Skip to content

[#102] Cargo deny workflow #308

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
robertmercea wants to merge 3 commits into
base: main
Choose a base branch
from
Open

[#102] Cargo deny workflow #308

robertmercea wants to merge 3 commits into from

Conversation

@robertmercea
Copy link
Collaborator

@robertmercea robertmercea commented Aug 18, 2025

cargo-deny workflow

Integrated cargo-deny in the build-and-test GitHub Action

Description

  • Added cargo-deny workflow to build_and_tests_reusable.yaml
  • Added deny.toml config file with accepted licenses for the project
  • Updated crossbeam-channel and tokio packages as they had issues detected by cargo-deny

Fixes #102

Type of change

New feature (non-breaking change which adds functionality)

Checklist:

  • I have performed a self-review of my code
  • I have tested my code on different platforms (if applicable)
  • I have commented my code, particularly in hard-to-understand areas
  • I have added necessary documentation (if appropriate)
  • My changes generate no new warnings
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes

Additional context

There are many duplicate packages in the project, detected by cargo-deny. I did not do anything about them, however, as that could cause everything to break.
I have also noticed that there are two unmaintained packages in the project (derivative and instant), but they are dependencies of other packages used by rencfs.

radumarias
radumarias reviewed Aug 21, 2025
View reviewed changes
deny.toml Outdated
"MIT",
"Apache-2.0",
"BSD-3-Clause",
"CC0-1.0",
Copy link
Member

@radumarias radumarias Aug 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

allow only these:

    "MIT",
    "Apache-2.0",
    "BSD-3-Clause"

Copy link
Member

@radumarias radumarias Aug 21, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#308 (comment)

based on detail ok the above link, it makes sense. our repo states only the first 3, maybe we should check the other licenses requirements if we need to explicitly mention them in our license info to, can you please do that?
we could mark the conversation as resolved after that

Copy link
Collaborator Author

@robertmercea robertmercea Aug 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CC0 1.0 does not need to be mentioned whatsoever according to this EU site
Zlib states that mentioning the license is "appreciated, but is not required" according to opensource.org and their website
ISC, however, requires that we mention it according to their website and opensource.org. This license is almost identical to the MIT license.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@radumarias radumarias radumarias left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Auditing

2 participants

@robertmercea @radumarias