Add insecure-dep test task to Makefile and CI (#8464)

uvizhe · dapplion · web-flow · commit a1176e77be54 · 2026-02-10T08:13:25.000Z
#8106 I added `insecure-deps` target to Makefile and a new step into `check-code` section of test-suite CI workflow that uses the former. That bash multiliner is not ideal, I'd prefer a cargo plugin instead but none exists. I also changed Cargo.toml to test that the new CI check works. Once we see a pipeline fails, I revert the change. Co-Authored-By: Alexander Uvizhev <uvizhe@gmail.com> Co-Authored-By: chonghe <44791194+chong-he@users.noreply.github.com> Co-Authored-By: dapplion <35266934+dapplion@users.noreply.github.com>
diff --git a/.github/workflows/test-suite.yml b/.github/workflows/test-suite.yml
@@ -319,6 +319,8 @@ jobs:
           bins: cargo-audit,cargo-deny
     - name: Check formatting with cargo fmt
       run: make cargo-fmt
+    - name: Check dependencies for unencrypted HTTP links
+      run: make insecure-deps
     - name: Lint code for quality and style with Clippy
       run: make lint-full
     - name: Certify Cargo.lock freshness
diff --git a/Makefile b/Makefile
@@ -343,6 +343,12 @@ vendor:
 udeps:
 	cargo +$(PINNED_NIGHTLY) udeps --tests --all-targets --release --features "$(TEST_FEATURES)"
 
+# Checks Cargo.toml files for unencrypted HTTP links
+insecure-deps:
+	@ BAD_LINKS=$$(find . -name Cargo.toml | xargs grep -n "http://" || true); \
+	if [ -z "$$BAD_LINKS" ]; then echo "No insecure HTTP links found"; \
+	else echo "$$BAD_LINKS"; echo "Using plain HTTP in Cargo.toml files is forbidden"; exit 1; fi
+
 # Performs a `cargo` clean and cleans the `ef_tests` directory.
 clean:
 	cargo clean
