Skip to content

feat: add CI check for HTTPS links in Cargo.toml #8386

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 11 commits into
base: unstable
Choose a base branch
from
Open

feat: add CI check for HTTPS links in Cargo.toml #8386

wants to merge 11 commits into from
+46 −0

Conversation

@CreeptoGengar
Copy link

@CreeptoGengar CreeptoGengar commented Nov 9, 2025

Issue Addressed

#8106

Proposed Changes

Added a CI check to detect insecure HTTP links in Cargo.toml files.

  • Created scripts/ci/check-https-links.sh to scan all Cargo.toml files for HTTP links
  • Integrated the check into the check-code job in CI workflow
  • Prevented insecure HTTP dependencies from being merged

Additional Info

_

@CreeptoGengar
Add script to check for HTTP links in Cargo.toml
2a2cd7c 
This script checks for insecure HTTP links in Cargo.toml files and ensures all git dependencies use HTTPS instead.
@CreeptoGengar
Add HTTPS link check in CI workflow
4f85185
@cla-assistant
Copy link

cla-assistant bot commented Nov 9, 2025
edited
Loading

CLA assistant check
All committers have signed the CLA.

@cla-assistant
Copy link

cla-assistant bot commented Nov 9, 2025

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

@chong-he
Copy link
Member

chong-he commented Nov 12, 2025

Thanks for the PR. Could you please rebase to the unstable branch?

@chong-he chong-he self-requested a review November 12, 2025 02:24
chong-he
chong-he reviewed Nov 12, 2025
View reviewed changes
Copy link
Member

@chong-he chong-he left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks pretty good to me, tested and it's working locally. Left some comments, and also need to rebase to unstable

scripts/ci/check-https-links.sh
@@ -0,0 +1,43 @@
#!/bin/bash

# Check for insecure HTTP links in Cargo.toml files
Copy link
Member

@chong-he chong-he Nov 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This file has permission issue when I tested locally. This is also caught in the CI: https://github.com/sigp/lighthouse/actions/runs/19207968175/job/55140383694?pr=8386

You need to make the file executable

.github/workflows/test-suite.yml Outdated
- name: Run cargo audit
run: make audit-CI
- name: Check for HTTPS links in Cargo.toml
run: ./scripts/ci/check-https-links.sh
Copy link
Member

@chong-he chong-he Nov 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can put this in Makefile, similar to other checks, for example, the mdlint check:

lighthouse/Makefile

Lines 238 to 241 in e3ee7fe

# Check for markdown files
mdlint:
./scripts/mdlint.sh

and then replace with make https-links here. This is easier if we want to run locally, though this may not be run locally frequently

@chong-he chong-he added the waiting-on-author The reviewer has suggested changes and awaits thier implementation. label Nov 12, 2025
@CreeptoGengar CreeptoGengar changed the base branch from stable to unstable November 12, 2025 19:16
chong-he
chong-he reviewed Nov 13, 2025
View reviewed changes
.github/workflows/test-suite.yml Outdated
run: make audit-CI
- name: Check for HTTPS links in Cargo.toml
run: |
chmod +x ./scripts/ci/check-https-links.sh
Copy link
Member

@chong-he chong-he Nov 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think we need to run chmod here
You can update the script file permission and push that file, that would be cleaner

chong-he
chong-he reviewed Nov 15, 2025
View reviewed changes
Copy link
Member

@chong-he chong-he left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The script file is still not executable
Screenshot from 2025-11-15 08-35-07

You need to chmod and then push the file

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chong-he chong-he chong-he left review comments

Assignees

No one assigned

Labels

infra-ci waiting-on-author The reviewer has suggested changes and awaits thier implementation.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@CreeptoGengar @chong-he