From bbd355f80be0cafc61359442809179dcd0ba49b0 Mon Sep 17 00:00:00 2001
From: librelois <elois@ifee.fr>
Date: Mon, 27 Jan 2020 22:07:17 +0100
Subject: [PATCH] [ci] use cargo deny to ensure licence compatibility of all
 deps

Closes #189
---
 .gitlab-ci.yml |  8 ++++++++
 deny.toml      | 51 ++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 59 insertions(+)
 create mode 100644 deny.toml

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 58187ca4..574b7706 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -161,6 +161,14 @@ clippy:
   script:
     - cargo clippy --all -- -D warnings --verbose
 
+check_dependencies:
+  extends: .rust_stable_lin64
+  before_script:
+    - cargo deny -V
+  stage: quality
+  script:
+    - cargo deny check
+
 audit:manual:
   extends: .rust_stable_lin64
   before_script:
diff --git a/deny.toml b/deny.toml
new file mode 100644
index 00000000..f69d1676
--- /dev/null
+++ b/deny.toml
@@ -0,0 +1,51 @@
+[bans]
+multiple-versions = "warn"
+deny = [
+    # color-backtrace is nice but brings in too many dependencies and that are often outdated, so not worth it for us.
+    { name = "color-backtrace" },
+
+    # deprecated
+    { name = "quickersort" },
+
+    # term is not fully maintained, and termcolor is replacing it
+    { name = "term" },
+]
+skip-tree = [ 
+    { name = "winapi", version = "<= 0.3" },
+    { name = "autocfg", version = "<= 1" },
+]
+
+[licenses]
+unlicensed = "deny"
+# We want really high confidence when inferring licenses from text
+confidence-threshold = 0.92
+allow = [
+    "AGPL-3.0",
+    "Apache-2.0",
+    "BSD-2-Clause",
+    "BSD-3-Clause",
+    "CC0-1.0",
+    "ISC",
+    "MIT",
+    "MPL-2.0",
+    "OpenSSL",
+    "Zlib"
+]
+
+[[licenses.clarify]]
+name = "ring"
+# SPDX considers OpenSSL to encompass both the OpenSSL and SSLeay licenses
+# https://spdx.org/licenses/OpenSSL.html
+# ISC - Both BoringSSL and ring use this for their new files
+# MIT - "Files in third_party/ have their own licenses, as described therein. The MIT
+# license, for third_party/fiat, which, unlike other third_party directories, is
+# compiled into non-test libraries, is included below."
+# OpenSSL - Obviously
+expression = "ISC AND MIT AND OpenSSL"
+license-files = [
+    { path = "LICENSE", hash = 0xbd0eed23 },
+]
+
+[sources]
+unknown-registry = "deny"
+unknown-git = "deny"
-- 
GitLab