ci/Check dependencies

[Luni-4]

Pull Request Template

Checklist

• Confirm that run-checks script has been executed.

Related Issues/PRs

Provide links to relevant issues and dependent PRs.

Changes

This PR adds dependencies checks to ci in order to detect:

• Vulnerabilities
• Duplications
• Unused

Testing

Describe how these changes have been tested.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (945014b) 87.50% compared to head (8605db6) 87.41%.

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #895      +/-   ##
==========================================
- Coverage   87.50%   87.41%   -0.10%     
==========================================
  Files         502      502              
  Lines       51080    50966     -114     
==========================================
- Hits        44697    44550     -147     
- Misses       6383     6416      +33     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[Luni-4]

@nathanielsimard

This PR is ready to be reviewed

[nathanielsimard]

@Luni-4 We should fix the CI dependencies step before merging!

[Luni-4]

@nathanielsimard

Feel free to change my PR in order to fix the burn dependencies :)

[Luni-4]

@nathanielsimard

It is ready to be reviewed

[Luni-4]

@nathanielsimard @antimora

I have added a files to check licenses but I do not know if I had configured that correctly. Review cargo.deny options carefully and see if they are right the ones I set up

[antimora]

It seems the dependencies is doing its job and failing the CI. We should review the list of licenses and add to an allowable list. There seems to be some odd licenses that I am not familiar with so it might take some time to review.

[Luni-4]

@antimora

Since I do not have the skills to evaluate the right licenses for this project, I'm leaving this PR to you. Feel free to update it and change the code whatever you want, thanks a lot in advance!

[Luni-4]

@nathanielsimard and @antimora

After a brief dialogue with @antimora, I was able to set up and fix the dependency checker. Below a list of the accomplished things:

• Multiple dependencies are detected but they are not going to stop the CI. I have set up a warn level instead of an error level

• The following licenses are deemed acceptable:

    Apache-2.0 WITH LLVM-exception
    Apache-2.0
    BSD-3-Clause
    CC0-1.0
    ISC
    MIT
    MPL-2.0
    OpenSSL
    Unicode-DFS-2016
    Unlicense
    Zlib

• Every unused dependency has been removed

[nathanielsimard]

LGTM, waiting for @antimora to review as well before merging

[nathanielsimard]

Is there a reason not to use the following: cargo install cargo-udeps --locked ?

[Luni-4]

To install faster the binary, reducing the CI time.

[antimora]

Looks good. Lets a give a try!

Thanks, @Luni-4 for your work with this CI enhancements. I feel we have a world class tooling now =)