From fbea75d31f4025825e9bf88b99d7c92e4eb79273 Mon Sep 17 00:00:00 2001 From: Emil Ernerfeldt Date: Thu, 16 Mar 2023 21:05:41 +0100 Subject: [PATCH] Add cargo-deny check to CI --- .github/workflows/ci.yml | 30 +++++++++++++++++++ deny.toml | 62 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 92 insertions(+) create mode 100644 deny.toml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 67b27507..d4ceca80 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -16,6 +16,36 @@ jobs: components: rustfmt - name: Check Formatting run: cargo +stable fmt --all -- --check + + cargo-deny: + name: cargo-deny + + # TODO: remove this matrix when https://github.com/EmbarkStudios/cargo-deny/issues/324 is resolved + strategy: + fail-fast: false + matrix: + platform: + - aarch64-apple-ios + - aarch64-linux-android + - i686-pc-windows-gnu + - i686-pc-windows-msvc + - i686-unknown-linux-gnu + - wasm32-unknown-unknown + - x86_64-apple-darwin + - x86_64-apple-ios + - x86_64-pc-windows-gnu + - x86_64-pc-windows-msvc + - x86_64-unknown-linux-gnu + - x86_64-unknown-redox + + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - uses: EmbarkStudios/cargo-deny-action@v1 + with: + command: check + log-level: error + arguments: --all-features --target ${{ matrix.platform }} tests: name: Tests diff --git a/deny.toml b/deny.toml new file mode 100644 index 00000000..f6b6b641 --- /dev/null +++ b/deny.toml @@ -0,0 +1,62 @@ +# https://embarkstudios.github.io/cargo-deny/ +# cargo install cargo-deny +# cargo update && cargo deny --all-features --log-level error --target aarch64-apple-ios check +# Note: running just `cargo deny check` without a `--target` will result in +# false positives due to https://github.com/EmbarkStudios/cargo-deny/issues/324 +targets = [ + { triple = "aarch64-apple-ios" }, + { triple = "aarch64-linux-android" }, + { triple = "i686-pc-windows-gnu" }, + { triple = "i686-pc-windows-msvc" }, + { triple = "i686-unknown-linux-gnu" }, + { triple = "wasm32-unknown-unknown" }, + { triple = "x86_64-apple-darwin" }, + { triple = "x86_64-apple-ios" }, + { triple = "x86_64-pc-windows-gnu" }, + { triple = "x86_64-pc-windows-msvc" }, + { triple = "x86_64-unknown-linux-gnu" }, + { triple = "x86_64-unknown-redox" }, +] + + +[advisories] +vulnerability = "deny" +unmaintained = "warn" +yanked = "deny" +ignore = [] + + +[bans] +multiple-versions = "deny" +wildcards = "allow" # at least until https://github.com/EmbarkStudios/cargo-deny/issues/241 is fixed +deny = [] +skip = [ + { name = "nix" }, # differing version - as of 2023-03-02 whis can be solved with `cargo update && cargo update -p calloop --precise 0.10.2` + { name = "redox_syscall" }, # https://gitlab.redox-os.org/redox-os/orbclient/-/issues/46 +] +skip-tree = [] + + +[licenses] +private = { ignore = true } +unlicensed = "deny" +allow-osi-fsf-free = "neither" +confidence-threshold = 0.92 # We want really high confidence when inferring licenses from text +copyleft = "deny" +allow = [ + "Apache-2.0 WITH LLVM-exception", # https://spdx.org/licenses/LLVM-exception.html + "Apache-2.0", # https://tldrlegal.com/license/apache-license-2.0-(apache-2.0) + "BSD-2-Clause", # https://tldrlegal.com/license/bsd-2-clause-license-(freebsd) + "BSD-3-Clause", # https://tldrlegal.com/license/bsd-3-clause-license-(revised) + "BSL-1.0", # https://tldrlegal.com/license/boost-software-license-1.0-explained + "CC0-1.0", # https://creativecommons.org/publicdomain/zero/1.0/ + "ISC", # https://tldrlegal.com/license/-isc-license + "LicenseRef-UFL-1.0", # https://tldrlegal.com/license/ubuntu-font-license,-1.0 - no official SPDX, see https://github.com/emilk/egui/issues/2321 + "MIT-0", # https://choosealicense.com/licenses/mit-0/ + "MIT", # https://tldrlegal.com/license/mit-license + "MPL-2.0", # https://www.mozilla.org/en-US/MPL/2.0/FAQ/ - see Q11. Used by webpki-roots on Linux. + "OFL-1.1", # https://spdx.org/licenses/OFL-1.1.html + "OpenSSL", # https://www.openssl.org/source/license.html - used on Linux + "Unicode-DFS-2016", # https://spdx.org/licenses/Unicode-DFS-2016.html + "Zlib", # https://tldrlegal.com/license/zlib-libpng-license-(zlib) +]