ci: add dependency and license checks (#170)

* ci: add dependency and license checks * chore: modify list of compliance licenses (#172) * fix: ignore dependencies with a reason to pass the deny checks (#174) * fix: ignore dependencies with a reason to pass the deny checks * refactor: remove useless comments * fix: only show warn for unmantained libs --------- Co-authored-by: Alex Bean <[email protected]>
r0gue-io · May 15, 2024 · 48eec26 · 48eec26
1 parent 9a54f46
commit 48eec26
Show file tree

Hide file tree

Showing 2 changed files with 45 additions and 0 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -38,6 +38,13 @@ jobs:
       - name: Build default features
         run: cargo build
 
+  deny:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: EmbarkStudios/cargo-deny-action@v1
+
   unit-tests:
     needs: lint
     runs-on: ubuntu-latest

diff --git a/deny.toml b/deny.toml
@@ -0,0 +1,38 @@
+[graph]
+all-features = true
+
+# This section is considered when running `cargo deny check advisories`
+[advisories]
+unmaintained = "warn"
+ignore = [
+    { id = "RUSTSEC-2024-0336", reason = "No upgrade available. Tracking the vulnerability: https://github.com/r0gue-io/pop-cli/issues/173" },
+    { id = "RUSTSEC-2023-0071", reason = "No upgrade available. Tracking the vulnerability: https://github.com/r0gue-io/pop-cli/issues/173" },
+]
+
+[licenses]
+allow = [
+    "Apache-2.0",
+    "Apache-2.0 WITH LLVM-exception",
+    "BSL-1.0",
+    "BSD-2-Clause",
+    "BSD-3-Clause",
+    "CC0-1.0",
+    "ISC",
+    "GPL-3.0",
+    "MIT",
+    "MPL-2.0",
+    "Unicode-DFS-2016",
+    "Unlicense"
+]
+confidence-threshold = 0.93
+
+[[licenses.exceptions]]
+allow = ["OpenSSL"]
+name = "ring"
+
+[[licenses.clarify]]
+name = "ring"
+expression = "ISC AND MIT AND OpenSSL"
+license-files = [
+    { path = "LICENSE", hash = 0xbd0eed23 },
+]