feat: add cargo deny (#604)

* fix(examples): add license to examples' cargo.toml * feat: add cargo deny for security scan. Update tonic and prost version. * fix: unpublished all examples explicitly in Cargo.toml. Simplify deny.toml
open-telemetry · Jul 30, 2021 · d3bbfd2 · d3bbfd2
1 parent ae4aeb3
commit d3bbfd2
Show file tree

Hide file tree

Showing 20 changed files with 55 additions and 10 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -75,6 +75,14 @@ jobs:
         cargo test --verbose --manifest-path=opentelemetry/Cargo.toml --features trace,metrics,serialize,rt-tokio,serde,testing &&
         cargo test --manifest-path=opentelemetry-jaeger/Cargo.toml --features rt-tokio &&
         cargo test --manifest-path=opentelemetry-zipkin/Cargo.toml
+  cargo-deny:
+    runs-on: ubuntu-latest
+    continue-on-error: true # Prevent sudden announcement of a new advisory from failing ci
+    steps:
+      - uses: actions/checkout@v2
+      - uses: EmbarkStudios/cargo-deny-action@v1
+        with:
+          command: check advisories
   coverage:
     continue-on-error: true
     runs-on: ubuntu-latest

diff --git a/deny.toml b/deny.toml
@@ -0,0 +1,20 @@
+[licenses]
+unlicensed = "deny"
+allow = [
+    "MIT",
+    "Apache-2.0",
+    "ISC",
+    "BSD-3-Clause",
+    "OpenSSL"
+]
+
+[licenses.private]
+ignore = true
+
+[[licenses.clarify]]
+name = "ring"
+version = "*"
+expression = "MIT AND ISC AND OpenSSL"
+license-files = [
+    { path = "LICENSE", hash = 0xbd0eed23 }
+]
diff --git a/examples/actix-http/Cargo.toml b/examples/actix-http/Cargo.toml
@@ -2,6 +2,7 @@
 name = "actix-http-example"
 version = "0.1.0"
 edition = "2018"
+publish = false
 
 [dependencies]
 opentelemetry = { path = "../../opentelemetry", features = ["rt-tokio"] }

diff --git a/examples/actix-udp/Cargo.toml b/examples/actix-udp/Cargo.toml
@@ -2,6 +2,7 @@
 name = "actix-udp-example"
 version = "0.1.0"
 edition = "2018"
+publish = false
 
 [dependencies]
 opentelemetry = { path = "../../opentelemetry" }

diff --git a/examples/async/Cargo.toml b/examples/async/Cargo.toml
@@ -2,6 +2,7 @@
 name = "async"
 version = "0.1.0"
 edition = "2018"
+publish = false
 
 [dependencies]
 futures = "0.3"

diff --git a/examples/aws-xray/Cargo.toml b/examples/aws-xray/Cargo.toml
@@ -2,6 +2,7 @@
 name = "aws-xray"
 version = "0.1.0"
 edition = "2018"
+publish = false
 
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 

diff --git a/examples/basic-otlp-http/Cargo.toml b/examples/basic-otlp-http/Cargo.toml
@@ -3,6 +3,7 @@ name = "basic-otlp-http"
 version = "0.1.0"
 authors = ["rdan <dan.rusei@gmail.com>"]
 edition = "2018"
+publish = false
 
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 

diff --git a/examples/basic-otlp-with-selector/Cargo.toml b/examples/basic-otlp-with-selector/Cargo.toml
@@ -2,6 +2,7 @@
 name = "basic-otlp-with-selector"
 version = "0.1.0"
 edition = "2018"
+publish = false
 
 [dependencies]
 futures = "0.3"

diff --git a/examples/basic-otlp/Cargo.toml b/examples/basic-otlp/Cargo.toml
@@ -2,6 +2,7 @@
 name = "basic-otlp"
 version = "0.1.0"
 edition = "2018"
+publish = false
 
 [dependencies]
 futures = "0.3"

diff --git a/examples/basic/Cargo.toml b/examples/basic/Cargo.toml
@@ -2,6 +2,7 @@
 name = "basic"
 version = "0.1.0"
 edition = "2018"
+publish = false
 
 [dependencies]
 futures = "0.3"

diff --git a/examples/datadog/Cargo.toml b/examples/datadog/Cargo.toml
@@ -2,6 +2,7 @@
 name = "datadog"
 version = "0.1.0"
 edition = "2018"
+publish = false
 
 [dependencies]
 opentelemetry = { path = "../../opentelemetry" }

diff --git a/examples/external-otlp-grpcio-async-std/Cargo.toml b/examples/external-otlp-grpcio-async-std/Cargo.toml
@@ -2,6 +2,7 @@
 name = "external-otlp-grpcio-async-std"
 version = "0.1.0"
 edition = "2018"
+publish = false
 
 [dependencies]
 async-std = { version = "1.9.0", features = ["attributes"] }

diff --git a/examples/external-otlp-tonic-tokio/Cargo.toml b/examples/external-otlp-tonic-tokio/Cargo.toml
@@ -2,6 +2,7 @@
 name = "external-otlp-tonic-tokio"
 version = "0.1.0"
 edition = "2018"
+publish = false
 
 [dependencies]
 futures = "0.3"

diff --git a/examples/grpc/Cargo.toml b/examples/grpc/Cargo.toml
@@ -2,6 +2,7 @@
 name = "grpc"
 version = "0.1.0"
 edition = "2018"
+publish = false
 
 [[bin]] # Bin to run the gRPC server
 name = "grpc-server"
@@ -15,11 +16,11 @@ doc = false
 
 [dependencies]
 http = "0.2"
-tonic = "0.4"
-prost = "0.7"
+tonic = "0.5"
+prost = "0.8"
 tokio = { version = "1.0", features = ["full"] }
 opentelemetry = { path = "../../opentelemetry" }
 opentelemetry-jaeger = { path = "../../opentelemetry-jaeger" }
 
 [build-dependencies]
-tonic-build = "0.4"
+tonic-build = "0.5"
diff --git a/examples/http/Cargo.toml b/examples/http/Cargo.toml
@@ -2,6 +2,7 @@
 name = "http"
 version = "0.1.0"
 edition = "2018"
+publish = false
 
 [[bin]] # Bin to run the http server
 name = "http-server"

diff --git a/examples/hyper-prometheus/Cargo.toml b/examples/hyper-prometheus/Cargo.toml
@@ -2,6 +2,7 @@
 name = "hyper-prometheus"
 version = "0.1.0"
 edition = "2018"
+publish = false
 
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 

diff --git a/examples/multiple-span-processors/Cargo.toml b/examples/multiple-span-processors/Cargo.toml
@@ -2,6 +2,7 @@
 name = "multiple-span-processors"
 version = "0.1.0"
 edition = "2018"
+publish = false
 
 [dependencies]
 opentelemetry = { path = "../../opentelemetry", features = ["rt-tokio"] }

diff --git a/examples/tracing-grpc/Cargo.toml b/examples/tracing-grpc/Cargo.toml
@@ -2,6 +2,7 @@
 name = "tracing-grpc"
 version = "0.1.0"
 edition = "2018"
+publish = false
 
 [[bin]] # Bin to run the gRPC server
 name = "grpc-server"
@@ -13,8 +14,8 @@ path = "src/client.rs"
 
 [dependencies]
 http = "0.2"
-tonic = "0.4"
-prost = "0.7"
+tonic = "0.5"
+prost = "0.8"
 tokio = { version = "1.0", features = ["full"] }
 opentelemetry = { version = "0.14", features = ["rt-tokio"] }
 opentelemetry-jaeger = "0.13"
@@ -24,4 +25,4 @@ tracing-opentelemetry = "0.13"
 tracing-futures = "0.2"
 
 [build-dependencies]
-tonic-build = "0.4"
+tonic-build = "0.5"
diff --git a/examples/zipkin/Cargo.toml b/examples/zipkin/Cargo.toml
@@ -2,6 +2,7 @@
 name = "zipkin"
 version = "0.1.0"
 edition = "2018"
+publish = false
 
 [dependencies]
 opentelemetry = { path = "../../opentelemetry" }

diff --git a/opentelemetry-stackdriver/Cargo.toml b/opentelemetry-stackdriver/Cargo.toml
@@ -11,7 +11,7 @@ edition = "2018"
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [build-dependencies]
-tonic-build = "0.4.0"
+tonic-build = "0.5.0"
 which = "4.0.2"
 
 [dependencies]
@@ -24,10 +24,10 @@ hyper = "0.14.2"
 hyper-rustls = { version = "0.22.1", optional = true }
 log = "0.4"
 opentelemetry = { version = "0.15", path = "../opentelemetry" }
-prost = "0.7"
-prost-types = "0.7"
+prost = "0.8"
+prost-types = "0.8"
 rustls = "0.19"
-tonic = { version = "0.4", features = ["tls", "transport"] }
+tonic = { version = "0.5", features = ["tls", "transport"] }
 tokio = { version = "1.1", optional = true }
 yup-oauth2 = { version = "5.0.1", optional = true }
 webpki-roots = "0.21"