mirror of
https://github.com/serai-dex/serai.git
synced 2024-12-23 03:59:22 +00:00
Add a cargo deny workflow (#89)
* Add a cargo deny workflow Also trims out a pointless submodule checkout (we have none). * Remove no longer relevant advisories/allowances * Patch for array-bytes * Remove unused properties * Restore chrono advisory * Allow MPL-2.0, correct GPL-3.0 allowance specification * Properly ban copyleft, run on all crates * Exceptions for Serai crates (AGPL-3.0) * Remove top comments * Clarify reasoning for not checking advisories in CI * Run all checks in CI While this may bring down an unrelated commit, we can manually review, before creating a followup commit allowing it. If it's critical, then this did its job.
This commit is contained in:
parent
4a3178ed8f
commit
56574f2f5b
5 changed files with 102 additions and 10 deletions
4
.github/workflows/monero-tests.yaml
vendored
4
.github/workflows/monero-tests.yaml
vendored
|
@ -17,8 +17,6 @@ jobs:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v3
|
- uses: actions/checkout@v3
|
||||||
with:
|
|
||||||
submodules: "recursive"
|
|
||||||
|
|
||||||
- name: Test Dependencies
|
- name: Test Dependencies
|
||||||
uses: ./.github/actions/test-dependencies
|
uses: ./.github/actions/test-dependencies
|
||||||
|
@ -37,8 +35,6 @@ jobs:
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v3
|
- uses: actions/checkout@v3
|
||||||
with:
|
|
||||||
submodules: "recursive"
|
|
||||||
|
|
||||||
- name: Test Dependencies
|
- name: Test Dependencies
|
||||||
uses: ./.github/actions/test-dependencies
|
uses: ./.github/actions/test-dependencies
|
||||||
|
|
27
.github/workflows/tests.yml
vendored
27
.github/workflows/tests.yml
vendored
|
@ -12,8 +12,6 @@ jobs:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v3
|
- uses: actions/checkout@v3
|
||||||
with:
|
|
||||||
submodules: "recursive"
|
|
||||||
|
|
||||||
- name: Get nightly version to use
|
- name: Get nightly version to use
|
||||||
id: nightly
|
id: nightly
|
||||||
|
@ -29,12 +27,33 @@ jobs:
|
||||||
- name: Run Clippy
|
- name: Run Clippy
|
||||||
run: cargo clippy --all-features -- -D warnings -A clippy::type_complexity -A dead_code
|
run: cargo clippy --all-features -- -D warnings -A clippy::type_complexity -A dead_code
|
||||||
|
|
||||||
|
deny:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v3
|
||||||
|
|
||||||
|
- name: Rust Cache
|
||||||
|
uses: actions/cache@v3
|
||||||
|
with:
|
||||||
|
path: ~/.cargo/advisory-db
|
||||||
|
key: rust-advisory-db
|
||||||
|
|
||||||
|
- name: Install cargo
|
||||||
|
uses: actions-rs/toolchain@v1
|
||||||
|
with:
|
||||||
|
toolchain: stable
|
||||||
|
profile: minimal
|
||||||
|
|
||||||
|
- name: Install cargo deny
|
||||||
|
run: cargo install --locked cargo-deny
|
||||||
|
|
||||||
|
- name: Run cargo deny
|
||||||
|
run: cargo deny -L error --all-features check
|
||||||
|
|
||||||
test:
|
test:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v3
|
- uses: actions/checkout@v3
|
||||||
with:
|
|
||||||
submodules: "recursive"
|
|
||||||
|
|
||||||
- name: Test Dependencies
|
- name: Test Dependencies
|
||||||
uses: ./.github/actions/test-dependencies
|
uses: ./.github/actions/test-dependencies
|
||||||
|
|
3
Cargo.lock
generated
3
Cargo.lock
generated
|
@ -118,8 +118,7 @@ dependencies = [
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "array-bytes"
|
name = "array-bytes"
|
||||||
version = "4.1.0"
|
version = "4.1.0"
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
source = "git+https://github.com/hack-ink/array-bytes?rev=994cd29b66bd2ab5c8c15f0b15a1618d4bb2d94c#994cd29b66bd2ab5c8c15f0b15a1618d4bb2d94c"
|
||||||
checksum = "6a913633b0c922e6b745072795f50d90ebea78ba31a57e2ac8c2fc7b50950949"
|
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "array-init"
|
name = "array-init"
|
||||||
|
|
|
@ -48,3 +48,8 @@ monero-serai = { opt-level = 3 }
|
||||||
|
|
||||||
[profile.release]
|
[profile.release]
|
||||||
panic = "unwind"
|
panic = "unwind"
|
||||||
|
|
||||||
|
[patch.crates-io]
|
||||||
|
# array-bytes 4.1.0 is GPL-3.0.
|
||||||
|
# array-bytes git, which has no code changes, includes a dual-license under Apache-2.0.
|
||||||
|
array-bytes = { git = "https://github.com/hack-ink/array-bytes", rev = "994cd29b66bd2ab5c8c15f0b15a1618d4bb2d94c" }
|
||||||
|
|
73
deny.toml
Normal file
73
deny.toml
Normal file
|
@ -0,0 +1,73 @@
|
||||||
|
[advisories]
|
||||||
|
db-path = "~/.cargo/advisory-db"
|
||||||
|
db-urls = ["https://github.com/rustsec/advisory-db"]
|
||||||
|
|
||||||
|
vulnerability = "deny"
|
||||||
|
yanked = "deny"
|
||||||
|
notice = "warn"
|
||||||
|
unmaintained = "warn"
|
||||||
|
|
||||||
|
ignore = [
|
||||||
|
"RUSTSEC-2020-0071", # https://github.com/chronotope/chrono/issues/602
|
||||||
|
]
|
||||||
|
|
||||||
|
[licenses]
|
||||||
|
unlicensed = "deny"
|
||||||
|
|
||||||
|
allow = [
|
||||||
|
# Effective public domain
|
||||||
|
"CC0-1.0",
|
||||||
|
"Unlicense",
|
||||||
|
|
||||||
|
# Attribution required
|
||||||
|
"MIT",
|
||||||
|
"BSD-2-Clause",
|
||||||
|
"BSD-3-Clause",
|
||||||
|
"ISC",
|
||||||
|
"Unicode-DFS-2016",
|
||||||
|
"OpenSSL",
|
||||||
|
|
||||||
|
# Non-invasive copyleft
|
||||||
|
"MPL-2.0",
|
||||||
|
"Apache-2.0",
|
||||||
|
"Apache-2.0 WITH LLVM-exception",
|
||||||
|
"GPL-3.0 WITH Classpath-exception-2.0",
|
||||||
|
]
|
||||||
|
|
||||||
|
copyleft = "deny"
|
||||||
|
allow-osi-fsf-free = "neither"
|
||||||
|
default = "deny"
|
||||||
|
|
||||||
|
exceptions = [
|
||||||
|
{ allow = ["AGPL-3.0"], name = "ethereum-serai" },
|
||||||
|
{ allow = ["AGPL-3.0"], name = "serai-processor" },
|
||||||
|
|
||||||
|
{ allow = ["AGPL-3.0"], name = "serai-extension" },
|
||||||
|
{ allow = ["AGPL-3.0"], name = "serai-multisig" },
|
||||||
|
|
||||||
|
{ allow = ["AGPL-3.0"], name = "serai-runtime" },
|
||||||
|
{ allow = ["AGPL-3.0"], name = "serai-consensus" },
|
||||||
|
{ allow = ["AGPL-3.0"], name = "serai-node" },
|
||||||
|
]
|
||||||
|
|
||||||
|
[[licenses.clarify]]
|
||||||
|
name = "ring"
|
||||||
|
version = "*"
|
||||||
|
expression = "MIT AND ISC AND OpenSSL"
|
||||||
|
license-files = [
|
||||||
|
{ path = "LICENSE", hash = 0xbd0eed23 }
|
||||||
|
]
|
||||||
|
|
||||||
|
[bans]
|
||||||
|
multiple-versions = "warn"
|
||||||
|
wildcards = "warn"
|
||||||
|
highlight = "all"
|
||||||
|
|
||||||
|
[sources]
|
||||||
|
unknown-registry = "deny"
|
||||||
|
unknown-git = "deny"
|
||||||
|
allow-registry = ["https://github.com/rust-lang/crates.io-index"]
|
||||||
|
allow-git = [
|
||||||
|
"https://github.com/serai-dex/substrate",
|
||||||
|
"https://github.com/hack-ink/array-bytes"
|
||||||
|
]
|
Loading…
Reference in a new issue