Skip to content

Commit

Permalink
chore: check dependencies with cargo-deny
Browse files Browse the repository at this point in the history
  • Loading branch information
mlegner committed Sep 26, 2023
1 parent 56ed726 commit 58fc8fa
Show file tree
Hide file tree
Showing 5 changed files with 108 additions and 1 deletion.
24 changes: 23 additions & 1 deletion .github/workflows/rust.yml
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,27 @@ jobs:
- 'rust-toolchain'
- '.github/workflows/rust.yml'
dependencies:
name: Check dependencies
needs: diff
if: ${{ needs.diff.outputs.isRust == 'true' }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: EmbarkStudios/cargo-deny-action@v1
with:
# do not check advisories to prevent sudden failure due to new announcement
command: check bans licenses sources

dependencies-schedule:
name: Check dependencies (including vulnerabilities)
needs: diff
if: ${{ github.event_name == 'schedule' }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: EmbarkStudios/cargo-deny-action@v1

test:
name: Test Rust code and report coverage
needs: diff
Expand Down Expand Up @@ -152,6 +173,7 @@ jobs:
if: always()
needs:
- diff
- dependencies
- test
- lint
- build
Expand All @@ -160,5 +182,5 @@ jobs:
- name: Decide whether all needed jobs succeeded
uses: re-actors/alls-green@release/v1
with:
allowed-skips: test, lint, build
allowed-skips: ${{ toJSON(needs) }}
jobs: ${{ toJSON(needs) }}
7 changes: 7 additions & 0 deletions .pre-commit-config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -47,3 +47,10 @@ repos:
language: system
types: [rust]
pass_filenames: false
- id: deny
name: cargo-deny
entry: cargo deny
args: ["--all-features", "check"]
language: system
types: [rust]
pass_filenames: false
1 change: 1 addition & 0 deletions CONTRIBUTING.md
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ We have CI jobs running for every PR to test and lint the repository. You can in
that these check pass even *before pushing your changes* to GitHub. To use this, the following steps are required:

1. Install [Rust](https://www.rust-lang.org/tools/install).
1. Install [cargo-deny](https://embarkstudios.github.io/cargo-deny/cli/index.html).
1. [Install pre-commit](https://pre-commit.com/#install) using `pip` or your OS's package manager.
1. Run `pre-commit install` in the repository.

Expand Down
1 change: 1 addition & 0 deletions crates/scion/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
name = "scion"
version = "0.1.0"
edition = "2021"
publish = false
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html

[dependencies]
Expand Down
76 changes: 76 additions & 0 deletions deny.toml
Original file line number Diff line number Diff line change
@@ -0,0 +1,76 @@
# This section is considered when running `cargo deny check advisories`
# More documentation for the advisories section can be found here:
# https://embarkstudios.github.io/cargo-deny/checks/advisories/cfg.html
[advisories]
vulnerability = "deny"
unmaintained = "deny"
notice = "deny"
unsound = "deny"

# This section is considered when running `cargo deny check licenses`
# More documentation for the licenses section can be found here:
# https://embarkstudios.github.io/cargo-deny/checks/licenses/cfg.html
[licenses]
# The lint level for crates which do not have a detectable license
unlicensed = "deny"
# List of explicitly allowed licenses
# See https://spdx.org/licenses/ for list of possible licenses
# [possible values: any SPDX 3.11 short identifier (+ optional exception)].
allow = [
"MIT",
"Apache-2.0",
]
# Lint level for licenses considered copyleft
copyleft = "deny"
# Blanket approval or denial for OSI-approved or FSF Free/Libre licenses
allow-osi-fsf-free = "neither"
# Lint level used when no other predicates are matched
# 1. License isn't in the allow or deny lists
# 2. License isn't copyleft
# 3. License isn't OSI/FSF, or allow-osi-fsf-free = "neither"
default = "deny"
# The confidence threshold for detecting a license from license text.
# The higher the value, the more closely the license text must be to the
# canonical license text of a valid SPDX license file.
# [possible values: any between 0.0 and 1.0].
confidence-threshold = 0.9
# Allow 1 or more licenses on a per-crate basis, so that particular licenses
# aren't accepted for every possible crate as with the normal allow list
exceptions = [
{ allow = [
"Unicode-DFS-2016",
], name = "unicode-ident" },
]

[licenses.private]
# If true, ignores workspace crates that aren't published, or are only
# published to private registries.
# To see how to mark a crate as unpublished (to the official registry),
# visit https://doc.rust-lang.org/cargo/reference/manifest.html#the-publish-field.
ignore = true

# This section is considered when running `cargo deny check bans`.
# More documentation about the 'bans' section can be found here:
# https://embarkstudios.github.io/cargo-deny/checks/bans/cfg.html
[bans]
# Lint level for when multiple versions of the same crate are detected
multiple-versions = "deny"

# This section is considered when running `cargo deny check sources`.
# More documentation about the 'sources' section can be found here:
# https://embarkstudios.github.io/cargo-deny/checks/sources/cfg.html
[sources]
# Lint level for what to happen when a crate from a crate registry that is not
# in the allow list is encountered
unknown-registry = "deny"
# Lint level for what to happen when a crate from a git repository that is not
# in the allow list is encountered
unknown-git = "deny"

[sources.allow-org]
# 1 or more github.com organizations to allow git sources for
github = [
# "MystenLabs",
# "sui",
# "scionproto"
]

0 comments on commit 58fc8fa

Please sign in to comment.