Allow banning or requiring specific features

.github/workflows/ci.yaml

@@ -14,16 +14,14 @@ concurrency:
 jobs:
   lint:
     name: Lint
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     steps:
-      - uses: actions/checkout@v2
-      - uses: actions-rs/toolchain@v1
+      - uses: actions/checkout@v3
+      - uses: dtolnay/rust-toolchain@stable
         with:
-          toolchain: stable
-          override: true
+          components: "clippy, rustfmt"
 
       # make sure all code has been formatted with rustfmt and linted with clippy
-      - run: rustup component add rustfmt clippy
       - name: rustfmt
         run: cargo fmt -- --check --color always
 
@@ -36,21 +34,20 @@ jobs:
     name: Test
     strategy:
       matrix:
-        os: [ubuntu-20.04, windows-2022, macos-11]
+        os: [ubuntu-22.04, windows-2022, macos-11]
     runs-on: ${{ matrix.os }}
     steps:
-      - uses: actions/checkout@v2
-      - uses: actions-rs/toolchain@v1
-        with:
-          toolchain: stable
-          override: true
+      - uses: actions/checkout@v3
+      - uses: dtolnay/rust-toolchain@stable
       - run: cargo fetch
       - name: cargo test build
         run: cargo build --tests
       - run: cargo test
       # Run the tests we usually don't want to run when
       # testing locally
       - run: cargo test -- --ignored
+        # Don't run on macos, too slow and flaky
+        if: matrix.os != 'macos-11'
 
   # Verifies we can build aarch64-apple-darwin binaries until GHA actually has
   # runners for them that we can actually run tests on
@@ -60,12 +57,10 @@ jobs:
     # Only run this PRs
     if: github.ref != 'refs/heads/main'
     steps:
-      - uses: actions/checkout@v2
-      - uses: actions-rs/toolchain@v1
+      - uses: actions/checkout@v3
+      - uses: dtolnay/rust-toolchain@stable
         with:
-          toolchain: stable
-          override: true
-      - run: rustup target add aarch64-apple-darwin
+          targets: aarch64-apple-darwin
       - run: cargo fetch --target aarch64-apple-darwin
       - run: cargo build --release --target aarch64-apple-darwin
 
@@ -74,20 +69,18 @@ jobs:
     strategy:
       matrix:
         include:
-          - os: ubuntu-20.04
+          - os: ubuntu-22.04
             target: x86_64-unknown-linux-musl
     runs-on: ${{ matrix.os }}
     env:
       TARGET: x86_64-unknown-linux-musl
     steps:
-      - uses: actions/checkout@v2
-      - uses: actions-rs/toolchain@v1
+      - uses: actions/checkout@v3
+      - uses: dtolnay/rust-toolchain@stable
         with:
-          toolchain: stable
-          override: true
           target: ${{ matrix.target }}
       - name: Install musl tools
-        if: matrix.os == 'ubuntu-20.04'
+        if: matrix.target == 'x86_64-unknown-linux-musl'
         run: |
           sudo apt-get install -y musl-tools
       - name: cargo fetch
@@ -109,7 +102,7 @@ jobs:
     name: Build the book
     runs-on: ubuntu-20.04
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - run: |
           set -e
           curl -L https://github.com/rust-lang-nursery/mdBook/releases/download/v0.3.1/mdbook-v0.3.1-x86_64-unknown-linux-gnu.tar.gz | tar xzf -
@@ -122,26 +115,23 @@ jobs:
 
   publish-check:
     name: Publish Check
-    runs-on: ubuntu-20.04
+    if: false
+    runs-on: ubuntu-22.04
     steps:
-      - uses: actions/checkout@v2
-      - uses: actions-rs/toolchain@v1
-        with:
-          toolchain: stable
-          override: true
+      - uses: actions/checkout@v3
+      - uses: dtolnay/rust-toolchain@stable
       - run: cargo fetch
       - name: cargo publish
         run: cargo publish --dry-run
 
   msrv-check:
     name: Minimum Stable Rust Version Check
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     steps:
       - uses: actions/checkout@v2
-      - uses: actions-rs/toolchain@v1
+      - uses: dtolnay/rust-toolchain@stable
         with:
           toolchain: "1.60.0"
-          override: true
       - run: cargo fetch
       - name: cargo check
         run: cargo check --all-targets
@@ -153,7 +143,7 @@ jobs:
     strategy:
       matrix:
         include:
-          - os: ubuntu-20.04
+          - os: ubuntu-22.04
             rust: stable
             target: x86_64-unknown-linux-musl
             bin: cargo-deny
@@ -171,18 +161,16 @@ jobs:
             bin: cargo-deny
     runs-on: ${{ matrix.os }}
     steps:
+      - uses: actions/checkout@v3
       - name: Install stable toolchain
-        uses: actions-rs/toolchain@v1
+        uses: dtolnay/rust-toolchain@master
         with:
           toolchain: ${{ matrix.rust }}
-          override: true
           target: ${{ matrix.target }}
       - name: Install musl tools
-        if: matrix.os == 'ubuntu-20.04'
+        if: matrix.target == 'x86_64-unknown-linux-musl'
         run: |
           sudo apt-get install -y musl-tools
-      - name: Checkout
-        uses: actions/checkout@v2
       - name: cargo fetch
         run: cargo fetch --target ${{ matrix.target }}
       - name: Release build
@@ -224,7 +212,7 @@ jobs:
   publish:
     name: Publish Docs
     needs: [doc-book]
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     if: github.event_name == 'push' && github.ref == 'refs/heads/main'
     steps:
       - name: Download book

Cargo.toml

@@ -98,5 +98,10 @@ twox-hash = { version = "1.5", default-features = false }
 url = "2.1"
 
 [dev-dependencies]
+# Snapshot testing
+insta = "1.21"
 # We use this for creating fake crate directories for crawling license files on disk
 tempfile = "3.1.0"
+
+[patch.crates-io]
+krates = { git = "https://github.com/EmbarkStudios/krates", branch = "add-features" }

deny.toml

@@ -30,7 +30,9 @@ skip = [
 [sources]
 unknown-registry = "deny"
 unknown-git = "deny"
-allow-git = []
+
+[sources.allow-org]
+github = ["EmbarkStudios"]
 
 [licenses]
 unlicensed = "deny"

docs/src/checks/bans/cfg.md

@@ -77,3 +77,21 @@ Note that by default, the `depth` is infinite.
 ### The `allow-build-scripts` field (optional)
 
 Specifies all the crates that are allowed to have a build script. If this option is omitted, all crates are allowed to have a build script, and if this option is set to an empty list, no crate is allowed to have a build script.
+
+### The `deny-features` field (optional)
+
+If any of the denied features for a specific crate is used in the dependency graph, cargo-deny will deny it.
+
+**Note:** If this field is provided, cargo-deny will not ban the crate, unless it uses denied features.
+
+### The `allow-features` field (optional)
+
+A specific crate can only use the features provided in this config entry. If this is an empty set, it will have no effect.
+
+**Note:** If this field is provided, cargo-deny will not ban the crate, unless it uses non-allowed features.
+
+### The `exact-features` field (optional)
+
+Makes `allow-features` strict. If this is true, the feature set of the crate must be exactly the same as the `allow-features` set.
+
+**Note:** If this field is provided, cargo-deny will not ban the crate, unless the feature set doesn't match exactly.