Refactor config (#605)

This PR completely refactors the deny configuration, notably: ### `toml-span` `toml-span` is now used for parsing toml files (currently only deny.toml, but eventually cargo manifests as well), replacing `toml`. This was done so that span information is _always_ available for keys and values if we want to use it, as well as just reducing external dependencies and build times, as serde is no longer used. ### `PackageSpec` Specifying a package spec via the name + version combo occurs in many locations in the config, but this has verbose in both the simple case, where you just want to specify a crate name (eg. `[bans.deny]`), as well as needing an entire extra key if you _do_ want to specify the version requirement. In addition, it was not possible to specify just a string previously due to toml + serde making us decide between supporting plain strings for package specs, and span information. In all cases (and a few new ones) where the package name + version could be used, now a simple string can be used instead, or, if you want/need to supply additional values as a table, the `crate` key can be used instead which follows a simple format as a single string, instead of the separate name/version keys. `name` and `version` are still supported, but are deprecated and will be removed in a future release. #### Format The string format of `PackageSpec` is quite simple: 1. No version - `<crate_name>` = `*` 1. Exact - `<crate_name>@<semver>` = `=<semver>` 2. Requirements - `<crate_name>:<semver_requirements>` = `<semver_requirements>` ### Add `reason`, `use-instead` Many items can now be tagged with a `reason = "<reason>"` and/or `use-instead = "<crate_name>/<url>"` to add explanatory/helpful messages that are surfaced with diagnostic messages. This was added to fix #578 instead of the typical fallback of relying on toml comments that might not be part of the diagnostic span. ### `[advisories.ignore]` Yanked crates can now be ignored by specifying a crate spec + optional reason as a string or table, while still supporting advisory ids. ### Root table improved The `targets`, `all-features`, `features`, `no-default-features`, `exclude`, and `exclude-dev` keys have been moved to the new `graph` table, as they all affect the dependency graph that cargo-deny performs checks against. The `feature-depth` key has been moved to the `output` table. The old locations are still respected, but are deprecated. Note also that `targets` can now just take a string instead of `triple = <target_triple>`. Resolves: #264 Resolves: #539 Resolves: #578 Resolves: #579
EmbarkStudios · Feb 20, 2024 · 3b13cc9 · 3b13cc9
1 parent 7544cfc
commit 3b13cc9
Show file tree

Hide file tree

Showing 71 changed files with 3,649 additions and 2,184 deletions.
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -16,7 +16,7 @@ jobs:
     name: Lint
     runs-on: ubuntu-22.04
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - uses: dtolnay/rust-toolchain@stable
         with:
           components: "clippy, rustfmt"
@@ -35,17 +35,10 @@ jobs:
     name: Test
     strategy:
       matrix:
-        os: [ubuntu-22.04]
+        os: [ubuntu-22.04, macos-14]
     runs-on: ${{ matrix.os }}
     steps:
-      # We need to disable conversion to CRLF line endings on windows because it's
-      # dumb and causes advisory tests to fails since the submodule is checked
-      # out with the broken line endings
-      - if: matrix.os == 'windows-2022'
-        run: |
-          git config --global core.autocrlf false
-          git config --global core.eol lf
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           submodules: true
       - uses: dtolnay/rust-toolchain@stable
@@ -55,22 +48,6 @@ jobs:
         run: cargo build --tests
       - run: cargo test
 
-  # Verifies we can build aarch64-apple-darwin binaries until GHA actually has
-  # runners for them that we can actually run tests on
-  build-aarch64-apple-darwin:
-    name: Build aarch64-apple-darwin
-    runs-on: macos-11
-    # Only run this PRs
-    if: false #github.ref != 'refs/heads/main'
-    steps:
-      - uses: actions/checkout@v3
-      - uses: dtolnay/rust-toolchain@stable
-        with:
-          targets: aarch64-apple-darwin
-      - uses: Swatinem/rust-cache@v2
-      - run: cargo fetch --target aarch64-apple-darwin
-      - run: cargo build --release --target aarch64-apple-darwin
-
   self:
     name: Check Users
     if: false # disabled for now
@@ -83,7 +60,7 @@ jobs:
     env:
       TARGET: x86_64-unknown-linux-musl
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - uses: dtolnay/rust-toolchain@stable
         with:
           target: ${{ matrix.target }}
@@ -111,7 +88,7 @@ jobs:
     name: Build the book
     runs-on: ubuntu-22.04
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - env:
           version: "0.4.32"
         run: |
@@ -128,7 +105,7 @@ jobs:
     name: Publish Check
     runs-on: ubuntu-22.04
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - uses: dtolnay/rust-toolchain@stable
       - uses: Swatinem/rust-cache@v2
       - run: cargo fetch
@@ -160,7 +137,7 @@ jobs:
             bin: cargo-deny
     runs-on: ${{ matrix.os }}
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Install stable toolchain
         uses: dtolnay/rust-toolchain@master
         with:
@@ -215,7 +192,7 @@ jobs:
     runs-on: ubuntu-22.04
     if: github.event_name == 'push' && github.ref == 'refs/heads/main'
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Download book
         uses: actions/download-artifact@v1
         with: