cargo-machete searches .git directory and may find bad toml files

[ShaddyDC]

I've got a project that uses renovate to among others update the Cargo.toml files. Because there are multiple such files it updates, the specific branch may be called eg renovate/lock-file-maintenance-dummy-worker/Cargo.toml, which is admittedly a bit of a mouthful, but that's not the point here.
That means that in my local project, that ref is known:

› cat ./.git/refs/remotes/origin/renovate/lock-file-maintenance-dummy-worker/Cargo.toml
7d3d48ce524a4e7e3ca0c6ac47b93c1c0411d821

When I now run machete, it tries to search that file, having the expected file name:

› cargo machete
Analyzing dependencies of crates in this directory...
error when handling ./.git/refs/remotes/origin/renovate/lock-file-maintenance-dummy-worker/Cargo.toml: TOML parse error at line 1, column 41
  |
1 | 7d3d48ce524a4e7e3ca0c6ac47b93c1c0411d821
  |                                         ^
expected `.`, `=`

cargo-machete found the following unused dependencies in .:
job-manager -- ./Cargo.toml:
	amqprs
	async-trait
script-runner -- ./script-runner/Cargo.toml:
	amqprs
	async-trait
	futures-util
dummy-worker -- ./dummy-worker/Cargo.toml:
	amqprs
	async-trait
	serde_json

If you believe cargo-machete has detected an unused dependency incorrectly,
you can add the dependency to the list of dependencies to ignore in the
`[package.metadata.cargo-machete]` section of the appropriate Cargo.toml.
For example:

[package.metadata.cargo-machete]
ignored = ["prost"]

You can also try running it with the `--with-metadata` flag for better accuracy,
though this may modify your Cargo.lock files.

Done!

The other warnings look correct to me, and this isn't a huge issue insofar as the exit code is still 0.
It's still kind of annoying.

There are some possible approaches to solving this:

1. Manually ignore .git or a similar ignore system
2. Only analyse files that are tracked with git or that show up in git status
3. Ignore this as a rare problem and sign that people shouldn't put file names into their git branches, which is kind of fair enough

[bnjbvr]

Thanks for opening an issue. If you run cargo-machete --ignore, does it skip the .git directory by default?

[ShaddyDC]

It doesn't seem like there is an --ignore option?

› cargo-machete --ignore
Unrecognized argument: --ignore

Run cargo-machete --help for more information.
› cargo-machete --help
Usage: cargo-machete [--with-metadata] [--skip-target-dir] [--fix] [--version] [paths...]

cargo-machete: Helps find unused dependencies in a fast yet imprecise way.

Exit code:
    0:  when no unused dependencies are found
    1:  when at least one unused (non-ignored) dependency is found
    2:  on error

Options:
  --with-metadata   uses cargo-metadata to figure out the dependencies' names.
                    May be useful if some dependencies are renamed from their
                    own Cargo.toml file (e.g. xml-rs which gets renamed xml).
                    Try it if you get false positives!
  --skip-target-dir don't analyze anything contained in any target/ directories
                    encountered.
  --fix             rewrite the Cargo.toml files to automatically remove unused
                    dependencies. Note: all dependencies flagged by
                    cargo-machete will be removed, including false positives.
  --version         print version.
  --help            display usage information

I'm using the latest version as packaged in nixpkgs, and it doesn't look like there's a newer release here, is there?

› cargo machete --version
0.6.2

The flag --skip-target-dir doesn't skip the .git directory, fwiw.

[bnjbvr]

Ah indeed, --ignore has been implemented just after 0.6.2 has been published. Maybe time for another release…

[ShaddyDC]

Ah, indeed! I tried with git main and the problem does not occur with that flag, thank you!

[jplatte]

I think this should be the default. I just ran into this with some Cargo.tomls from target/package and target/semver-checks. It's rather unexpected that cargo-machete looks at these.

[bnjbvr]

Right, I'll make it the default and add an escape hatch for users who don't want that. Thanks for your feedback!