CI/CD: Add cargo deny job to GitHub Actions.

2020-11-11 17:09:28 -08:00 · 2020-11-11 17:09:28 -08:00 · 72dab40d97
commit 72dab40d97
parent 3b1ece45ef
2 changed files with 46 additions and 0 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -36,6 +36,24 @@ jobs:
      # TODO: Add `--all-features`:
      - run: cargo +1.37.0 clippy ---all-targets -- --deny warnings

+  deny:
+    # Don't run duplicate `push` jobs for the repo owner's PRs.
+    if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository
+
+    runs-on: ubuntu-18.04
+
+    steps:
+      - uses: actions-rs/toolchain@v1
+        with:
+          toolchain: stable
+          profile: minimal
+
+      - run: cargo install cargo-deny
+
+      - uses: actions/checkout@v2
+
+      - run: cargo deny check
+
  test:
    # Don't run duplicate `push` jobs for the repo owner's PRs.
    if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository
--- a/deny.toml
+++ b/deny.toml
@ -0,0 +1,28 @@
+[advisories]
+unmaintained = "deny"
+yanked = "deny"
+notice = "deny"
+
+[licenses]
+allow = [
+    "Apache-2.0",
+    "ISC",
+    "LicenseRef-ring",
+    "MIT",
+]
+confidence-threshold = 1.0
+
+[[licenses.clarify]]
+name = "ring"
+expression = "LicenseRef-ring"
+license-files = [
+    { path = "LICENSE", hash = 0xbd0eed23 },
+]
+
+[bans]
+multiple-versions = "deny"
+wildcards = "deny"
+
+[sources]
+unknown-registry = "deny"
+unknown-git = "deny"