Add a cargo deny configuration (#169)

This allows us to use a single tool to check for security issues as well as licensing issues and that we don't have any git dependencies. Co-authored-by: Denis Kasak <[email protected]>
matrix-org · Sep 10, 2024 · dcd6eed · dcd6eed
1 parent bf1cd84
commit dcd6eed
Show file tree

Hide file tree

Showing 2 changed files with 46 additions and 0 deletions.
diff --git a/.deny.toml b/.deny.toml
@@ -0,0 +1,33 @@
+# https://embarkstudios.github.io/cargo-deny/checks/cfg.html
+[graph]
+all-features = true
+exclude = [
+    # dev only dependency
+    "criterion"
+]
+
+[advisories]
+version = 2
+
+[licenses]
+version = 2
+allow = [
+    "Apache-2.0",
+    "BSD-3-Clause",
+    "MIT",
+]
+exceptions = [
+    { allow = ["Unicode-DFS-2016"], crate = "unicode-ident" },
+]
+
+[bans]
+multiple-versions = "warn"
+wildcards = "deny"
+
+[sources]
+unknown-registry = "deny"
+unknown-git = "deny"
+
+allow-git = [
+    "https://github.com/poljar/olm-rs",
+]
diff --git a/.github/workflows/deny.yml b/.github/workflows/deny.yml
@@ -0,0 +1,13 @@
+name: Lint dependencies (for licences, allowed sources, banned dependencies)
+on:
+  pull_request:
+    paths:
+      - '**/Cargo.toml'
+jobs:
+  cargo-deny:
+    runs-on: ubuntu-22.04
+    steps:
+    - uses: actions/checkout@v3
+    - uses: EmbarkStudios/cargo-deny-action@v1
+      with:
+        command: check bans licenses sources