From b334b5d891f203c6f9daa70c9f0e7e1b6b5f8425 Mon Sep 17 00:00:00 2001 From: Hubert Date: Thu, 27 Feb 2025 17:41:45 +0100 Subject: [PATCH] feat(ci): use `cargo deny` instead of `cargo audit` (#41) --- .github/workflows/deny.yml | 16 ++++++++++++++++ .github/workflows/rust.yml | 20 -------------------- deny.toml | 9 +++++++++ 3 files changed, 25 insertions(+), 20 deletions(-) create mode 100644 .github/workflows/deny.yml create mode 100644 deny.toml diff --git a/.github/workflows/deny.yml b/.github/workflows/deny.yml new file mode 100644 index 0000000..dac6d0d --- /dev/null +++ b/.github/workflows/deny.yml @@ -0,0 +1,16 @@ +# This workflow will run `cargo-deny`, checking for dependency issues related to licensing, known vulnerabilities, and more. +# The configuration file is in [deny.toml](../../deny.toml). +name: Cargo Deny +on: + push: + branches: + - master + pull_request: + merge_group: + +jobs: + cargo-deny: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: EmbarkStudios/cargo-deny-action@v2 diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index 70aedbf..b03abaa 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -56,26 +56,6 @@ jobs: - name: Run clippy run: cargo clippy --all --all-targets -- -D warnings - audit: - name: Audit - runs-on: ubuntu-latest - steps: - - name: Checkout Sources - uses: actions/checkout@v4 - - name: Install Toolchain - uses: actions-rs/toolchain@v1 - with: - toolchain: stable - profile: minimal - - name: Install Audit - run: cargo install cargo-audit - - name: Rust Cache - uses: Swatinem/rust-cache@v2.7.7 - - name: Run Audit - uses: actions-rs/cargo@v1 - with: - command: audit - build: name: Build runs-on: ${{ matrix.os }} diff --git a/deny.toml b/deny.toml new file mode 100644 index 0000000..ca95dfa --- /dev/null +++ b/deny.toml @@ -0,0 +1,9 @@ +[advisories] +ignore = [] + +[licenses] +allow = [ + "Apache-2.0", + "MIT", + "Unicode-3.0" +]