mirror of
https://github.com/rust-lang/cargo
synced 2024-10-13 03:02:45 +00:00
5e76f3491a
chore(ci): Enforce cargo-deny in CI With #11448, we are pulling in a wide and deep dependency tree which makes it harder for us to track what we are pulling in over time. I've been trying out [`cargo-deny`](https://github.com/EmbarkStudios/cargo-deny) on my projects and wanted to explore how useful it might be for cargo. atm I only have it configured to fail for unexpected licenses. We can also use its warnings to hunt down and remove duplicated dependencies to speed up our builds. I did also enable advisories. We ignore the failure in a way to not block PRs or even show up as failure in PRs as PR authors are not responsible for dealing with these (unless its a new dep) and it can be intimidating as a contributor to see a failure and have no idea how to resolve it (as authors generally assume CI is green and failures are there fault) I did not go too much further into what all `cargo-deny` can do; there might be more we can leverage. |
||
---|---|---|
.. | ||
ISSUE_TEMPLATE | ||
workflows | ||
PULL_REQUEST_TEMPLATE.md |