Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(ci): add deny deps CI #6

Merged
merged 2 commits into from
Oct 4, 2023
Merged

feat(ci): add deny deps CI #6

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
348b54e
feat: add deny ci
Evalir Oct 4, 2023
f1ca62c
chore: config deny.toml properly
Evalir Oct 4, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 19 additions & 0 deletions .github/workflows/deps.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
name: deps

on:
push:
branches: [main]
pull_request:
branches: [main]
schedule: [cron: "00 00 * * *"]

jobs:
cargo-deny:
name: cargo deny check
runs-on: ubuntu-latest
timeout-minutes: 30
steps:
- uses: actions/checkout@v3
- uses: EmbarkStudios/cargo-deny-action@v1
with:
command: check all
1 change: 1 addition & 0 deletions Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ name = "foundry-compilers"
authors = ["Foundry Maintainers"]
version = "0.1.0"
readme = "README.md"
license = "MIT OR Apache-2.0"
description = "Utilities for working with solidity compilers, namely solc"
keywords = ["foundry", "solidity", "solc", "ethereum", "ethers"]
edition = "2021"
Expand Down
94 changes: 94 additions & 0 deletions deny.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,94 @@
# This section is considered when running `cargo deny check advisories`
# More documentation for the advisories section can be found here:
# https://embarkstudios.github.io/cargo-deny/checks/advisories/cfg.html
[advisories]
vulnerability = "deny"
unmaintained = "warn"
unsound = "warn"
yanked = "warn"
notice = "warn"

# This section is considered when running `cargo deny check bans`.
# More documentation about the 'bans' section can be found here:
# https://embarkstudios.github.io/cargo-deny/checks/bans/cfg.html
[bans]
# Lint level for when multiple versions of the same crate are detected
multiple-versions = "warn"
# Lint level for when a crate version requirement is `*`
wildcards = "deny"
highlight = "all"
# List of crates to deny
deny = [
# Each entry the name of a crate and a version range. If version is
# not specified, all versions will be matched.
#{ name = "ansi_term", version = "=0.11.0" },
]
# Certain crates/versions that will be skipped when doing duplicate detection.
skip = []
# Similarly to `skip` allows you to skip certain crates during duplicate
# detection. Unlike skip, it also includes the entire tree of transitive
# dependencies starting at the specified crate, up to a certain depth, which is
# by default infinite
skip-tree = []

[licenses]
unlicensed = "deny"
confidence-threshold = 0.9
# copyleft = "deny"

# List of explicitly allowed licenses
# See https://spdx.org/licenses/ for list of possible licenses
# [possible values: any SPDX 3.7 short identifier (+ optional exception)].
allow = [
"MIT",
"MIT-0",
"Apache-2.0",
"Apache-2.0 WITH LLVM-exception",
"BSD-2-Clause",
"BSD-3-Clause",
"ISC",
"Unicode-DFS-2016",
"Unlicense",
"MPL-2.0",
# https://github.com/briansmith/ring/issues/902
"LicenseRef-ring",
# https://github.com/briansmith/webpki/issues/148
"LicenseRef-webpki",
]

# Allow 1 or more licenses on a per-crate basis, so that particular licenses
# aren't accepted for every possible crate as with the normal allow list
exceptions = [
# CC0 is a permissive license but somewhat unclear status for source code
# so we prefer to not have dependencies using it
# https://tldrlegal.com/license/creative-commons-cc0-1.0-universal
{ allow = ["CC0-1.0"], name = "tiny-keccak" },
{ allow = ["CC0-1.0"], name = "trezor-client" },
{ allow = ["CC0-1.0"], name = "constant_time_eq" },
]

[[licenses.clarify]]
name = "ring"
expression = "LicenseRef-ring"
license-files = [{ path = "LICENSE", hash = 0xbd0eed23 }]

[[licenses.clarify]]
name = "webpki"
expression = "LicenseRef-webpki"
license-files = [{ path = "LICENSE", hash = 0x001c7e6c }]

[[licenses.clarify]]
name = "rustls-webpki"
expression = "LicenseRef-webpki"
license-files = [{ path = "LICENSE", hash = 0x001c7e6c }]

# This section is considered when running `cargo deny check sources`.
# More documentation about the 'sources' section can be found here:
# https://embarkstudios.github.io/cargo-deny/checks/sources/cfg.html
[sources]
# Lint level for what to happen when a crate from a crate registry that is not
# in the allow list is encountered
unknown-registry = "deny"
# Lint level for what to happen when a crate from a git repository that is not
# in the allow list is encountered
unknown-git = "deny"