Skip to content

Testing (Overall): rust-audit Makefile target lacks isolated substantive tests #331

Description

@coderabbitai

Summary

Raised via: PR #323, requested by @leynos

New audit and rust-audit Makefile targets were introduced without dedicated, isolated tests. CI executes make audit but that does not constitute substantive unit-level test coverage for the implementation. The shell logic embedded in the rust-audit recipe — lockfile detection, audited-manifest counting, temp-file bookkeeping, and exit-code behaviour — is currently unverified by any automated test suite independent of a real Cargo workspace.


Explanation

The rust-audit target in the Makefile (lines 109–127) embeds non-trivial shell logic:

  • Traversal pruning of target/, node_modules/, and .venv/.
  • Per-manifest detection of an adjacent Cargo.lock.
  • Audited-manifest counting via a temp file.
  • Failure when zero lockfile-backed manifests are found.
  • Cleanup via trap … EXIT.

Running the target in CI against the real workspace verifies the happy path but does not cover:

  • A workspace where no Cargo.toml files exist.
  • A workspace where all Cargo.toml files lack an adjacent Cargo.lock (should exit 1).
  • A workspace with a mix of manifests with and without lockfiles (only the former should be audited).
  • Pruning behaviour (manifests under target/ must be skipped).
  • Correct temp-file cleanup on failure.

Resolution

Extract the audit traversal and counting logic into a Python helper script and add a pytest test suite that exercises the following scenarios against a real or mock filesystem:

  1. No Cargo.toml files found → exit 1 with an appropriate message.
  2. All manifests lack an adjacent Cargo.lock → exit 1 with an appropriate message.
  3. At least one manifest has an adjacent Cargo.lock → the audit command is invoked and the script exits 0 on success.
  4. Manifests under target/, node_modules/, and .venv/ are skipped.
  5. Temp file is removed after both successful and failed runs.

The Makefile target should delegate to the Python script so the logic is testable in isolation without requiring cargo audit to be installed (use a mock/stub for the audit invocation in tests).


References

Metadata

Metadata

Assignees

Labels

No labels
No labels

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions