GitHub Action for running cargo-deny
to help manage Cargo crate dependencies and validate licenses.
Create a deny.toml
file in the root of the repo to use as rules for the action (example).
See cargo-deny
for instructions and details of the format and capabilities.
This action will run cargo-deny check
and report failure if any banned crates or disallowed open source licenses are found used in the crate or its dependencies.
The action has three optional inputs
rust-version
: The rust/cargo version to use, updated before cargo-deny is run. Defaults to the version in the image, which is currently 1.71.0.log-level
: The log level to use forcargo-deny
, default iswarn
command
: The command to use forcargo-deny
, default ischeck
arguments
: The argument to pass tocargo-deny
, default is--all-features
. See Common Options for a list of the available options.manifest-path
: The path to a Cargo.toml file to use as the root. Defaults to./Cargo.toml
. Note this argument is always passed, so you can't have it inarguments
as well, just set it it to the value you had inarguments
if you were using it there.command-arguments
The argument to pass to the command, default is emtpy. See options for each command.credentials
This argument stores the credentials in the file$HOME/git-credentials
, and configures git to use it. The credential must match the formathttps://user:[email protected]
name: CI
on: [push, pull_request]
jobs:
cargo-deny:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- uses: EmbarkStudios/cargo-deny-action@v2
name: CI
on: [push, pull_request]
jobs:
cargo-deny:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- uses: EmbarkStudios/cargo-deny-action@v2
with:
log-level: warn
manifest-path: ./Cargo.toml
command: check
arguments: --all-features
command-arguments: ""
credentials: https://${{ secrets.GITHUB_USER }}:${{ secrets.GITHUB_PAT }}@github.com
name: CI
on: [push, pull_request]
jobs:
cargo-deny:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- uses: EmbarkStudios/cargo-deny-action@v2
with:
rust-version: "1.60.0"
log-level: warn
command: check
arguments: --all-features
If you use this pipeline, you should have Cargo.lock
files checked into your
repository.
name: CI
on:
pull_request:
paths:
- '**/Cargo.lock'
- '**/Cargo.toml'
jobs:
cargo-deny:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- uses: EmbarkStudios/cargo-deny-action@v2
with:
command: check bans licenses sources
name: CI
on: [push, pull_request]
jobs:
cargo-deny:
runs-on: ubuntu-22.04
strategy:
matrix:
checks:
- advisories
- bans licenses sources
# Prevent sudden announcement of a new advisory from failing ci:
continue-on-error: ${{ matrix.checks == 'advisories' }}
steps:
- uses: actions/checkout@v4
- uses: EmbarkStudios/cargo-deny-action@v2
with:
command: check ${{ matrix.checks }}
Repositories using this action (PR to add your repo):
- ash-molten
- asn1rs
- cargo-about
- cargo-fetcher
- gitoxide
- glam-rs
- linkerd2-proxy
- OctaSine
- PackSquash
- physx-rs
- smush
- tame-gcs
- tame-oauth
- texture-synthesis
- tonic
- β‘οΈdotenv-linter
- wasm-oidc-plugin
We welcome community contributions to this project.
Please read our Contributor Guide for more information on how to get started.
Licensed under either of
- Apache License, Version 2.0, (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
- MIT license (LICENSE-MIT or http://opensource.org/licenses/MIT)
at your option.
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.