Add CI policy checks and 1Password env rendering#156
Conversation
chipp
commented
May 16, 2026
chipp
commented
- Add clippy and cargo-deny jobs to PR workflow
- Add deny.toml, MIT licenses for workspace crates, and jsonwebtoken update
- Fix existing clippy warnings so the new CI check passes
- Render Pi env files with op inject templates
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces a deny.toml configuration for cargo-deny and adds MIT license fields to all workspace crates. It includes various refactorings to improve code quality and address Clippy lints, such as boxing large error variants, simplifying iterator chains, and removing unnecessary references or explicit lifetimes. Additionally, the render_pi_env.sh script was refactored to use op inject for secret management. I have no feedback to provide.
chipp
force-pushed
the
deps-2026-05-16
branch
7 times, most recently
from
1050066 to
5e1fbda
Compare
- Add clippy and cargo-deny jobs to PR workflow - Add deny.toml, MIT licenses for workspace crates, and jsonwebtoken update - Fix existing clippy warnings so the new CI check passes - Render Pi env files with op inject templates Pinned gh actions by shas
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request updates the Rust toolchain to version 1.95.0, bumps several dependencies (including jsonwebtoken and rand), and adds a deny.toml configuration for license and advisory checks. Significant changes include the integration of openssl-probe in the transport library to improve SSL certificate discovery for MQTT connections and various refactorings to address Clippy lints and improve code safety. Feedback highlights a potential panic in lib/transport/src/lib.rs due to an unchecked unwrap() and suggests making the op_account in scripts/render_pi_env.sh configurable via environment variables.
| }; | ||
|
|
||
| let response = client.connect(conn_opts).await?; | ||
| let response = response.connect_response().unwrap(); |
There was a problem hiding this comment.
Using unwrap() on connect_response() is risky. While a successful connection is expected to return a response, it's safer to handle the None case gracefully to avoid a potential panic, especially in a library function that might be used in different contexts.
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
1 participant
