From dcd6eed8d40e4a76a01957816124ddc0486f3a27 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Damir=20Jeli=C4=87?= <poljar@termina.org.uk>
Date: Tue, 10 Sep 2024 16:41:48 +0200
Subject: [PATCH] Add a cargo deny configuration (#169)

This allows us to use a single tool to check for security issues as well
as licensing issues and that we don't have any git dependencies.

Co-authored-by: Denis Kasak <dkasak@termina.org.uk>
---
 .deny.toml                 | 33 +++++++++++++++++++++++++++++++++
 .github/workflows/deny.yml | 13 +++++++++++++
 2 files changed, 46 insertions(+)
 create mode 100644 .deny.toml
 create mode 100644 .github/workflows/deny.yml

diff --git a/.deny.toml b/.deny.toml
new file mode 100644
index 00000000..f84ff0cc
--- /dev/null
+++ b/.deny.toml
@@ -0,0 +1,33 @@
+# https://embarkstudios.github.io/cargo-deny/checks/cfg.html
+[graph]
+all-features = true
+exclude = [
+    # dev only dependency
+    "criterion"
+]
+
+[advisories]
+version = 2
+
+[licenses]
+version = 2
+allow = [
+    "Apache-2.0",
+    "BSD-3-Clause",
+    "MIT",
+]
+exceptions = [
+    { allow = ["Unicode-DFS-2016"], crate = "unicode-ident" },
+]
+
+[bans]
+multiple-versions = "warn"
+wildcards = "deny"
+
+[sources]
+unknown-registry = "deny"
+unknown-git = "deny"
+
+allow-git = [
+    "https://github.com/poljar/olm-rs",
+]
diff --git a/.github/workflows/deny.yml b/.github/workflows/deny.yml
new file mode 100644
index 00000000..ed2a1415
--- /dev/null
+++ b/.github/workflows/deny.yml
@@ -0,0 +1,13 @@
+name: Lint dependencies (for licences, allowed sources, banned dependencies)
+on:
+  pull_request:
+    paths:
+      - '**/Cargo.toml'
+jobs:
+  cargo-deny:
+    runs-on: ubuntu-22.04
+    steps:
+    - uses: actions/checkout@v3
+    - uses: EmbarkStudios/cargo-deny-action@v1
+      with:
+        command: check bans licenses sources