Add cargo-deny to CI

gleam-lang · Jan 17, 2021 · a744e3a · a744e3a
1 parent 35de782
commit a744e3a
Show file tree

Hide file tree

Showing 4 changed files with 80 additions and 0 deletions.
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -80,6 +80,27 @@ jobs:
     - name: Check formatting
       run: cargo fmt --all -- --check
 
+  cargo_deny:
+    name: Cargo deny
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+
+    - name: Install Rust toolchain
+      uses: actions-rs/toolchain@v1
+      with:
+        toolchain: ${{ matrix.toolchain }}
+        target: ${{ matrix.target }}
+        profile: minimal
+        override: true
+    - run: |
+        set -e
+        curl -L https://github.com/EmbarkStudios/cargo-deny/releases/download/0.8.5/cargo-deny-0.8.5-x86_64-unknown-linux-musl.tar.gz | tar xzf -
+        mv cargo-deny-*-x86_64-unknown-linux-musl/cargo-deny cargo-deny
+        echo `pwd` >> $GITHUB_PATH
+    - run: cargo deny check
+
   test-core-language:
     name: test-core-language
     needs: test

diff --git a/Cargo.toml b/Cargo.toml
@@ -3,6 +3,7 @@ name = "gleam"
 version = "0.13.2"
 authors = ["Louis Pilfold <louis@lpil.uk>"]
 edition = "2018"
+license-file = "LICENSE"
 
 [dependencies]
 # OS SIGINT and SIGTERM signal handling

diff --git a/LICENCE → LICENSE b/LICENCE → LICENSE
diff --git a/deny.toml b/deny.toml
@@ -0,0 +1,58 @@
+targets = []
+
+# https://embarkstudios.github.io/cargo-deny/checks/advisories/cfg.html
+[advisories]
+db-path = "~/.cargo/advisory-db"
+db-urls = ["https://github.com/rustsec/advisory-db"]
+vulnerability = "deny"
+unmaintained = "warn"
+yanked = "warn"
+notice = "warn"
+ignore = ["RUSTSEC-2020-0041", "RUSTSEC-2020-0095", "RUSTSEC-2020-0016"]
+
+# https://embarkstudios.github.io/cargo-deny/checks/licenses/cfg.html
+[licenses]
+unlicensed = "deny"
+allow = ["MIT", "Apache-2.0", "BSD-3-Clause", "MPL-2.0", "ISC", "OpenSSL"]
+default = "deny"
+confidence-threshold = 0.8
+
+[[licenses.clarify]]
+name = "ring"
+version = "*"
+expression = "MIT AND ISC AND OpenSSL"
+license-files = [{ path = "LICENSE", hash = 0xbd0eed23 }]
+
+[licenses.private]
+ignore = false
+registries = []
+
+# https://embarkstudios.github.io/cargo-deny/checks/bans/cfg.html
+[bans]
+multiple-versions = "warn"
+wildcards = "allow"
+highlight = "all"
+allow = []
+deny = []
+skip = [
+    { name = "ansi_term", version = "=0.11.0" },
+    { name = "bytes", version = "=0.5.6" },
+    { name = "cfg-if", version = "=0.1.10" },
+    { name = "nom", version = "=5.1.2" },
+    { name = "pin-project", version = "=0.4.27" },
+    { name = "pin-project-internal", version = "=0.4.27" },
+    { name = "pin-project-lite", version = "=0.1.11" },
+    { name = "rand_core", version = "=0.5.1" },
+    { name = "redox_syscall", version = "0.1.57" },
+    { name = "strsim", version = "=0.8.0" },
+    { name = "tokio", version = "=0.2.24" },
+    { name = "winapi", version = "=0.2.8" },
+]
+skip-tree = []
+
+# https://embarkstudios.github.io/cargo-deny/checks/sources/cfg.html
+[sources]
+unknown-registry = "warn"
+unknown-git = "warn"
+allow-registry = ["https://github.com/rust-lang/crates.io-index"]
+allow-git = []