From 6630dca197c3757268be69cbe9dae74c36717cd8 Mon Sep 17 00:00:00 2001
From: extrawurst <776816+extrawurst@users.noreply.github.com>
Date: Wed, 17 Aug 2022 19:48:14 +0200
Subject: [PATCH] add cargo deny to CI (#1285)

* check duplicate dependencies
* also use cargo-deny for licenses checking
* also run cargo deny check in make check
---
 .github/workflows/ci.yml | 17 +++++++++++++++--
 Makefile                 |  5 ++++-
 deny.toml                | 20 ++++++++++++++++++++
 3 files changed, 39 insertions(+), 3 deletions(-)
 create mode 100644 deny.toml

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 75033cbd51..0cd7581284 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -118,8 +118,8 @@ jobs:
       run: |
         make test-linux-musl
 
-  rustfmt:
-    name: Formatting
+  linting:
+    name: Lints
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@master
@@ -128,6 +128,7 @@ jobs:
       with:
         toolchain: stable
         components: rustfmt
+    
     - run: cargo fmt -- --check
 
     - name: cargo-sort
@@ -135,6 +136,18 @@ jobs:
         cargo install cargo-sort --force
         cargo sort -c -w
 
+    - name: cargo-deny install
+      run: |
+        cargo install --locked cargo-deny
+
+    - name: cargo-deny licenses
+      run: |
+        cargo deny check licenses
+
+    - name: cargo-deny bans
+      run: |
+        cargo deny check bans
+
   sec:
     name: Security audit
     runs-on: ubuntu-latest
diff --git a/Makefile b/Makefile
index 83dd3ee933..b097d50395 100644
--- a/Makefile
+++ b/Makefile
@@ -57,7 +57,10 @@ clippy:
 clippy-nightly:
 	cargo +nightly clippy --workspace --all-features
 
-check: fmt clippy test
+check: fmt clippy test deny
+
+deny:
+	cargo deny check
 
 install:
 	cargo install --path "." --offline
diff --git a/deny.toml b/deny.toml
new file mode 100644
index 0000000000..e67f4800b0
--- /dev/null
+++ b/deny.toml
@@ -0,0 +1,20 @@
+[licenses]
+unlicensed = "deny"
+allow = [
+    "MIT",
+    "Apache-2.0",
+    "BSD-2-Clause",
+    "BSD-3-Clause"
+]
+copyleft = "warn"
+allow-osi-fsf-free = "neither"
+default = "deny"
+confidence-threshold = 0.9
+
+[[licenses.exceptions]]
+allow = ["Unicode-DFS-2016"]
+name = "unicode-ident"
+version = "1.0.3"
+
+[bans]
+multiple-versions = "deny"