-
Notifications
You must be signed in to change notification settings - Fork 108
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Check for duplicate crate dependencies in CI (#2986)
* Add default deny.toml for "cargo deny check bans" `cargo deny init` * Delete unused "cargo deny" config entries Also cleanup trailing whitespace. * Deny duplicate crates and unexpected crate sources Allow the current set of duplicates and sources, with references to the tickets that will fix them. * Check for duplicate dependencies in CI Also check for: - unexpected crate sources - outdated Cargo.lock (required for accurate duplicate and source checks) * Revert CI name changes so required statuses pass * Fix ticket for sentry-tracing
- Loading branch information
Showing
2 changed files
with
126 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -169,7 +169,7 @@ jobs: | |
| command: build | ||
| args: --verbose --release | ||
|
|
||
| clippy: | ||
| clippy-cargo-lock: | ||
| name: Clippy (stable) | ||
| timeout-minutes: 30 | ||
| runs-on: ubuntu-latest | ||
|
|
@@ -204,7 +204,14 @@ jobs: | |
| token: ${{ secrets.GITHUB_TOKEN }} | ||
| args: --all-features --all-targets -- -D warnings | ||
|
|
||
| fmt: | ||
| # This check makes sure the crate dependency check is accurate | ||
| - name: Check Cargo.lock is up to date | ||
| uses: actions-rs/[email protected] | ||
| with: | ||
| command: check | ||
| args: --locked --all-features --all-targets | ||
|
|
||
| fmt-deps: | ||
| name: Rustfmt | ||
| timeout-minutes: 30 | ||
| runs-on: ubuntu-latest | ||
|
|
@@ -231,7 +238,21 @@ jobs: | |
| echo "CARGO_INCREMENTAL=${{ env.CARGO_INCREMENTAL }}" | ||
| echo "RUST_BACKTRACE=${{ env.RUST_BACKTRACE }}" | ||
| - uses: actions-rs/[email protected] | ||
| - name: Check rustfmt | ||
| uses: actions-rs/[email protected] | ||
| with: | ||
| command: fmt | ||
| args: --all -- --check | ||
|
|
||
| # Edit zebra/deny.toml to allow duplicates | ||
| - name: Check for dependent crates with different versions | ||
| uses: EmbarkStudios/[email protected] | ||
| with: | ||
| command: check bans | ||
| args: --all-features --workspace | ||
|
|
||
| - name: Check crate sources | ||
| uses: EmbarkStudios/[email protected] | ||
| with: | ||
| command: check sources | ||
| args: --all-features --workspace | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,102 @@ | ||
| # Note that all fields that take a lint level have these possible values: | ||
| # * deny - An error will be produced and the check will fail | ||
| # * warn - A warning will be produced, but the check will not fail | ||
| # * allow - No warning or error will be produced, though in some cases a note | ||
| # will be | ||
|
|
||
| # This section is considered when running `cargo deny check bans`. | ||
| # More documentation about the 'bans' section can be found here: | ||
| # https://embarkstudios.github.io/cargo-deny/checks/bans/cfg.html | ||
| [bans] | ||
| # Lint level for when multiple versions of the same crate are detected | ||
| multiple-versions = "deny" | ||
| # The graph highlighting used when creating dotgraphs for crates | ||
| # with multiple versions | ||
| # * lowest-version - The path to the lowest versioned duplicate is highlighted | ||
| # * simplest-path - The path to the version with the fewest edges is highlighted | ||
| # * all - Both lowest-version and simplest-path are used | ||
| highlight = "all" | ||
|
|
||
| # List of crates that are allowed. Use with care! | ||
| allow = [ | ||
| #{ name = "ansi_term", version = "=0.11.0" }, | ||
| ] | ||
|
|
||
| # Certain crates/versions that will be skipped when doing duplicate detection. | ||
| skip = [ | ||
| #{ name = "ansi_term", version = "=0.11.0" }, | ||
| ] | ||
| # Similarly to `skip` allows you to skip certain crates during duplicate | ||
| # detection. Unlike skip, it also includes the entire tree of transitive | ||
| # dependencies starting at the specified crate, up to a certain depth, which is | ||
| # by default infinite | ||
| skip-tree = [ | ||
| # ticket #2200: tokio dependencies | ||
| { name = "metrics-exporter-prometheus", version = "=0.1.0-alpha.7" }, | ||
| { name = "tower", version = "=0.4.0" }, | ||
| { name = "tokio", version = "=0.2.23" }, | ||
| { name = "tokio-util", version = "=0.3.1" }, | ||
|
|
||
| # ticket #2953: tracing dependencies | ||
| { name = "tracing-subscriber", version = "=0.1.6" }, | ||
|
|
||
| # ticket #2952: cryptography dependencies | ||
| { name = "aes", version = "=0.6.0" }, | ||
| { name = "bellman", version = "=0.10.0" }, | ||
| { name = "bls12_381", version = "=0.5.0" }, | ||
| { name = "fpe", version = "=0.4.0" }, | ||
|
|
||
| # ticket #2982: librustzcash and orchard git versions | ||
| { name = "zcash_primitives", version = "=0.5.0" }, | ||
|
|
||
| # ticket #2983: criterion dependencies | ||
| { name = "criterion", version = "=0.3.4" }, | ||
|
|
||
| # ticket #2981: bindgen dependencies | ||
| { name = "rocksdb", version = "=0.16.0" }, | ||
|
|
||
| # ticket #2984: owo-colors dependencies | ||
| { name = "color-eyre", version = "=0.5.11" }, | ||
|
|
||
| # tickets #2985 and #2391: tempdir & rand dependencies | ||
| { name = "tempdir", version = "=0.3.7" }, | ||
|
|
||
| # ticket #2980: inferno dependencies | ||
| { name = "inferno", version = "=0.10.7" }, | ||
|
|
||
| # upgrade orchard from deprecated `bigint` to `uint`: https://github.com/zcash/orchard/issues/219 | ||
| # alternative: downgrade Zebra to `bigint` | ||
| { name = "bigint", version = "=4.4.3" }, | ||
| ] | ||
|
|
||
| # This section is considered when running `cargo deny check sources`. | ||
| # More documentation about the 'sources' section can be found here: | ||
| # https://embarkstudios.github.io/cargo-deny/checks/sources/cfg.html | ||
| [sources] | ||
| # Lint level for what to happen when a crate from a crate registry that is not | ||
| # in the allow list is encountered | ||
| unknown-registry = "deny" | ||
| # Lint level for what to happen when a crate from a git repository that is not | ||
| # in the allow list is encountered | ||
| unknown-git = "deny" | ||
| # List of URLs for allowed crate registries. Defaults to the crates.io index | ||
| # if not specified. If it is specified but empty, no registries are allowed. | ||
| allow-registry = ["https://github.com/rust-lang/crates.io-index"] | ||
| # List of URLs for allowed Git repositories | ||
| allow-git = [ | ||
| # ticket #2200: tokio dependencies | ||
| "https://github.com/kellpossible/sentry-tracing", | ||
|
|
||
| # ticket #2982: librustzcash and orchard git versions | ||
| "https://github.com/str4d/redjubjub", | ||
| ] | ||
|
|
||
| [sources.allow-org] | ||
| github = [ | ||
| "ZcashFoundation", | ||
| "zcash", | ||
|
|
||
| # ticket #2200: tokio dependencies | ||
| "hyperium", | ||
| "tower-rs", | ||
| ] |