Cargo Deny

[DanielVoogsgerd]

This introduces Cargo deny into our CI. With Cargo deny we can check if all dependencies have compatible licenses.

A couple of things still need to be done:

• @Lut99: A couple of your own packages are still licensed under the GPL-3.0, which due to its copyleft nature is incompatible with Brane unfortunately. Could you either release them under a permissive license or another solution you prefer?
  • Error trace
  • Humanlog
  • Transform
  • Enum-debug-derive
• A similar PR on the Policy Reasoner needs to be merged.
• Both repos need a cargo update to reflect the missing license information I added in these PRs.

After that is done the CI check should become green again

[Lut99]

The enum-debug-derive's odd. It has the same LICENSE as the main crate, which is currently Apache 2.0. Maybe it's already fixed and it needs the update?

[Lut99]

Oh right, probably it's missing the license key. Will add.

[Lut99]

Try now!

EDIT: Now also created new versions for all crates.

[Lut99]

It's the Audit / Licenses, no? Does it pass? 👀

[DanielVoogsgerd]

It is green, I think that is good. Thanks for all the effort upstream. Feel free to merge :D (Edit: If I don't accidentally close it)

Edit: Okay, I accidentally closed and reopened it and somehow CI is a lot less green this time.

[Lut99]

Lol haha why would re-opening the PR matter, other than re-running the checks perhaps... maybe something else got merged in the meantime?

Anyway ~ good to go?

[DanielVoogsgerd]

Lol haha why would re-opening the PR matter, other than re-running the checks perhaps... maybe something else got merged in the meantime?

Okay, I did some investigation, and I'm pretty sure that it is because GitHub's ubuntu-latest runner is in the middle of migrating from 22.04 to 24.04. In 24.04 it seems like we are missing the libsqlite3-dev package.

The last run we had on 22.04 was this one: https://github.com/epi-project/brane/actions/runs/11241205000. And it only had an already existing failure in minimal versions.

Anyway ~ good to go?

Yep, should be good 🤞

Edit: This problem has been fixed in #163. After merging, this CI should be green again.

[Lut99]

OK, I've merged #163. And I'm getting about a million merge conflicts in every Cargo.toml in the universe now 🫠

[DanielVoogsgerd]

OK, I've merged #163. And I'm getting about a million merge conflicts in every Cargo.toml in the universe now 🫠

No worries, I will resolve them.

[Lut99]

Awwww, brane-oas's Cargo is also updated xD

I can do that one

[Lut99]

All checks are green, let's goooo

[DanielVoogsgerd]

Yet it broke after the merge with enum-debug problems 😢.

I think because enum-debug is now still version 1.0.0 in the policy reasoner, which is not compatible with 1.1.0 that we have in Brane. I think this is because we are using tags for versions, and I don't think Cargo will interpret tags as semver as that is not necessarily true.