Skip to content

Commit 2aaa78f

Browse files
authored
ci: enforce dependency license allowlist with cargo-deny (#201)
Add a 'Dependency licenses' CI job running 'cargo deny check licenses' against the deny.toml allowlist, and include it in the ci-status gate so a disallowed (e.g. copyleft) dependency fails the build.
1 parent 84e257e commit 2aaa78f

1 file changed

Lines changed: 15 additions & 1 deletion

File tree

.github/workflows/ci.yml

Lines changed: 15 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -48,6 +48,19 @@ jobs:
4848
- name: cargo test
4949
run: cargo test --workspace --all-features
5050

51+
licenses:
52+
name: Dependency licenses
53+
runs-on: ubuntu-latest
54+
steps:
55+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
56+
with:
57+
persist-credentials: false
58+
59+
- name: cargo deny check licenses
60+
uses: EmbarkStudios/cargo-deny-action@bb137d7af7e4fb67e5f82a49c4fce4fad40782fe # v2.0.20
61+
with:
62+
command: check licenses
63+
5164
codegen:
5265
name: Codegen
5366
runs-on: ubuntu-latest
@@ -266,12 +279,13 @@ jobs:
266279
name: CI Status
267280
if: always()
268281
runs-on: ubuntu-latest
269-
needs: [rust, codegen, ts-client, playground, explorer, e2e]
282+
needs: [rust, licenses, codegen, ts-client, playground, explorer, e2e]
270283
steps:
271284
- name: Check all jobs
272285
run: |
273286
results=(
274287
"${{ needs.rust.result }}"
288+
"${{ needs.licenses.result }}"
275289
"${{ needs.codegen.result }}"
276290
"${{ needs.ts-client.result }}"
277291
"${{ needs.playground.result }}"

0 commit comments

Comments
 (0)