tuwunel/docker/Dockerfile.cargo.audit

# syntax = docker/dockerfile:1.11-labs

FROM input AS audit
ARG rust_toolchain="nightly"
ARG RUSTUP_HOME
ARG CARGO_HOME
ARG audit_args=""

WORKDIR /
COPY --link --from=input . .

WORKDIR /usr/src/tuwunel
RUN \
--mount=type=cache,dst=${RUSTUP_HOME}/downloads,sharing=shared \
--mount=type=cache,dst=${CARGO_HOME}/registry,sharing=shared \
--mount=type=cache,dst=${CARGO_HOME}/git,sharing=shared \
<<EOF
    set -eux
    rustup run ${rust_toolchain} \
        cargo audit \
            --stale \
            --deny yanked \
            --deny unsound \
            --deny unmaintained \
            --deny warnings \
            --color=always \
            ${audit_args}
EOF