refactor(rust-crates-advisory): move report generation into script r/3816

This script is somewhat usable by humans (it even has a help screen!)
and can be reused in //users/sterni/nixpkgs-crate-holes. We are using
bash since that allows us to exit with the actual exit code of
cargo-audit - something that's not possible in execline.

Change-Id: I3331ae8222a20e23b8e30dc920ab48af78f0247c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5228
Tested-by: BuildkiteCI
Reviewed-by: Profpatsch <mail@profpatsch.de>

1 files changed, 15 insertions, 28 deletions

diff --git a/users/sterni/nixpkgs-crate-holes/default.nix b/users/sterni/nixpkgs-crate-holes/default.nix
index 4dff82d6aa78..c24200ff10f9 100644
--- a/users/sterni/nixpkgs-crate-holes/default.nix
+++ b/users/sterni/nixpkgs-crate-holes/default.nix
@@ -126,37 +126,24 @@ let
     then pkgs.emptyFile
     else
       depot.nix.runExecline "${strAttr}-vulnerability-report" { } [
-        "pipeline"
+        "foreground"
         [
-          bins.cargo-audit
-          "audit"
-          "--json"
-          "-n"
-          "--db"
-          rustsec-advisory-db
-          "-f"
+          "importas"
+          "out"
+          "out"
+          "redirfd"
+          "-w"
+          "1"
+          "$out"
+          depot.tools.rust-crates-advisory.lock-file-report
+          strAttr
           lock
+          "true"
+          strMaintainers
         ]
-        "importas"
-        "out"
-        "out"
-        "redirfd"
-        "-w"
-        "1"
-        "$out"
-        bins.jq
-        "-rj"
-        "-f"
-        ../../../tools/rust-crates-advisory/format-audit-result.jq
-        "--arg"
-        "attr"
-        strAttr
-        "--arg"
-        "maintainers"
-        strMaintainers
-        "--argjson"
-        "checklist"
-        "true"
+        # ignore exit status of report
+        "exit"
+        "0"
       ];
 
   # GHMF in issues splits paragraphs on newlines