Skip to content

Audit Rust Dependencies #413

Audit Rust Dependencies

Audit Rust Dependencies #413

Workflow file for this run

name: "Audit Rust Dependencies"
on:
push:
paths:
# Run if workflow changes
- '.github/workflows/cargo-audit.yml'
# Run on changed dependencies
- '**/Cargo.toml'
- '**/Cargo.lock'
# Run if the configuration file changes
- '**/audit.toml'
# Rerun periodicly to pick up new advisories
schedule:
- cron: '0 0 * * *'
# Run manually
workflow_dispatch:
permissions: read-all
jobs:
audit:
name: "Cargo audit"
runs-on: ubuntu-latest
permissions:
issues: write
steps:
- uses: actions/checkout@v3
- uses: actions-rust-lang/audit@v1
name: Audit Rust Dependencies
with:
ignore: RUSTSEC-2020-0071
licenses:
name: "Cargo license"
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions-rust-lang/setup-rust-toolchain@v1
- name: Install cargo-license
run: cargo install cargo-license
- name: Run cargo-license
run: cargo license --all-features -d > licenses.txt
- name: Create list of allowed licenses
run: |
cat >allowed-licenses.txt <<END
"MIT"
"Apache-2.0"
"Apache-2.0 OR MIT"
"BSD-3-Clause"
"BSD-2-Clause"
"Unlicense"
"0BSD OR Apache-2.0 OR MIT"
"MIT OR Unlicense"
"Apache-2.0 OR CC0-1.0"
"Apache-2.0 OR CC0-1.0 OR MIT-0"
"(Apache-2.0 OR MIT) AND BSD-3-Clause"
"CC0-1.0"
"Apache-2.0 OR Apache-2.0 WITH LLVM-exception OR MIT"
"Apache-2.0 OR MIT OR Zlib"
"Apache-2.0 OR BSL-1.0"
"Apache-2.0 OR BSL-1.0 OR MIT"
"MIT AND BSD-3-Clause"
"(MIT OR Apache-2.0) AND Unicode-DFS-2016"
"Apache-2.0 OR ISC OR MIT"
^api_commands
^rvoc-backend
^integration-tests
^wikitext-parser
^wiktionary-dump-parser
END
- name: Remove allowed licenses
run: grep -v -f allowed-licenses.txt licenses.txt > unknown-licenses.txt || echo "All used licenses are allowed"
- name: Assert that there are no unknown licenses
run: >
if [ ! -s "unknown-licenses.txt" ]; then
echo "OK"
else
echo "There are unknown licenses"
cat unknown-licenses.txt | sort | uniq
exit 1
fi