Add cargo-deny (#303)

DanNixon · web-flow · commit 0e7d0500c66a · 2025-02-03T21:23:21.000Z
## Summary of changes

Adds cargo-deny, a dependency auditing tool.

## Instruction for review/testing

- Code review
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -40,6 +40,9 @@ jobs:
       - name: Format
         run: nix develop --command treefmt --fail-on-change
 
+      - name: cargo-deny
+        run: nix develop --command cargo deny check
+
       - name: Clippy
         if: steps.filter.outputs.flake == 'true' || steps.filter.outputs.rust == 'true'
         run: nix develop --command cargo clippy --all-targets -- -D warnings
diff --git a/Cargo.toml b/Cargo.toml
@@ -42,7 +42,7 @@ rand = "0.8.5"
 rand_distr = "0.4.3"
 ratatui = "0.22.0"
 rayon = "1.10.0"
-rdkafka = { version = "0.31.0", features = [ "cmake-build", "ssl", "gssapi", "sasl", ] }
+rdkafka = { version = "0.31.0", features = ["cmake-build", "ssl", "gssapi", "sasl"] }
 serde = { version = "1", features = ["derive"] }
 serde_json = { version = "1.0.134" }
 supermusr-common = { path = "./common" }
diff --git a/deny.toml b/deny.toml
@@ -0,0 +1,40 @@
+[advisories]
+version = 2
+db-path = "~/.cargo/advisory-db"
+db-urls = [ "https://github.com/rustsec/advisory-db" ]
+ignore = [
+  "RUSTSEC-2024-0421",
+  "RUSTSEC-2021-0041",
+  "RUSTSEC-2024-0402",
+]
+
+[licenses]
+version = 2
+allow = [
+  "MIT",
+  "GPL-3.0",
+  "Apache-2.0",
+  "BSD-3-Clause",
+  "BSD-2-Clause",
+  "OpenSSL",
+  "Unicode-DFS-2016",
+  "ISC",
+  "LicenseRef-hdf5",
+]
+
+[[licenses.clarify]]
+name = "ring"
+expression = "MIT AND ISC AND OpenSSL"
+license-files = [
+  { path = "LICENSE", hash = 0xbd0eed23 },
+]
+
+[[licenses.clarify]]
+name = "hdf5-metno-src"
+expression = "LicenseRef-hdf5"
+license-files = [
+  { path = "ext/hdf5/COPYING", hash = 0xf13e3591 },
+]
+
+[bans]
+multiple-versions = "allow"
diff --git a/flake.nix b/flake.nix
@@ -62,6 +62,9 @@
             treefmt
             mdl
 
+            # Dependency auditing
+            cargo-deny
+
             # Container image management
             skopeo
 
diff --git a/treefmt.toml b/treefmt.toml
@@ -1,6 +1,10 @@
 [formatter.markdown]
 command = "mdl"
 includes = [ "*.md" ]
+excludes = [
+  ".github/pull_request_template.md",
+  ".github/ISSUE_TEMPLATE/*.md",
+]
 
 [formatter.nix]
 command = "alejandra"
