fix: recommend install CLIs using --locked flag (#797)

* fix: recommend install CLIs using `--locked` flag

* Update .github/workflows/templates-test.yml

* Update .github/workflows/templates-test.yml

* Update .github/workflows/audit.yml

Author: amrbashir

.changes/locked-flag.md

@@ -0,0 +1,7 @@
+---
+"create-tauri-app": "patch"
+"create-tauri-app-js": "patch"
+---
+
+Suggest using `--locked` flag when installing CLIs using `cargo install`
+

.github/workflows/audit.yml

@@ -27,14 +27,15 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
+
 jobs:
   audit-rust:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
-      - uses: dtolnay/rust-toolchain@stable
-      - run: cargo install cargo-audit
-      - run: cargo audit
+      - uses: actions/checkout@v4
+      - uses: rustsec/audit-check@v2
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
 
   audit-js:
     runs-on: ubuntu-latest

.github/workflows/templates-test.yml

@@ -96,19 +96,19 @@ jobs:
 
       - uses: dtolnay/rust-toolchain@stable
 
-      - run: cargo install tauri-cli
+      - run: cargo install tauri-cli --locked
         if: (matrix.settings.manager == 'cargo' || matrix.settings.manager == 'dotnet') && matrix.settings.rc != true
 
-      - run: cargo install tauri-cli --version '^2.0.0-rc'
+      - run: cargo install tauri-cli --version '^2.0.0-rc' --locked
         if: (matrix.settings.manager == 'cargo' || matrix.settings.manager == 'dotnet') && matrix.settings.rc == true
 
       - run: |
           rustup target add wasm32-unknown-unknown
-          cargo install --locked trunk
+          cargo install trunk --locked
         if: matrix.settings.install_trunk
       - run: |
           rustup target add wasm32-unknown-unknown
-          cargo install --locked dioxus-cli
+          cargo install dioxus-cli --locked
         if: matrix.settings.install_dioxus_cli
 
       - name: install system dependencies

README.md

@@ -32,7 +32,7 @@ irm https://create.tauri.app/ps | iex
 ## Cargo:
 
 ```bash
-cargo install create-tauri-app
+cargo install create-tauri-app --locked
 cargo create-tauri-app
 ```
 

src/deps.rs

@@ -207,22 +207,22 @@ pub fn print_missing_deps(pkg_manager: PackageManager, template: Template, rc: b
         Dep {
             name: "Tauri CLI",
             instruction: if rc {
-                format!("Run `{BLUE}{BOLD}cargo install tauri-cli --version '^2.0.0-rc'{RESET}`")
+                format!("Run `{BLUE}{BOLD}cargo install tauri-cli --version '^2.0.0-rc' --locked{RESET}`")
             } else {
-                format!("Run `{BLUE}{BOLD}cargo install tauri-cli{RESET}`")
+                format!("Run `{BLUE}{BOLD}cargo install tauri-cli{RESET} --locked`")
             },
             exists: &|| is_appropriate_tauri_cli_installed(rc),
             skip: pkg_manager.is_node() || !template.needs_tauri_cli(),
         },
         Dep {
             name: "Trunk",
-            instruction: format!("Run `{BLUE}{BOLD}cargo install trunk{RESET}`"),
+            instruction: format!("Run `{BLUE}{BOLD}cargo install trunk --locked{RESET}`"),
             exists: &is_trunk_installed,
             skip: pkg_manager.is_node() || !template.needs_trunk(),
         },
         Dep {
             name: "Dioxus CLI",
-            instruction: format!("Run `{BLUE}{BOLD}cargo install dioxus-cli{RESET}`"),
+            instruction: format!("Run `{BLUE}{BOLD}cargo install dioxus-cli --locked{RESET}`"),
             exists: &is_dioxus_cli_installed,
             skip: pkg_manager.is_node() || !template.needs_dioxus_cli(),
         },