ci: add cargo-deny check

Cosmian · May 6, 2024 · d3b22f5 · d3b22f5
1 parent 37b8c2d
commit d3b22f5
Show file tree

Hide file tree

Showing 14 changed files with 268 additions and 99 deletions.
diff --git a/.cargo/audit.toml b/.cargo/audit.toml
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -10,14 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
-      - uses: dtolnay/rust-toolchain@stable
-      - uses: actions/cache@v3
-        with:
-          path: ~/.cargo/bin
-          key: ${{ runner.os }}-cargo-audit-v0.15.2
-      - uses: rustsec/audit-check@v1
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
+      - uses: EmbarkStudios/cargo-deny-action@v1
 
   cargo-lint:
     uses: ./.github/workflows/clippy.yml

diff --git a/.github/workflows/main_release.yml b/.github/workflows/main_release.yml
@@ -16,14 +16,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
-      - uses: dtolnay/rust-toolchain@stable
-      - uses: actions/cache@v3
-        with:
-          path: ~/.cargo/bin
-          key: ${{ runner.os }}-cargo-audit-v0.15.2
-      - uses: rustsec/audit-check@v1
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
+      - uses: EmbarkStudios/cargo-deny-action@v1
 
   cargo-lint:
     uses: ./.github/workflows/clippy.yml

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -10,14 +10,14 @@
 exclude: crate/cli/test_data|documentation/pandoc|documentation/overrides|enclave|crate/server/src/tests/test_utils.rs|crate/cli/src/tests/utils/test_utils.rs|crate/client/src/lib.rs|crate/cli/src/tests/certificates/openssl.rs|crate/client/src/kms_rest_client.rs|.pre-commit-config.yaml|crate/server/src/routes/google_cse/jwt.rs|crate/server/src/routes/google_cse/python/openssl|documentation/docs/google_cse
 repos:
   - repo: https://github.com/compilerla/conventional-pre-commit
-    rev: v2.1.1
+    rev: v3.2.0
     hooks:
       - id: conventional-pre-commit
         stages: [commit-msg]
         args: [] # optional: list of Conventional Commits types to allow e.g. [feat, fix, ci, chore, test]
 
   - repo: https://github.com/pre-commit/mirrors-prettier
-    rev: v3.0.0-alpha.4
+    rev: v4.0.0-alpha.8
     hooks:
       - id: prettier
         stages: [commit]
@@ -27,7 +27,7 @@ repos:
         exclude: documentation/theme_overrides/assets
 
   - repo: https://github.com/igorshubovych/markdownlint-cli
-    rev: v0.32.2
+    rev: v0.40.0
     hooks:
       - id: markdownlint-fix
         args:
@@ -50,27 +50,27 @@ repos:
       - id: markdown-toc
 
   - repo: https://github.com/tcort/markdown-link-check
-    rev: v3.11.2
+    rev: v3.12.1
     hooks:
       - id: markdown-link-check
         args: [-q]
         exclude: documentation/docs/ms_dke/ms_dke.md
 
   - repo: https://github.com/jumanjihouse/pre-commit-hook-yamlfmt
-    rev: 0.2.2
+    rev: 0.2.3
     hooks:
       - id: yamlfmt
         args: [--mapping, "2", --sequence, "4", --offset, "2"]
         exclude: ansible
 
   - repo: https://github.com/crate-ci/typos
-    rev: v1.13.1
+    rev: v1.21.0
     hooks:
       - id: typos
         exclude: documentation/docs/images/google_cse.drawio.svg|crate/test_server/src/test_jwt.rs|crate/pkcs11/documentation/veracrypt_ckms.svg|crate/client/test_data/configs/kms.bad|crate/test_server/certificates/|crate/client/test_data/configs/|crate/server/src/tests/google_cse/|crate/pkcs11/sys/src/
 
   - repo: https://github.com/Lucas-C/pre-commit-hooks
-    rev: v1.3.1
+    rev: v1.5.5
     hooks:
       - id: forbid-crlf
       - id: remove-crlf
@@ -80,7 +80,7 @@ repos:
         exclude: ^.git/
 
   - repo: https://github.com/sirosen/texthooks
-    rev: 0.4.0
+    rev: 0.6.6
     hooks:
       - id: fix-smartquotes
       - id: fix-ligatures
@@ -94,7 +94,7 @@ repos:
       - id: shellcheck
 
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.4.0
+    rev: v4.6.0
     hooks:
       - id: check-added-large-files
       - id: check-ast
@@ -128,30 +128,12 @@ repos:
         exclude: crate/kmip/src/kmip/extra/x509_extensions.rs
 
   - repo: https://github.com/psf/black
-    rev: 22.10.0
+    rev: 24.4.2
     hooks:
       - id: black
         # avoid clash with `double-quote-string-fixer`
         args: [--skip-string-normalization]
 
-  - repo: https://github.com/Cube707/mkdocs
-    rev: e8733d1373c1543d6052925d3272b2ff51dbb140
-    hooks:
-      - id: mkdocs-build
-        additional_dependencies:
-          - mkdocs-plugin-progress
-          - mkdocs-kroki-plugin
-          - mkdocs-material
-          - mkdocs-meta-descriptions-plugin
-          - markdown-katex
-        entry: bash -c 'cd documentation && mkdocs build --strict'
-
-  - repo: https://github.com/cisagov/pre-commit-packer
-    rev: v0.0.2
-    hooks:
-      - id: packer_fmt
-      - id: packer_validate
-
   - repo: https://github.com/Cosmian/git-hooks.git
     rev: v1.0.25
     hooks:

diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -26,7 +26,8 @@ authors = [
   "Emmanuel Coste <[email protected]>",
   "Hugo Rosenkranz-Costa <[email protected]>"
 ]
-license = "Business Source License 1.1"
+license = "BUSL-1.1" # "Business Source License 1.1"
+license-file = "LICENSE"
 repository = "https://github.com/Cosmian/kms"
 
 [profile.release]

diff --git a/crate/cli/Cargo.toml b/crate/cli/Cargo.toml
@@ -6,7 +6,6 @@ edition.workspace = true
 license.workspace = true
 repository.workspace = true
 rust-version.workspace = true
-license-file = "../../LICENSE"
 description = "CLI used to manage the Cosmian KMS."
 
 [[bin]]

diff --git a/crate/client/Cargo.toml b/crate/client/Cargo.toml
@@ -6,7 +6,6 @@ edition.workspace = true
 license.workspace = true
 repository.workspace = true
 rust-version.workspace = true
-license-file = "../../LICENSE"
 
 [lib]
 # doc test linking as a separate binary is extremely slow

diff --git a/crate/kmip/Cargo.toml b/crate/kmip/Cargo.toml
@@ -6,7 +6,6 @@ edition.workspace = true
 license.workspace = true
 repository.workspace = true
 rust-version.workspace = true
-license-file = "../../LICENSE"
 
 [lib]
 # doc test linking as a separate binary is extremely slow

diff --git a/crate/logger/Cargo.toml b/crate/logger/Cargo.toml
@@ -6,7 +6,6 @@ edition.workspace = true
 license.workspace = true
 repository.workspace = true
 rust-version.workspace = true
-license-file = "../../LICENSE"
 
 [dependencies]
 tracing = { workspace = true }

diff --git a/crate/pyo3/Cargo.toml b/crate/pyo3/Cargo.toml
@@ -6,7 +6,6 @@ edition.workspace = true
 license.workspace = true
 repository.workspace = true
 rust-version.workspace = true
-license-file = "../../LICENSE"
 
 [lib]
 crate-type = ["cdylib"]

diff --git a/crate/server/Cargo.toml b/crate/server/Cargo.toml
@@ -6,7 +6,6 @@ edition.workspace = true
 license.workspace = true
 repository.workspace = true
 rust-version.workspace = true
-license-file = "../../LICENSE"
 description = "Cosmian Key Management Service"
 
 [[bin]]

diff --git a/crate/test_server/Cargo.toml b/crate/test_server/Cargo.toml
@@ -6,7 +6,6 @@ edition.workspace = true
 license.workspace = true
 repository.workspace = true
 rust-version.workspace = true
-license-file = "../../LICENSE"
 
 [lib]
 # doc test linking as a separate binary is extremely slow