chore: Add license and audit checks

.github/workflows/audit.yml

@@ -0,0 +1,36 @@
+name: Audit
+
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+  schedule:
+    # * is a special character in YAML so you have to quote this string
+    - cron: "0 14 * * *"
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+env:
+  # When getting Rust dependencies, retry on network error:
+  CARGO_NET_RETRY: 10
+  # Use the local .curlrc
+  CURL_HOME: .
+  # Disable DFX telemetry
+  DFX_TELEMETRY: 'off'
+  # Use the stable toolchain for the audit
+  RUSTUP_TOOLCHAIN: stable
+
+jobs:
+  test:
+    name: audit:required
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      issues: write
+
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions-rust-lang/audit@v1

.github/workflows/deny.yml

@@ -0,0 +1,30 @@
+name: License Check
+
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+env:
+  # When getting Rust dependencies, retry on network error:
+  CARGO_NET_RETRY: 10
+  # Use the local .curlrc
+  CURL_HOME: .
+  # Disable DFX telemetry
+  DFX_TELEMETRY: 'off'
+
+jobs:
+  cargo-deny:
+    name: license-check:required
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - run: rm rust-toolchain.toml
+      - uses: EmbarkStudios/cargo-deny-action@v2
+        with:
+          command: check bans licenses sources # skip advisories, which are handled by audit.yml

Cargo.toml

@@ -5,6 +5,13 @@ default-members = ["crates/icp-cli"]
 exclude = ["examples/icp-rust", "examples/icp-rust-recipe"]
 resolver = "3"
 
+[workspace.package]
+authors = ["DFINITY Stiftung <sdk@dfinity.org>"]
+edition = "2024"
+repository = "https://github.com/dfinity/icp-cli"
+rust-version = "1.88.0"
+license = "Apache-2.0"
+
 [workspace.dependencies]
 anyhow = "1.0.100"
 async-trait = "0.1.88"

LICENSE

@@ -1,3 +1,4 @@
+
                                  Apache License
                            Version 2.0, January 2004
                         http://www.apache.org/licenses/

crates/icp-canister-interfaces/Cargo.toml

@@ -2,6 +2,7 @@
 name = "icp-canister-interfaces"
 version = "0.1.0"
 edition = "2024"
+license = "Apache-2.0"
 
 [dependencies]
 bigdecimal = { workspace = true }

crates/icp-cli/Cargo.toml

@@ -3,6 +3,7 @@ name = "icp-cli"
 version = "0.1.0"
 edition = "2024"
 publish = false
+license = "Apache-2.0"
 
 [[bin]]
 name = "icp"

crates/icp/Cargo.toml

@@ -2,6 +2,7 @@
 name = "icp"
 version = "0.1.0"
 edition = "2024"
+license = "Apache-2.0"
 
 [dependencies]
 anyhow = { workspace = true }

crates/schema-gen/Cargo.toml

@@ -1,7 +1,8 @@
 [package]
 name = "schema-gen"
 version = "0.1.0"
-edition = "2021"
+edition.workspace = true
+license.workspace = true
 
 [[bin]]
 name = "schema-gen"

deny.toml

@@ -0,0 +1,25 @@
+# adapted from https://github.com/dfinity-lab/common/blob/master/pkgs/overlays/packages/cargo-deny/buildtime.toml
+# for context, see https://github.com/dfinity-lab/common/blob/master/pkgs/overlays/packages/cargo-deny/runtime.toml
+# we allow more licenses in the build-time check. all rust dependencies are statically linked,
+# so copyleft licenses like MPL which allow static linking are A-OK
+[licenses]
+allow = [
+    "Apache-2.0",
+    "Apache-2.0 WITH LLVM-exception",
+    "BlueOak-1.0.0",
+    "BSD-2-Clause",
+    "BSD-3-Clause",
+    "CC0-1.0",
+    "CDLA-Permissive-2.0",
+    "ISC",
+    "MIT",
+    "MPL-2.0",
+    "Zlib",
+    "Unicode-DFS-2016",
+    "Unicode-3.0",
+]
+
+unused-allowed-license = "allow"
+
+[sources]
+allow-git = ["https://github.com/dfinity/agent-rs.git"]

rust-toolchain.toml

@@ -1,3 +1,3 @@
 [toolchain]
-channel = "1.86.0"
+channel = "1.88.0"
 components = ["rustfmt", "clippy"]