Copy Markdown

Quality Gate passed Quality Gate passed for 'sonar-rust'

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
0 Dependency risks
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarQube

@romainbrenguier romainbrenguier enabled auto-merge (squash) April 27, 2026 08:20
@romainbrenguier romainbrenguier merged commit 6c0c76d into master Apr 27, 2026
15 checks passed
@romainbrenguier romainbrenguier deleted the romain/fix-CI branch April 27, 2026 08:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ghislainpiot ghislainpiot ghislainpiot left review comments

@saberduck saberduck saberduck approved these changes

@sebastien-marichal sebastien-marichal Awaiting requested review from sebastien-marichal

+1 more reviewer

@sonar-review-alpha sonar-review-alpha[bot] sonar-review-alpha[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@romainbrenguier @saberduck @ghislainpiot