Skip to content

Commit

Permalink
Add license check (#1504)
Browse files Browse the repository at this point in the history
This uses an allow list, mostly-duplicates the deny.toml, and runs a
simple shell script instead of using the action, so that the pgrx
library can have an independently tracked set of licenses. This is done
because the dependencies of that are liable to be actually linked into
extensions as dynamic libraries.

In order to let the deny.toml have accurate reporting, the example
extension crates are marked as being unpublished. I also tweaked the
version on them because I didn't care about the version field in my
regex-replace.

Closes #1502
  • Loading branch information
workingjubilee authored Jan 31, 2024
1 parent 38b749b commit 9eb5c18
Show file tree
Hide file tree
Showing 30 changed files with 321 additions and 24 deletions.
3 changes: 3 additions & 0 deletions .github/workflows/tests.yml
Original file line number Diff line number Diff line change
Expand Up @@ -353,6 +353,9 @@ jobs:
- name: Run rustfmt
run: cargo fmt --all -- --check

- name: Run license check
run: cargo install cargo-deny --force && ./ci/license-check.sh

- name: Install cargo-pgrx
run: cargo install --path cargo-pgrx/ --debug --force

Expand Down
24 changes: 12 additions & 12 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 2 additions & 0 deletions ci/license-check.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
cargo deny check licenses
cd pgrx && cargo deny check licenses
138 changes: 138 additions & 0 deletions deny.toml
Original file line number Diff line number Diff line change
@@ -0,0 +1,138 @@
# Configuration for cargo deny for the workspace
# NOTE: pgrx (the library crate) has its own deny.toml because it is linked into extensions

# Note that all fields that take a lint level have these possible values:
# * deny - An error will be produced and the check will fail
# * warn - A warning will be produced, but the check will not fail
# * allow - No warning or error will be produced, though it may still note

# If 1 or more target triples (and optionally, target_features) are specified,
# only the specified targets will be checked when running `cargo deny check`.
targets = [
{ triple = "x86_64-unknown-linux-gnu" },
{ triple = "aarch64-apple-darwin" },
]
# When creating the dependency graph used, this can be used to prune crates from the graph,
# removing them from the view of cargo-deny. This is an extremely heavy hammer, as if a crate
# is pruned from the graph, all of its dependencies will also be pruned.
# Uses Package IDs: https://doc.rust-lang.org/cargo/reference/pkgid-spec.html
#exclude = []
# If true, metadata will be collected with `--all-features`. Prefer using the command line.
all-features = true
# If true, metadata will be collected with `--no-default-features`. Prefer using the command line.
no-default-features = false
# If set, these features will be enabled when collecting metadata.
# cargo deny --features "" # will take precedence over this option.
#features = []
# When outputting inclusion graphs in diagnostics that include features, this
# option can be used to specify the depth at which feature edges will be added.
# cargo deny --feature-depth 9001 # will take precedence over this option
feature-depth = 1

# https://embarkstudios.github.io/cargo-deny/checks/advisories/cfg.html
[advisories]
db-path = "~/.cargo/advisory-db"
db-urls = ["https://github.com/rustsec/advisory-db"]
vulnerability = "deny"
unmaintained = "warn"
yanked = "warn"
notice = "warn"
# Note that ignored advisories can still output a note when they are encountered.
ignore = [
#"RUSTSEC-0000-0000",
]
# Threshold for security vulnerabilities based on CVSS
# Note that CVSS values only measure severity, not risk.
#severity-threshold =

# If this is true, then cargo deny will use the git executable to fetch the advisory database.
# If this is false, then it uses a built-in git library.
#git-fetch-with-cli = true


# https://embarkstudios.github.io/cargo-deny/checks/licenses/cfg.html
[licenses]
# The lint level for crates which do not have a detectable license
unlicensed = "deny"
# See https://spdx.org/licenses/ for list of possible licenses
# This allowlist is a superset of pgrx's allowlist, including the build tools like cargo-pgrx, etc.
# We are not as concerned about licenses that affect linked code here: most tools aren't shipped.
allow = [
"0BSD",
"Apache-2.0",
"Apache-2.0 WITH LLVM-exception",
"BSD-3-Clause",
"BSL-1.0",
"ISC",
"MIT",
"MPL-2.0",
"Unicode-DFS-2016",
"Unlicense",
"Zlib",
]
deny = []
copyleft = "deny" # https://github.com/EmbarkStudios/cargo-deny/issues/354
default = "deny"
# The confidence threshold for detecting a license from license text.
# The higher the value, the more closely the license text must be to the
# canonical license text of a valid SPDX license file.
confidence-threshold = 0.99999 # we got five nines!
# Allow 1 or more licenses on a per-crate basis.
exceptions = [
{ allow = ["LicenseRef-Ring"], name = "ring", version = "*" },
]

# Some crates don't have (easily) machine readable licensing information
# and adding a clarification entry allows manually specifying licensing.
[[licenses.clarify]]
name = "ring"
version = "*"
expression = "LicenseRef-Ring"
license-files = [
{ path = "LICENSE", hash = 0xbd0eed23 },
]

[licenses.private]
# ignores workspace crates that aren't published
ignore = true
registries = [] # private registries

# https://embarkstudios.github.io/cargo-deny/checks/bans/cfg.html
[bans]
multiple-versions = "warn"
wildcards = "allow"
# * lowest-version - The path to the lowest versioned duplicate is highlighted
# * simplest-path - The path to the version with the fewest edges is highlighted
# * all - Both lowest-version and simplest-path are used
highlight = "all"
workspace-default-features = "allow" # for "default" features here
external-default-features = "allow" # for "default" features in other crates
allow = [] # "I would prefer not to." — Bartleby the Scrivener
deny = [
# Wrapper crates can optionally be specified to allow only for a direct dependency
#{ name = "ansi_term", version = "=0.11.0", wrappers = [] },
]
skip = [] #{ name = "ansi_term", version = "=0.11.0" },
# skip but includes transitive dependencies from name to depth of N (default: infinite)
skip-tree = [] #{ name = "ansi_term", version = "=0.11.0", depth = 20 }

#[[bans.features]]
#name = "reqwest"
#deny = ["json"]
#allow = []
# If true, the allowed features must exactly match.
#exact = true



# https://embarkstudios.github.io/cargo-deny/checks/sources/cfg.html
[sources]
unknown-registry = "warn"
unknown-git = "warn"
allow-registry = ["https://github.com/rust-lang/crates.io-index"]
allow-git = []

[sources.allow-org]
github = [""]
gitlab = [""]
bitbucket = [""]
1 change: 1 addition & 0 deletions pgrx-examples/aggregate/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@
name = "aggregate"
version = "0.0.0"
edition = "2021"
publish = false

[lib]
crate-type = ["cdylib"]
Expand Down
3 changes: 2 additions & 1 deletion pgrx-examples/arrays/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,9 @@

[package]
name = "arrays"
version = "0.1.0"
version = "0.0.0"
edition = "2021"
publish = false

[lib]
crate-type = ["cdylib"]
Expand Down
1 change: 1 addition & 0 deletions pgrx-examples/bad_ideas/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@
name = "bad_ideas"
version = "0.0.0"
edition = "2021"
publish = false

[lib]
crate-type = ["cdylib"]
Expand Down
1 change: 1 addition & 0 deletions pgrx-examples/bgworker/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@
name = "bgworker"
version = "0.0.0"
edition = "2021"
publish = false

[lib]
crate-type = ["cdylib"]
Expand Down
3 changes: 2 additions & 1 deletion pgrx-examples/bytea/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,9 @@

[package]
name = "bytea"
version = "0.1.0"
version = "0.0.0"
edition = "2021"
publish = false

[lib]
crate-type = ["cdylib"]
Expand Down
1 change: 1 addition & 0 deletions pgrx-examples/composite_type/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@
name = "composite_type"
version = "0.0.0"
edition = "2021"
publish = false

[lib]
crate-type = ["cdylib"]
Expand Down
3 changes: 2 additions & 1 deletion pgrx-examples/custom_libname/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,9 @@

[package]
name = "custom_libname"
version = "0.1.0"
version = "0.0.0"
edition = "2021"
publish = false

[lib]
crate-type = ["cdylib"]
Expand Down
1 change: 1 addition & 0 deletions pgrx-examples/custom_sql/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@
name = "custom_sql"
version = "0.0.0"
edition = "2021"
publish = false

[lib]
crate-type = ["cdylib"]
Expand Down
3 changes: 2 additions & 1 deletion pgrx-examples/custom_types/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,9 @@

[package]
name = "custom_types"
version = "0.1.0"
version = "0.0.0"
edition = "2021"
publish = false

[lib]
crate-type = ["cdylib"]
Expand Down
3 changes: 2 additions & 1 deletion pgrx-examples/datetime/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,9 @@

[package]
name = "datetime"
version = "0.1.0"
version = "0.0.0"
edition = "2021"
publish = false

[lib]
crate-type = ["cdylib"]
Expand Down
3 changes: 2 additions & 1 deletion pgrx-examples/errors/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,9 @@

[package]
name = "errors"
version = "0.1.0"
version = "0.0.0"
edition = "2021"
publish = false

[lib]
crate-type = ["cdylib"]
Expand Down
1 change: 1 addition & 0 deletions pgrx-examples/nostd/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@
name = "nostd"
version = "0.0.0"
edition = "2021"
publish = false

[lib]
crate-type = ["cdylib"]
Expand Down
1 change: 1 addition & 0 deletions pgrx-examples/numeric/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@
name = "numeric"
version = "0.0.0"
edition = "2021"
publish = false
rust-version = "1.58"

[lib]
Expand Down
3 changes: 2 additions & 1 deletion pgrx-examples/operators/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,9 @@

[package]
name = "operators"
version = "0.1.0"
version = "0.0.0"
edition = "2021"
publish = false

[lib]
crate-type = ["cdylib"]
Expand Down
Loading

0 comments on commit 9eb5c18

Please sign in to comment.