AngelOnFira/cargo-deny-action

❌ GitHub Action for cargo-deny 🦀

❌ cargo-deny GitHub Action

GitHub Action for running cargo-deny to help manage Cargo crate dependencies and validate licenses.

Usage

Create a deny.toml file in the root of the repo to use as rules for the action (example). See cargo-deny for instructions and details of the format and capabilities.

This action will run cargo-deny check and report failure if any banned crates or disallowed open source licenses are found used in the crate or its dependencies.

The action has three optional inputs

• log-level: The log level to use for cargo-deny, default is warn
• command: The command to use for cargo-deny, default is check
• arguments: The argument to pass to cargo-deny, default is --all-features. See Common Options for a list of the available options.

Example pipeline

name: CI
on: [push, pull_request]
jobs:
  cargo-deny:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v2
    - uses: EmbarkStudios/cargo-deny-action@v1

Example pipeline with custom options using default values

name: CI
on: [push, pull_request]
jobs:
  cargo-deny:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v2
    - uses: EmbarkStudios/cargo-deny-action@v1
      with:
        log-level: warn
        command: check
        arguments: --all-features

Recommended pipeline to avoid sudden breakages

name: CI
on: [push, pull_request]
jobs:
  cargo-deny:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        checks:
          - advisories
          - bans licenses sources

    # Prevent sudden announcement of a new advisory from failing ci:
    continue-on-error: ${{ matrix.checks == 'advisories' }}

    steps:
    - uses: actions/checkout@v2
    - uses: EmbarkStudios/cargo-deny-action@v1
      with:
        command: check ${{ matrix.checks }}

Users

Repositories using this action (PR to add your repo):

• ash-molten
• cargo-about
• cargo-fetcher
• glam-rs
• physx-rs
• smush
• tame-gcs
• tame-oauth
• texture-synthesis
• tonic

Contributing

We welcome community contributions to this project.

Please read our Contributor Guide for more information on how to get started.

License

Licensed under either of

• Apache License, Version 2.0, (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
• MIT license (LICENSE-MIT or http://opensource.org/licenses/MIT)

at your option.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.