octo
/
Zebra
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Check for duplicate crate dependencies in CI (#2986) 

* Add default deny.toml for "cargo deny check bans"

`cargo deny init`

* Delete unused "cargo deny" config entries

Also cleanup trailing whitespace.

* Deny duplicate crates and unexpected crate sources

Allow the current set of duplicates and sources,
with references to the tickets that will fix them.

* Check for duplicate dependencies in CI

Also check for:
- unexpected crate sources
- outdated Cargo.lock
  (required for accurate duplicate and source checks)

* Revert CI name changes so required statuses pass

* Fix ticket for sentry-tracing
This commit is contained in:
teor 2021-11-02 07:19:22 +10:00 committed by GitHub
parent da8be766dd
commit 9963471b7c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 126 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
.github/workflows/ci.yml vendored
View File

@ -169,7 +169,7 @@ jobs:
command: build
args: --verbose --release
clippy:
clippy-cargo-lock:
name: Clippy (stable)
timeout-minutes: 30
runs-on: ubuntu-latest
@ -204,7 +204,14 @@ jobs:
token: ${{ secrets.GITHUB_TOKEN }}
args: --all-features --all-targets -- -D warnings
fmt:
# This check makes sure the crate dependency check is accurate
- name: Check Cargo.lock is up to date
uses: actions-rs/cargo@v1.0.3
with:
command: check
args: --locked --all-features --all-targets
fmt-deps:
name: Rustfmt
timeout-minutes: 30
runs-on: ubuntu-latest
@ -231,7 +238,21 @@ jobs:
echo "CARGO_INCREMENTAL=${{ env.CARGO_INCREMENTAL }}"
echo "RUST_BACKTRACE=${{ env.RUST_BACKTRACE }}"
- uses: actions-rs/cargo@v1.0.3
- name: Check rustfmt
uses: actions-rs/cargo@v1.0.3
with:
command: fmt
args: --all -- --check
# Edit zebra/deny.toml to allow duplicates
- name: Check for dependent crates with different versions
uses: EmbarkStudios/cargo-deny-action@v1.2.6
with:
command: check bans
args: --all-features --workspace
- name: Check crate sources
uses: EmbarkStudios/cargo-deny-action@v1.2.6
with:
command: check sources
args: --all-features --workspace

102
deny.toml Normal file
View File

@ -0,0 +1,102 @@
# Note that all fields that take a lint level have these possible values:
# * deny - An error will be produced and the check will fail
# * warn - A warning will be produced, but the check will not fail
# * allow - No warning or error will be produced, though in some cases a note
# will be
# This section is considered when running `cargo deny check bans`.
# More documentation about the 'bans' section can be found here:
# https://embarkstudios.github.io/cargo-deny/checks/bans/cfg.html
[bans]
# Lint level for when multiple versions of the same crate are detected
multiple-versions = "deny"
# The graph highlighting used when creating dotgraphs for crates
# with multiple versions
# * lowest-version - The path to the lowest versioned duplicate is highlighted
# * simplest-path - The path to the version with the fewest edges is highlighted
# * all - Both lowest-version and simplest-path are used
highlight = "all"
# List of crates that are allowed. Use with care!
allow = [
#{ name = "ansi_term", version = "=0.11.0" },
]
# Certain crates/versions that will be skipped when doing duplicate detection.
skip = [
#{ name = "ansi_term", version = "=0.11.0" },
]
# Similarly to `skip` allows you to skip certain crates during duplicate
# detection. Unlike skip, it also includes the entire tree of transitive
# dependencies starting at the specified crate, up to a certain depth, which is
# by default infinite
skip-tree = [
# ticket #2200: tokio dependencies
{ name = "metrics-exporter-prometheus", version = "=0.1.0-alpha.7" },
{ name = "tower", version = "=0.4.0" },
{ name = "tokio", version = "=0.2.23" },
{ name = "tokio-util", version = "=0.3.1" },
# ticket #2953: tracing dependencies
{ name = "tracing-subscriber", version = "=0.1.6" },
# ticket #2952: cryptography dependencies
{ name = "aes", version = "=0.6.0" },
{ name = "bellman", version = "=0.10.0" },
{ name = "bls12_381", version = "=0.5.0" },
{ name = "fpe", version = "=0.4.0" },
# ticket #2982: librustzcash and orchard git versions
{ name = "zcash_primitives", version = "=0.5.0" },
# ticket #2983: criterion dependencies
{ name = "criterion", version = "=0.3.4" },
# ticket #2981: bindgen dependencies
{ name = "rocksdb", version = "=0.16.0" },
# ticket #2984: owo-colors dependencies
{ name = "color-eyre", version = "=0.5.11" },
# tickets #2985 and #2391: tempdir & rand dependencies
{ name = "tempdir", version = "=0.3.7" },
# ticket #2980: inferno dependencies
{ name = "inferno", version = "=0.10.7" },
# upgrade orchard from deprecated `bigint` to `uint`: https://github.com/zcash/orchard/issues/219
# alternative: downgrade Zebra to `bigint`
{ name = "bigint", version = "=4.4.3" },
]
# This section is considered when running `cargo deny check sources`.
# More documentation about the 'sources' section can be found here:
# https://embarkstudios.github.io/cargo-deny/checks/sources/cfg.html
[sources]
# Lint level for what to happen when a crate from a crate registry that is not
# in the allow list is encountered
unknown-registry = "deny"
# Lint level for what to happen when a crate from a git repository that is not
# in the allow list is encountered
unknown-git = "deny"
# List of URLs for allowed crate registries. Defaults to the crates.io index
# if not specified. If it is specified but empty, no registries are allowed.
allow-registry = ["https://github.com/rust-lang/crates.io-index"]
# List of URLs for allowed Git repositories
allow-git = [
# ticket #2200: tokio dependencies
"https://github.com/kellpossible/sentry-tracing",
# ticket #2982: librustzcash and orchard git versions
"https://github.com/str4d/redjubjub",
]
[sources.allow-org]
github = [
"ZcashFoundation",
"zcash",
# ticket #2200: tokio dependencies
"hyperium",
"tower-rs",
]