Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 13 additions & 0 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -189,6 +189,19 @@ jobs:
- uses: actions/checkout@v6
- uses: ./.github/workflows/formatting/rust

#### DEPENDENCY AUDIT ####
cargo_deny:
runs-on: "ubuntu-22.04"

steps:
- uses: actions/checkout@v6

- name: Install cargo-deny
run: cargo install cargo-deny --locked

- name: Check dependencies
run: cargo deny check

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Add licenses before enabling cargo-deny

The new cargo deny check job runs the licenses check, but several workspace members that this command inspects have no license/license-file in their manifests (cli/Cargo.toml, ffi/Cargo.toml, python/Cargo.toml, and the UniFFI crate all show license: null in cargo metadata). With the current deny.toml policy ([licenses.private].ignore = false) cargo-deny does not skip those workspace crates; its docs state unlisted/unlicensed crates fail unless explicitly allowed or clarified (licenses config). As a result, this newly added CI job will fail before it can audit dependencies unless the workspace crates inherit/add a license or are explicitly made private and skipped.

Useful? React with 👍 / 👎.


#### FUZZ TESTING ####
quick_fuzz:
runs-on: "ubuntu-22.04"
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/formatting/rust/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -20,4 +20,4 @@ runs:
- name: Check Clippy
working-directory: ./
shell: bash
run: cargo clippy -- --D warnings
run: cargo clippy --workspace --all-targets -- -D warnings
Loading
Loading