Files
Pierre Warnier 04427511e1 docker: install cargo-deny as a pinned prebuilt binary (#175)
The dev images built cargo-deny from source via `cargo install cargo-deny`.
That compiled cargo-deny on every image build (multi-minute) and surfaced
cargo-deny's own `profile.dev.package.{insta,similar}` warnings, which look
like our config but are not.

Install the pinned (0.19.8), checksum-verified prebuilt binary instead. The
static musl build runs on glibc too, so all three images share one asset.
Result: no source compile, no spurious warnings, and a reproducible,
sha256-verified install (vs the previous unpinned `cargo install`). Each
build self-checks with `cargo-deny --version`.

Version/checksum are ARGs so they can be bumped (and tracked by Renovate).
2026-06-10 15:06:33 +02:00
..