177f2fbf9a
https://github.com/EmbarkStudios/cargo-deny cargo-deny is a tool that can issue errors for dependency issues, among other: * security issues in a crate * duplicated dependencies with different versions * unauthorised license Added cargo-deny with an opinionated configuration: * No middle ground with warnings, either allow or deny * Not added to Bors, we probably don't want to block a PR on something that may happen from outside * Different github workflow than CI to run only when Cargo.toml files are changed, or on a schedule * Each check in its own job to help readability * Initial config makes Bevy pass all check Pushing a first commit with commented config to show errors
55 lines
1.3 KiB
YAML
55 lines
1.3 KiB
YAML
name: Dependencies
|
|
|
|
on:
|
|
pull_request:
|
|
paths:
|
|
- '**/Cargo.toml'
|
|
- 'deny.toml'
|
|
push:
|
|
branches: [main, staging, trying]
|
|
paths:
|
|
- '**/Cargo.toml'
|
|
- 'deny.toml'
|
|
schedule:
|
|
- cron: "0 0 * * 0"
|
|
|
|
env:
|
|
CARGO_TERM_COLOR: always
|
|
|
|
jobs:
|
|
check-advisories:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
- name: Install cargo-deny
|
|
run: cargo install cargo-deny
|
|
- name: Check for security advisories and unmaintained crates
|
|
run: cargo deny check advisories
|
|
|
|
check-bans:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
- name: Install cargo-deny
|
|
run: cargo install cargo-deny
|
|
- name: Check for banned and duplicated dependencies
|
|
run: cargo deny check bans
|
|
|
|
check-licenses:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
- name: Install cargo-deny
|
|
run: cargo install cargo-deny
|
|
- name: Check for unauthorized licenses
|
|
run: cargo deny check licenses
|
|
|
|
check-sources:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
- name: Install cargo-deny
|
|
run: cargo install cargo-deny
|
|
- name: Checked for unauthorized crate sources
|
|
run: cargo deny check sources
|