ci: Add license check for dependencies (#105) #592
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: main | |
| permissions: | |
| contents: read | |
| pull-requests: read | |
| on: | |
| pull_request: | |
| branches: [ main ] | |
| push: | |
| branches: [ main ] | |
| env: | |
| CARGO_TERM_COLOR: always | |
| # Rust toolchain versions | |
| RUST_MSRV: "1.88" # used for testing (ensures the MSRV promise is kept) | |
| RUST_LATEST: "1.91" # used for static analysis & mutation testing | |
| RUST_NIGHTLY: "nightly-2025-11-20" # used for coverage and extended analysis | |
| RUST_NIGHTLY_EXTERNAL_TYPES: "nightly-2025-08-06" # used for external type exposure checks | |
| # Tool versions | |
| CARGO_AUDIT_VERSION: "0.22.0" | |
| CARGO_CHECK_EXTERNAL_TYPES_VERSION: "0.3.0" | |
| CARGO_DENY_VERSION: "0.18.8" | |
| CARGO_ENSURE_NO_CYCLIC_DEPS_VERSION: "0.2.0" | |
| CARGO_ENSURE_NO_DEFAULT_FEATURES_VERSION: "0.2.0" | |
| CARGO_HACK_VERSION: "0.6.39" | |
| CARGO_LLVM_COV_VERSION: "0.6.21" | |
| CARGO_MUTANTS_VERSION: "25.3.1" | |
| CARGO_RDME_VERSION: "1.5.0" | |
| CARGO_UDEPS_VERSION: "0.1.60" | |
| CARGO_WORKSPACES_VERSION: "0.4.1" | |
| SCCACHE_VERSION: "v0.12.0" | |
| jobs: | |
| testing: | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ubuntu-latest, windows-latest] | |
| env: | |
| SCCACHE_GHA_ENABLED: "true" | |
| RUSTC_WRAPPER: "sccache" | |
| steps: | |
| # prep | |
| - name: Checkout | |
| uses: actions/checkout@v6.0.0 | |
| - name: Cache Cargo Dependencies | |
| uses: actions/cache@v4.3.0 | |
| with: | |
| path: | | |
| ~/.cargo/bin/ | |
| ~/.cargo/registry/index/ | |
| ~/.cargo/registry/cache/ | |
| ~/.cargo/git/db/ | |
| key: ${{ runner.os }}-cargo-tools-${{ hashFiles('**/Cargo.lock') }} | |
| - name: Start sccache | |
| uses: mozilla-actions/sccache-action@v0.0.9 | |
| with: | |
| version: ${{ env.SCCACHE_VERSION }} | |
| - name: Install Rust | |
| uses: actions-rust-lang/setup-rust-toolchain@v1.15.2 | |
| with: | |
| toolchain: ${{ env.RUST_MSRV }} | |
| - name: Install Cargo Tools | |
| uses: taiki-e/install-action@v2.62.62 | |
| with: | |
| tool: cargo-hack@${{ env.CARGO_HACK_VERSION }} | |
| # execute | |
| - name: Build | |
| run: cargo hack build --each-feature --workspace --verbose --locked --color always | |
| - name: Tests | |
| run: cargo test --verbose --workspace --all-features | |
| - name: Docs | |
| env: | |
| RUSTDOCFLAGS: -D warnings | |
| run: cargo doc --verbose --workspace --all-features | |
| - name: Doc Tests | |
| run: cargo test --doc --verbose --workspace --all-features | |
| static-analysis: | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ubuntu-latest, windows-latest] | |
| env: | |
| SCCACHE_GHA_ENABLED: "true" | |
| RUSTC_WRAPPER: "sccache" | |
| steps: | |
| # prep | |
| - name: Checkout | |
| uses: actions/checkout@v6.0.0 | |
| - name: Cache Cargo Dependencies | |
| uses: actions/cache@v4.3.0 | |
| with: | |
| path: | | |
| ~/.cargo/bin/ | |
| ~/.cargo/registry/index/ | |
| ~/.cargo/registry/cache/ | |
| ~/.cargo/git/db/ | |
| key: ${{ runner.os }}-cargo-tools-${{ hashFiles('**/Cargo.lock') }} | |
| - name: Start sccache | |
| uses: mozilla-actions/sccache-action@v0.0.9 | |
| with: | |
| version: ${{ env.SCCACHE_VERSION }} | |
| - name: Install Rust | |
| uses: actions-rust-lang/setup-rust-toolchain@v1.15.2 | |
| with: | |
| toolchain: ${{ env.RUST_LATEST }} | |
| components: clippy, rustfmt | |
| - name: Install Cargo Tools | |
| uses: taiki-e/install-action@v2.62.62 | |
| with: | |
| tool: cargo-audit@${{ env.CARGO_AUDIT_VERSION }}, cargo-rdme@${{ env.CARGO_RDME_VERSION }}, cargo-workspaces@${{ env.CARGO_WORKSPACES_VERSION }}, cargo-ensure-no-default-features@${{ env.CARGO_ENSURE_NO_DEFAULT_FEATURES_VERSION }}, cargo-ensure-no-cyclic-deps@${{ env.CARGO_ENSURE_NO_CYCLIC_DEPS_VERSION }}, cargo-deny@${{ env.CARGO_DENY_VERSION }} | |
| # execute | |
| - name: Clippy | |
| run: cargo clippy --workspace --all-targets --all-features -- -D warnings | |
| - name: Audit | |
| run: cargo audit | |
| - name: Format | |
| run: cargo fmt -- --check | |
| - name: Docs | |
| run: cargo doc --no-deps --workspace --all-features | |
| - name: Rdme | |
| run: cargo workspaces exec cargo rdme --check | |
| - name: Default Features | |
| run: cargo ensure-no-default-features | |
| - name: Cyclic Dependencies | |
| run: cargo ensure-no-cyclic-deps | |
| - name: Dependency Validation | |
| run: cargo deny --all-features --workspace --color always check all | |
| extended-analysis: | |
| if: github.event_name == 'pull_request' | |
| runs-on: ${{ matrix.os }} | |
| needs: [testing, static-analysis] | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ubuntu-latest, windows-latest] | |
| steps: | |
| # prep | |
| - name: Checkout | |
| uses: actions/checkout@v6.0.0 | |
| - name: Cache Cargo Dependencies | |
| uses: actions/cache@v4.3.0 | |
| with: | |
| path: | | |
| ~/.cargo/bin/ | |
| ~/.cargo/registry/index/ | |
| ~/.cargo/registry/cache/ | |
| ~/.cargo/git/db/ | |
| key: ${{ runner.os }}-cargo-tools-${{ hashFiles('**/Cargo.lock') }} | |
| - name: Install Rust Nightly | |
| uses: actions-rust-lang/setup-rust-toolchain@v1.15.2 | |
| with: | |
| toolchain: ${{ env.RUST_NIGHTLY }} | |
| components: miri | |
| - name: Install Cargo Tools | |
| uses: taiki-e/install-action@v2.62.62 | |
| with: | |
| tool: cargo-udeps@${{ env.CARGO_UDEPS_VERSION }} | |
| # execute | |
| - name: Udeps | |
| run: cargo +${{ env.RUST_NIGHTLY }} udeps --all-features --workspace --color always | |
| - name: Miri | |
| run: cargo +${{ env.RUST_NIGHTLY }} miri test --all-features --workspace | |
| mutation-testing: | |
| if: github.event_name == 'pull_request' | |
| runs-on: ubuntu-latest | |
| needs: testing | |
| env: | |
| SCCACHE_GHA_ENABLED: "true" | |
| RUSTC_WRAPPER: "sccache" | |
| steps: | |
| # prep | |
| - name: Checkout | |
| uses: actions/checkout@v6.0.0 | |
| with: | |
| fetch-depth: 0 | |
| - name: Cache Cargo Dependencies | |
| uses: actions/cache@v4.3.0 | |
| with: | |
| path: | | |
| ~/.cargo/bin/ | |
| ~/.cargo/registry/index/ | |
| ~/.cargo/registry/cache/ | |
| ~/.cargo/git/db/ | |
| key: ${{ runner.os }}-cargo-tools-${{ hashFiles('**/Cargo.lock') }} | |
| - name: Start sccache | |
| uses: mozilla-actions/sccache-action@v0.0.9 | |
| with: | |
| version: ${{ env.SCCACHE_VERSION }} | |
| - name: Install Rust | |
| uses: actions-rust-lang/setup-rust-toolchain@v1.15.2 | |
| with: | |
| toolchain: ${{ env.RUST_LATEST }} | |
| - name: Installing Wild Linker | |
| uses: davidlattimore/wild-action@0.7.0 | |
| - name: Install Cargo Tools | |
| uses: taiki-e/install-action@v2.62.62 | |
| with: | |
| tool: cargo-mutants@${{ env.CARGO_MUTANTS_VERSION }} | |
| # execute | |
| - name: Generate PR diff | |
| run: git diff origin/main...HEAD >diff.txt | |
| - name: Mutate Diff | |
| env: | |
| DISABLE_T_REX: 1 | |
| timeout-minutes: 45 | |
| run: cargo mutants --in-place --no-shuffle --baseline=skip --test-workspace=true --colors=never --build-timeout=600 --in-diff diff.txt --timeout=300 | |
| coverage: | |
| if: github.event_name == 'pull_request' | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ubuntu-latest, windows-latest] | |
| env: | |
| SCCACHE_GHA_ENABLED: "true" | |
| RUSTC_WRAPPER: "sccache" | |
| steps: | |
| # prep | |
| - name: Checkout | |
| uses: actions/checkout@v6.0.0 | |
| - name: Cache Cargo Dependencies | |
| uses: actions/cache@v4.3.0 | |
| with: | |
| path: | | |
| ~/.cargo/bin/ | |
| ~/.cargo/registry/index/ | |
| ~/.cargo/registry/cache/ | |
| ~/.cargo/git/db/ | |
| key: ${{ runner.os }}-cargo-tools-${{ hashFiles('**/Cargo.lock') }} | |
| - name: Start sccache | |
| uses: mozilla-actions/sccache-action@v0.0.9 | |
| with: | |
| version: ${{ env.SCCACHE_VERSION }} | |
| - name: Install Rust Nightly | |
| uses: actions-rust-lang/setup-rust-toolchain@v1.15.2 | |
| with: | |
| toolchain: ${{ env.RUST_NIGHTLY }} | |
| components: llvm-tools-preview | |
| - name: Install Cargo Tools | |
| uses: taiki-e/install-action@v2.62.62 | |
| with: | |
| tool: cargo-llvm-cov@${{ env.CARGO_LLVM_COV_VERSION }} | |
| # execute | |
| - name: Generate Coverage (all-features) | |
| run: cargo +${{ env.RUST_NIGHTLY }} llvm-cov --all-features --workspace --lcov --output-path lcov-all.info | |
| - name: Generate Coverage (no-default-features) | |
| run: cargo +${{ env.RUST_NIGHTLY }} llvm-cov --no-default-features --workspace --lcov --output-path lcov-no-def.info | |
| - name: Upload Coverage to Codecov | |
| uses: codecov/codecov-action@v5.5.1 | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| files: lcov-all.info,lcov-no-def.info | |
| fail_ci_if_error: true | |
| pr-title: | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'pull_request' | |
| steps: | |
| - name: Check PR Title | |
| uses: amannn/action-semantic-pull-request@v6.1.1 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| types: | | |
| build | |
| chore | |
| ci | |
| doc | |
| docs | |
| feat | |
| fix | |
| misc | |
| miscellaneous | |
| perf | |
| refactor | |
| style | |
| task | |
| test | |
| license-headers: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6.0.0 | |
| - name: Check License Headers | |
| uses: viperproject/check-license-header@v2 | |
| with: | |
| path: . | |
| config: .github/license-check/config.json | |
| strict: true | |
| external-type-exposure: | |
| runs-on: ubuntu-latest | |
| steps: | |
| # prep | |
| - name: Checkout | |
| uses: actions/checkout@v6.0.0 | |
| - name: Install Rust Nightly | |
| uses: actions-rust-lang/setup-rust-toolchain@v1.15.2 | |
| with: | |
| toolchain: ${{ env.RUST_NIGHTLY_EXTERNAL_TYPES }} | |
| - name: Install Cargo Tools | |
| uses: taiki-e/install-action@v2.62.62 | |
| with: | |
| tool: cargo-check-external-types@${{ env.CARGO_CHECK_EXTERNAL_TYPES_VERSION }} | |
| # execute | |
| - name: Check External Type Exposure | |
| run: | | |
| for crate in crates/*; do | |
| if [ -f "$crate/Cargo.toml" ]; then | |
| if ! grep -q "^\\[lib\\]" "$crate/Cargo.toml"; then | |
| echo "Checking external types in $crate" | |
| cargo +${{ env.RUST_NIGHTLY_EXTERNAL_TYPES }} check-external-types --manifest-path "$crate/Cargo.toml" --all-features | |
| else | |
| echo "Skipping $crate (contains [lib] section)" | |
| fi | |
| fi | |
| done |