chore: check-in Cargo.lock

mxinden · mxinden · commit eaf63aaf9406 · 2024-11-29T16:51:10.000+01:00
See same change in Neqo mozilla/neqo#2208.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -7,6 +7,9 @@ updates:
     directory: "/"
     schedule:
       interval: "weekly"
+    # Disable all non-security updates.
+    # <https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#open-pull-requests-limit>
+    open-pull-requests-limit: 0
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml
@@ -337,3 +337,19 @@ jobs:
           verbose: true
         env:
           CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
+
+  check-cargo-lock:
+    name: Ensure `Cargo.lock` contains all required dependencies
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          repository: mozilla/neqo
+          sparse-checkout: |
+            .github/actions/rust
+          path: neqo
+      - uses: ./neqo/.github/actions/rust
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+      - run: cargo update -w --locked
diff --git a/.gitignore b/.gitignore
@@ -3,4 +3,3 @@
 /.vscode/
 /lcov.info
 /target/
-Cargo.lock
diff --git a/Cargo.lock b/Cargo.lock
