Add cargo deny to CI (#249)

Dzejkop · web-flow · commit 14c345409649 · 2025-05-23T07:14:36.000+01:00
* add cargo deny check to CI

* cleanup

* replace unmaintaned dotenv -&gt; dotenvy

* update yanked deranged@0.4.1

* update yanked crossbeam-channel

* ignore paste crate being unmaintained

* allow multiple crate versions

* allow paradigmxyz as source for GH deps

* explicit version for reth dep

* Update tokio

Addresses RUSTSEC-2025-0023

* cleanup
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
@@ -1,31 +1,35 @@
 name: Linting
 
 on:
-    push:
-      branches:
-        - main
-    pull_request:
+  push:
+    branches:
+      - main
+  pull_request:
 
 jobs:
-    build:
-      runs-on: ubuntu-latest
-  
-      steps:
-        - name: Checkout code
-          uses: actions/checkout@v2
-  
-        - name: Set up Rust
-          uses: dtolnay/rust-toolchain@stable
-          with:
-            toolchain: stable
-            override: true
-            components: rustfmt
-  
-        - name: Build
-          run: cargo build --verbose
-  
-        - name: Lint
-          run: cargo clippy -- -D warnings
-  
-        - name: Format code
-          run: cargo fmt -- --check
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Set up Rust
+        uses: dtolnay/rust-toolchain@stable
+        with:
+          toolchain: stable
+          override: true
+          components: rustfmt
+
+      - name: Build
+        run: cargo build --workspace --verbose
+
+      - name: Lint
+        run: cargo clippy --workspace -- -D warnings
+
+      - name: Format code
+        run: cargo fmt --all -- --check
+
+      - name: Deny
+        uses: EmbarkStudios/cargo-deny-action@v2
+
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -20,4 +20,4 @@ jobs:
       - name: Install cargo-nextest
         uses: taiki-e/install-action@nextest
       - name: Run nextest
-        run: cargo nextest run
+        run: cargo nextest run --workspace
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -17,11 +17,11 @@ clap = { version = "4", features = ["derive", "env"] }
 jsonrpsee = { version = "0.24", features = ["server", "http-client", "macros"] }
 moka = { version = "0.12.10", features = ["future"] }
 http = "1.1.0"
-dotenv = "0.15.0"
+dotenvy = "0.15.7"
 tower = "0.4.13"
 tower-http = { version = "0.5.2", features = [
-    "decompression-full",
-    "sensitive-headers",
+  "decompression-full",
+  "sensitive-headers",
 ] }
 http-body-util = "0.1.2"
 hyper = { version = "1.4.1", features = ["full"] }
@@ -31,11 +31,11 @@ rustls = { version = "0.23.23", features = ["ring"] }
 serde_json = "1.0.96"
 opentelemetry = { version = "0.28.0", features = ["trace"] }
 opentelemetry-otlp = { version = "0.28.0", features = [
-    "http-proto",
-    "http-json",
-    "reqwest-client",
-    "trace",
-    "grpc-tonic",
+  "http-proto",
+  "http-json",
+  "reqwest-client",
+  "trace",
+  "grpc-tonic",
 ] }
 opentelemetry_sdk = { version = "0.28.0", features = ["rt-tokio"] }
 tracing-opentelemetry = "0.29.0"
@@ -59,7 +59,7 @@ assert_cmd = "2.0.10"
 predicates = "3.1.2"
 tokio-util = { version = "0.7.13" }
 bytes = "1.2"
-reth-rpc-layer = { git = "https://github.com/paradigmxyz/reth.git", rev = "v1.3.7" }
+reth-rpc-layer = { git = "https://github.com/paradigmxyz/reth.git", version = "1.3.7", rev = "v1.3.7" }
 ctor = "0.4.1"
 reqwest = "0.12.15"
 
diff --git a/deny.toml b/deny.toml
@@ -0,0 +1,34 @@
+[licenses]
+allow = [
+  "MIT",
+  "Apache-2.0",
+  "Apache-2.0 WITH LLVM-exception",
+  "Unicode-3.0",
+  "MPL-2.0",
+  "ISC",
+  "CC0-1.0",
+  "BSD-3-Clause",
+  "Zlib",
+  "OpenSSL",
+]
+confidence-threshold = 0.8
+
+[advisories]
+ignore = [
+  # paste crate is unmaintained
+  "RUSTSEC-2024-0436",
+]
+
+[bans]
+multiple-versions = "allow"
+wildcards = "warn"
+highlight = "all"
+
+[sources]
+unknown-registry = "warn"
+unknown-git = "warn"
+allow-registry = ["https://github.com/rust-lang/crates.io-index"]
+allow-git = []
+
+[sources.allow-org]
+github = ["paradigmxyz"]
diff --git a/src/bin/main.rs b/src/bin/main.rs
@@ -1,7 +1,7 @@
 use clap::Parser;
 use rollup_boost::Args;
 
-use dotenv::dotenv;
+use dotenvy::dotenv;
 
 #[tokio::main]
 async fn main() -> eyre::Result<()> {
diff --git a/src/lib.rs b/src/lib.rs
@@ -1,6 +1,3 @@
-#![cfg_attr(not(test), warn(unused_crate_dependencies))]
-use dotenv as _;
-
 mod client;
 pub use client::{auth::*, http::*, rpc::*};
 
