mirror of
https://github.com/serai-dex/serai.git
synced 2024-12-22 19:49:22 +00:00
Add a cargo deny workflow (#89)
* Add a cargo deny workflow Also trims out a pointless submodule checkout (we have none). * Remove no longer relevant advisories/allowances * Patch for array-bytes * Remove unused properties * Restore chrono advisory * Allow MPL-2.0, correct GPL-3.0 allowance specification * Properly ban copyleft, run on all crates * Exceptions for Serai crates (AGPL-3.0) * Remove top comments * Clarify reasoning for not checking advisories in CI * Run all checks in CI While this may bring down an unrelated commit, we can manually review, before creating a followup commit allowing it. If it's critical, then this did its job.
This commit is contained in:
parent
4a3178ed8f
commit
56574f2f5b
5 changed files with 102 additions and 10 deletions
4
.github/workflows/monero-tests.yaml
vendored
4
.github/workflows/monero-tests.yaml
vendored
|
@ -17,8 +17,6 @@ jobs:
|
|||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
with:
|
||||
submodules: "recursive"
|
||||
|
||||
- name: Test Dependencies
|
||||
uses: ./.github/actions/test-dependencies
|
||||
|
@ -37,8 +35,6 @@ jobs:
|
|||
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
with:
|
||||
submodules: "recursive"
|
||||
|
||||
- name: Test Dependencies
|
||||
uses: ./.github/actions/test-dependencies
|
||||
|
|
27
.github/workflows/tests.yml
vendored
27
.github/workflows/tests.yml
vendored
|
@ -12,8 +12,6 @@ jobs:
|
|||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
with:
|
||||
submodules: "recursive"
|
||||
|
||||
- name: Get nightly version to use
|
||||
id: nightly
|
||||
|
@ -29,12 +27,33 @@ jobs:
|
|||
- name: Run Clippy
|
||||
run: cargo clippy --all-features -- -D warnings -A clippy::type_complexity -A dead_code
|
||||
|
||||
deny:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
|
||||
- name: Rust Cache
|
||||
uses: actions/cache@v3
|
||||
with:
|
||||
path: ~/.cargo/advisory-db
|
||||
key: rust-advisory-db
|
||||
|
||||
- name: Install cargo
|
||||
uses: actions-rs/toolchain@v1
|
||||
with:
|
||||
toolchain: stable
|
||||
profile: minimal
|
||||
|
||||
- name: Install cargo deny
|
||||
run: cargo install --locked cargo-deny
|
||||
|
||||
- name: Run cargo deny
|
||||
run: cargo deny -L error --all-features check
|
||||
|
||||
test:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
with:
|
||||
submodules: "recursive"
|
||||
|
||||
- name: Test Dependencies
|
||||
uses: ./.github/actions/test-dependencies
|
||||
|
|
3
Cargo.lock
generated
3
Cargo.lock
generated
|
@ -118,8 +118,7 @@ dependencies = [
|
|||
[[package]]
|
||||
name = "array-bytes"
|
||||
version = "4.1.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "6a913633b0c922e6b745072795f50d90ebea78ba31a57e2ac8c2fc7b50950949"
|
||||
source = "git+https://github.com/hack-ink/array-bytes?rev=994cd29b66bd2ab5c8c15f0b15a1618d4bb2d94c#994cd29b66bd2ab5c8c15f0b15a1618d4bb2d94c"
|
||||
|
||||
[[package]]
|
||||
name = "array-init"
|
||||
|
|
|
@ -48,3 +48,8 @@ monero-serai = { opt-level = 3 }
|
|||
|
||||
[profile.release]
|
||||
panic = "unwind"
|
||||
|
||||
[patch.crates-io]
|
||||
# array-bytes 4.1.0 is GPL-3.0.
|
||||
# array-bytes git, which has no code changes, includes a dual-license under Apache-2.0.
|
||||
array-bytes = { git = "https://github.com/hack-ink/array-bytes", rev = "994cd29b66bd2ab5c8c15f0b15a1618d4bb2d94c" }
|
||||
|
|
73
deny.toml
Normal file
73
deny.toml
Normal file
|
@ -0,0 +1,73 @@
|
|||
[advisories]
|
||||
db-path = "~/.cargo/advisory-db"
|
||||
db-urls = ["https://github.com/rustsec/advisory-db"]
|
||||
|
||||
vulnerability = "deny"
|
||||
yanked = "deny"
|
||||
notice = "warn"
|
||||
unmaintained = "warn"
|
||||
|
||||
ignore = [
|
||||
"RUSTSEC-2020-0071", # https://github.com/chronotope/chrono/issues/602
|
||||
]
|
||||
|
||||
[licenses]
|
||||
unlicensed = "deny"
|
||||
|
||||
allow = [
|
||||
# Effective public domain
|
||||
"CC0-1.0",
|
||||
"Unlicense",
|
||||
|
||||
# Attribution required
|
||||
"MIT",
|
||||
"BSD-2-Clause",
|
||||
"BSD-3-Clause",
|
||||
"ISC",
|
||||
"Unicode-DFS-2016",
|
||||
"OpenSSL",
|
||||
|
||||
# Non-invasive copyleft
|
||||
"MPL-2.0",
|
||||
"Apache-2.0",
|
||||
"Apache-2.0 WITH LLVM-exception",
|
||||
"GPL-3.0 WITH Classpath-exception-2.0",
|
||||
]
|
||||
|
||||
copyleft = "deny"
|
||||
allow-osi-fsf-free = "neither"
|
||||
default = "deny"
|
||||
|
||||
exceptions = [
|
||||
{ allow = ["AGPL-3.0"], name = "ethereum-serai" },
|
||||
{ allow = ["AGPL-3.0"], name = "serai-processor" },
|
||||
|
||||
{ allow = ["AGPL-3.0"], name = "serai-extension" },
|
||||
{ allow = ["AGPL-3.0"], name = "serai-multisig" },
|
||||
|
||||
{ allow = ["AGPL-3.0"], name = "serai-runtime" },
|
||||
{ allow = ["AGPL-3.0"], name = "serai-consensus" },
|
||||
{ allow = ["AGPL-3.0"], name = "serai-node" },
|
||||
]
|
||||
|
||||
[[licenses.clarify]]
|
||||
name = "ring"
|
||||
version = "*"
|
||||
expression = "MIT AND ISC AND OpenSSL"
|
||||
license-files = [
|
||||
{ path = "LICENSE", hash = 0xbd0eed23 }
|
||||
]
|
||||
|
||||
[bans]
|
||||
multiple-versions = "warn"
|
||||
wildcards = "warn"
|
||||
highlight = "all"
|
||||
|
||||
[sources]
|
||||
unknown-registry = "deny"
|
||||
unknown-git = "deny"
|
||||
allow-registry = ["https://github.com/rust-lang/crates.io-index"]
|
||||
allow-git = [
|
||||
"https://github.com/serai-dex/substrate",
|
||||
"https://github.com/hack-ink/array-bytes"
|
||||
]
|
Loading…
Reference in a new issue