From 44d76afa7c46a9c62c8ff3fec04b5d7b25ab653f Mon Sep 17 00:00:00 2001
From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Wed, 12 Apr 2023 10:55:16 +0100
Subject: [PATCH] Run cargo audit last and in its own job

Recently we had some minor awkwardness due a new advisory.
This may help in future.
---
 .gitlab-ci.yml | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 298c2ab7a..34ed44d33 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -64,18 +64,31 @@ rust-checks:
   script:
     - rustup show
     - rustup component add rustfmt
-    - ./maint/via-cargo-install-in-ci cargo-audit cargo-sort cargo-license
+    - ./maint/via-cargo-install-in-ci cargo-sort cargo-license
     - cargo fmt -- --check
     - ./maint/check_licenses
-    - ./maint/cargo_audit
     - ./maint/cargo_sort
     - ./maint/check_tree
   cache:
     paths:
-      - cargo-audit
       - cargo-sort
       - cargo-license
 
+cargo-audit:
+  # This can start to fail even when our code doesn't change.
+  # Usually the new advisory is not a huge concern.
+  # Run it last, separately, so if we think we may want to merge anyway,
+  # all the other tests will have been run.
+  stage: test
+  image: rust:latest
+  script:
+    - rustup show
+    - ./maint/via-cargo-install-in-ci cargo-audit
+    - ./maint/cargo_audit
+  cache:
+    paths:
+      - cargo-audit
+
 rust-latest:
   stage: build
   image: rust:latest