Skip to content

Fix duplicate rustsec issue creation#652

Open
jamillambert wants to merge 1 commit into
rust-bitcoin:masterfrom
jamillambert:0630-duplicate-rustsec-issues
Open

Fix duplicate rustsec issue creation#652
jamillambert wants to merge 1 commit into
rust-bitcoin:masterfrom
jamillambert:0630-duplicate-rustsec-issues

Conversation

@jamillambert

Copy link
Copy Markdown
Collaborator

When the audit runs on all 3 lockfiles at the same time a problem in multiple lockfiles can result in multiple issues being created for the same RustSec ID.

Run the jobs one at a time so that issues created are seen by the next jobs and no duplicate issue is created.

@jamillambert jamillambert requested a review from tcharding as a code owner June 30, 2026 13:24

@satsfy satsfy left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

tACK e5889c8

I tested by running on my fork. It indeed ran jobs in sequence, which were previously run in parallel. The most important part, about issue duplication, can be attested to here in this CI log run because the log catches issue duplication emitting log Seems like RUSTSEC-2026-0190 is mentioned already in the issues/PRs, will not report an issue against it. Two issues were properly created (not duplicates) and no more.

I have just one optional nit.

Comment thread .github/workflows/audit.yml Outdated
fail-fast: false
# rustsec/audit-check skips advisories that are already mentioned in an
# open issue, but when jobs run concurrently duplicate issues are created.
# Run one at a time so that issues created are seen by the next jobs.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: seems verbose, why not "Run one at a time, otherwise parallel jobs create the same advisory issue twice."?

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah that is better. I changed it.

When the audit runs on all 3 lockfiles at the same time a problem in
multiple lockfiles can result in multiple issues being created for the
same RustSec ID.

Run the jobs one at a time so that issues created are seen by the next
jobs and no duplicate issue is created.
@jamillambert jamillambert force-pushed the 0630-duplicate-rustsec-issues branch from e5889c8 to 2fecab1 Compare July 2, 2026 14:21

@satsfy satsfy left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

reACK 2fecab1

No functional changes and reads cleaner, thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants