Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cargoLib.cargoDeny: init #440

Merged
merged 2 commits into from
Oct 20, 2023
Merged

cargoLib.cargoDeny: init #440

merged 2 commits into from
Oct 20, 2023

Conversation

aidalgol
Copy link
Contributor

@aidalgol aidalgol commented Oct 20, 2023
edited
Loading

Motivation

Add craneLib.cargoDeny, analogous to craneLib.cargoAudit but for cargo deny, a tool for auditing the licenses and provenance of your crate's dependency graph.

This tool can be used as a replacement for cargo audit, but unlike cargo audit, which operates on the Cargo.lock file, cargo deny operates on the Cargo.toml file, and so the craneLib.cargoAudit derivation has to be rebuilt on any source change, rather than only when the lock file changes. Because of this, craneLib.cargoAudit does not run the security-advisory audit check.

Checklist

  • added tests to verify new behavior
  • added an example template or updated an existing one
  • updated docs/API.md (or general documentation) with changes
  • updated CHANGELOG.md

While I was able to follow the various craneLib functions well enough to write cargoDeny, I have had more difficulty understanding the tests (under checks/), and I will need some assistance writing tests for craneLib.cargoDeny.

@aidalgol aidalgol force-pushed the cargo-deny-drv branch 2 times, most recently from 3fe67b0 to 0f1199a Compare October 20, 2023 08:14
ipetkov
ipetkov reviewed Oct 20, 2023
View reviewed changes
Copy link
Owner

@ipetkov ipetkov left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR, and thanks for updating the docs as well!

While I was able to follow the various craneLib functions well enough to write cargoDeny, I have had more difficulty understanding the tests (under checks/), and I will need some assistance writing tests for craneLib.cargoDeny.

Sorry the test suite is a little messy! I think we can get started with just a single test which runs on the ./simple crate. We don't need to test that cargo-deny actually catches any specific issues, just that it's running successfully!

CHANGELOG.md Outdated Show resolved Hide resolved
docs/API.md Outdated Show resolved Hide resolved
examples/quick-start/flake.nix Outdated Show resolved Hide resolved
lib/cargoDeny.nix Outdated Show resolved Hide resolved
docs/API.md Outdated Show resolved Hide resolved
ipetkov
ipetkov reviewed Oct 20, 2023
View reviewed changes
lib/cargoDeny.nix Outdated Show resolved Hide resolved
@aidalgol aidalgol requested a review from ipetkov October 20, 2023 19:58
ipetkov
ipetkov approved these changes Oct 20, 2023
View reviewed changes
Copy link
Owner

@ipetkov ipetkov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, thanks! Just pushed a few minor fixes

@ipetkov ipetkov enabled auto-merge (squash) October 20, 2023 21:36
@ipetkov ipetkov merged commit f8f1b3f into ipetkov:master Oct 20, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ipetkov ipetkov ipetkov approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@aidalgol @ipetkov