Skip to content

chore: Add "LGPL-3.0-only" to allowed licenses #5698

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
grahamking wants to merge 2 commits into
base: main
Choose a base branch
from
Open

chore: Add "LGPL-3.0-only" to allowed licenses #5698

grahamking wants to merge 2 commits into from
+3 −2

Conversation

@grahamking
Copy link
Contributor

@grahamking grahamking commented Jan 27, 2026
edited by coderabbitai bot
Loading

And silence cargo-deny warnings about multiple versions of a crate, often nothing we can do about that.

Strangely I only got this warning locally, not in CI.

Summary by CodeRabbit

Release Notes

  • Chores
    • Updated GitHub Actions workflow configuration for Rust dependency checks
    • Added LGPL-3.0-only to the list of permitted licenses

✏️ Tip: You can customize this high-level summary in your review settings.

@grahamking
chore: Add "LGPL-3.0-only" to allowed licenses
c9290f1 
And silence cargo-deny warnings about multiple versions of a crate,
often nothing we can do about that.

Signed-off-by: Graham King <grahamk@nvidia.com>
@grahamking grahamking requested a review from a team as a code owner January 27, 2026 22:11
@github-actions github-actions bot added chore ci Issues/PRs that reference CI build/test and removed ci Issues/PRs that reference CI build/test labels Jan 27, 2026
@coderabbitai
Copy link
Contributor

coderabbitai bot commented Jan 27, 2026

Walkthrough

The pull request updates GitHub Actions workflow configuration and dependency license policies. The cargo-deny command adds an error-level log flag, and the deny.toml file permits LGPL-3.0-only licenses in the allow list.

Changes

Cohort / File(s) Summary
GitHub Actions Workflow Configuration
.github/workflows/pre-merge-rust.yml		 Added -L error flag to cargo-deny command to set error-level logging output
License Policy Configuration
deny.toml		 Added "LGPL-3.0-only" to the licenses allow list, expanding permitted open-source licenses

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐰 A little config tweak here and there,
A license added with care,
Cargo-deny speaks with clearer voice,
LGPL joins the rightful choice! 🎉

🚥 Pre-merge checks | ✅ 2 | ❌ 1
❌ Failed checks (1 warning)
Check name Status Explanation Resolution
Description check ⚠️ Warning The description is incomplete and lacks the required template structure with Overview, Details, Where should reviewer start, and Related Issues sections. Restructure the description to follow the repository template with proper sections: Overview, Details, Where should the reviewer start, and Related Issues.
✅ Passed checks (2 passed)
Check name Status Explanation
Title check ✅ Passed The title accurately describes the main change: adding 'LGPL-3.0-only' to the allowed licenses list in deny.toml.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai bot reviewed Jan 27, 2026
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Fix all issues with AI agents 
In `@deny.toml`:
- Line 38: The repo currently lists "LGPL-3.0-only" in deny.toml; obtain
explicit legal sign‑off for permitting LGPL‑3.0‑only distribution and then
document that approval and required compliance steps: (1) add the approver,
date, and scope of approval to the repo’s license policy (e.g., LICENSES.md or a
LICENSE_APPROVALS file), (2) enumerate required obligations for consumers
(relinkable object rules, static vs dynamic linking guidance, source/notice
obligations) and any build/packaging checklist, (3) update deny.toml or the
license policy to reflect the approved status of "LGPL-3.0-only" and link to the
approval record, and (4) adjust any CI/license-checker config to accept the
license only when the approval entry is present.
🧹 Nitpick comments (1)
.github/workflows/pre-merge-rust.yml (1)

78-78: Avoid suppressing all cargo‑deny warnings; use config-based allow instead.

The -L error flag suppresses all WARN-level logs, including legitimate cargo-deny warnings. Use the configuration file to explicitly allow multiple versions so other warnings remain visible.

♻️ Suggested adjustment 
-        cargo-deny -L error --no-default-features check --hide-inclusion-graph licenses bans --config ${{ github.workspace }}/deny.toml
+        cargo-deny --no-default-features check --hide-inclusion-graph licenses bans --config ${{ github.workspace }}/deny.toml
 [bans]
+multiple-versions = "allow"
 deny = [
 	# Ensure we don't depend on openssl
     { name = "native-tls" },
     { name = "openssl-sys" },
 ]

@grahamking
Upgrade cargo-deny 0.16.4 -> 0.19.0
3a56161 
Signed-off-by: Graham King <grahamk@nvidia.com>
@github-actions github-actions bot added the ci Issues/PRs that reference CI build/test label Jan 27, 2026
@grahamking grahamking enabled auto-merge (squash) January 27, 2026 23:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@nv-anants nv-anants nv-anants approved these changes

Assignees

No one assigned

Labels

chore ci Issues/PRs that reference CI build/test size/XS

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@grahamking @nv-anants