Skip to content

Commit

Permalink
Update deny action (#3461)
Browse files Browse the repository at this point in the history
The current `cargo deny` configuration in `deny.toml` uses several keys
that have been deprecated. This PR removes the deprecated keys, and
updates the deny action to use v2 (as well as renames it from
`audit.yml` to `deny.yml`).

The only semantic difference is that `cargo deny` will now reject crates
that are maintained or have a notice on them, whereas previously, our
configuration set both to "warn". As mentioned in the docs though, one
can add an "ignore" if needed to bypass those advisories:


https://embarkstudios.github.io/cargo-deny/checks/advisories/cfg.html#the-version-field-optional

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 and MIT licenses.
  • Loading branch information
zhassan-aws authored Aug 26, 2024
1 parent ac10164 commit 28f8f22
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 10 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/audit.yml → .github/workflows/deny.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
# 1. Checks licenses for allowed license.
# 2. Checks Rust-Sec registry for security advisories.

name: Cargo Audit
name: Cargo Deny
on:
pull_request:
merge_group:
Expand All @@ -18,7 +18,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: EmbarkStudios/cargo-deny-action@v1
- uses: EmbarkStudios/cargo-deny-action@v2
with:
arguments: --all-features --workspace
command-arguments: -s
8 changes: 0 additions & 8 deletions deny.toml
Original file line number Diff line number Diff line change
Expand Up @@ -7,10 +7,7 @@
[advisories]
db-path = "~/.cargo/advisory-db"
db-urls = ["https://github.com/rustsec/advisory-db"]
vulnerability = "deny"
unmaintained = "warn"
yanked = "deny"
notice = "warn"
# A list of advisory IDs to ignore. Note that ignored advisories will still
# output a note when they are encountered.
ignore = [
Expand All @@ -21,19 +18,14 @@ ignore = [
# More documentation for the licenses section can be found here:
# https://embarkstudios.github.io/cargo-deny/checks/licenses/cfg.html
[licenses]
default = "deny"
unlicensed = "deny"
copyleft = "deny"
allow = [
"MIT",
"Apache-2.0",
]
allow-osi-fsf-free = "neither"
confidence-threshold = 0.8

# All these exceptions should probably appear in: tools/build-kani/license-notes.txt
exceptions = [
{ name = "Inflector", allow=["BSD-2-Clause"] },
{ name = "unicode-ident", allow=["Unicode-DFS-2016"] },
]

Expand Down

0 comments on commit 28f8f22

Please sign in to comment.