chore(CI): Make cargo deny actually use the external crates manifest (#…

…3593) * chore(CI): Make cargo deny actually use the external crates manifest * naming * move external deny to nightly * default * add openssl license * dprint * add exception and update futures-util * dprint * Update .github/workflows/nightly.yml --------- Co-authored-by: Thibault Martinez <[email protected]>
iotaledger · Nov 1, 2024 · 1c55189 · 1c55189
1 parent 7e9e00d
commit 1c55189
Show file tree

Hide file tree

Showing 4 changed files with 29 additions and 28 deletions.
diff --git a/.github/workflows/_cargo_deny.yml b/.github/workflows/_cargo_deny.yml
@@ -2,6 +2,11 @@ name: Cargo deny
 
 on:
   workflow_call:
+    inputs:
+      manifest-path:
+        type: string
+        required: false
+        default: "./Cargo.toml"
     secrets:
       SSH_PRIVATE_KEY_IOTA_CI:
         required: true
@@ -13,24 +18,13 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  rust-crates:
-    name: cargo-deny (advisories, licenses, bans, ...)
-    runs-on: [self-hosted]
-    steps:
-      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # pin@v4
-      - uses: EmbarkStudios/cargo-deny-action@8371184bd11e21dcf8ac82ebf8c9c9f74ebf7268 # pin@v2
-        with:
-          ssh-key: ${{ secrets.SSH_PRIVATE_KEY_IOTA_CI }}
-          ssh-known-hosts: ${{ secrets.SSH_GITHUB_KNOWN_HOSTS }}
-          use-git-cli: true
-
-  external-crates:
-    name: cargo-deny (advisories, licenses, bans, ...)
+  cargo-deny:
     runs-on: [self-hosted]
     steps:
       - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # pin@v4
       - uses: EmbarkStudios/cargo-deny-action@8371184bd11e21dcf8ac82ebf8c9c9f74ebf7268 # pin@v2
         with:
+          manifest-path: ${{ inputs.manifest-path }}
           ssh-key: ${{ secrets.SSH_PRIVATE_KEY_IOTA_CI }}
           ssh-known-hosts: ${{ secrets.SSH_GITHUB_KNOWN_HOSTS }}
           use-git-cli: true
diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
@@ -29,6 +29,12 @@ env:
   RUST_BACKTRACE: short
 
 jobs:
+  cargo-deny-external:
+    uses: ./.github/workflows/_cargo_deny.yml
+    with:
+      manifest-path: external-crates/move/Cargo.toml
+    secrets: inherit
+
   release:
     name: build release binaries
     runs-on: ${{ matrix.os }}

diff --git a/Cargo.lock b/Cargo.lock
diff --git a/deny.toml b/deny.toml
@@ -83,6 +83,7 @@ allow = [
   "Unlicense",
   "BSL-1.0",
   "Unicode-DFS-2016",
+  "OpenSSL",
   # "Apache-2.0 WITH LLVM-exception",
 ]
 # The confidence threshold for detecting a license from license text.
@@ -93,7 +94,7 @@ confidence-threshold = 0.8
 # Allow 1 or more licenses on a per-crate basis, so that particular licenses
 # aren't accepted for every possible crate as with the normal allow list
 exceptions = [
-
+  { allow = ["GPL-2.0"], name = "mysqlclient-src" },
 
   # Each entry is the crate and version constraint, and its specific allow
   # list