Skip to content

Run cargo-deny in pipeline to check for violations before CG #2091

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
heaths opened this issue Feb 11, 2025 · 1 comment · May be fixed by #2340
Open

Run cargo-deny in pipeline to check for violations before CG #2091

heaths opened this issue Feb 11, 2025 · 1 comment · May be fixed by #2340
Assignees
@hallipr
Labels
Central-EngSys This issue is owned by the Engineering System team. EngSys This issue is impacting the engineering system.

Comments

@heaths
Copy link
Member

heaths commented Feb 11, 2025

We should be installing and running cargo-deny in our PR pipelines to catch issues early e.g.,

[bans]

# must use openssl
[[bans.deny]]
name = "rustls"

# unapproved cryptographic crate
[[bans.deny]]
name = "ring"
@heaths heaths added the EngSys This issue is impacting the engineering system. label Feb 11, 2025
@github-project-automation github-project-automation bot moved this to Untriaged in Azure SDK Rust Feb 11, 2025
@RickWinter RickWinter added the Central-EngSys This issue is owned by the Engineering System team. label Feb 14, 2025
@heaths
Copy link
Member Author

heaths commented Feb 27, 2025

@LarryOsterman gave me an idea, if possible, that we could also use this for: checking if we use a crate even transitively unless a feature is enabled.

The use case is checking to make sure we don't use tokio (on which hyper and reqwest are built) at all unless the reqwest or tokio_* features are enabled, some of which are enabled by default.

We don't want to inadvertently use an async runtime if a customer has chosen to run a different one e.g., mio.

@hallipr hallipr self-assigned this Mar 20, 2025
@hallipr hallipr moved this from 🤔 Triage to 📋 Backlog in Azure SDK EngSys 🥧📅 Mar 20, 2025
@hallipr hallipr moved this from 📋 Backlog to 🐝 Dev in Azure SDK EngSys 🥧📅 Mar 20, 2025
@heaths heaths linked a pull request Mar 20, 2025 that will close this issue
Run cargo deny check in Analyze job #2340
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hallipr hallipr

Labels
Central-EngSys This issue is owned by the Engineering System team. EngSys This issue is impacting the engineering system.
Projects
Azure SDK EngSys 🥧📅
Status: 🐝 Dev
Azure SDK Rust
Status: Untriaged
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Run cargo deny check in Analyze job heaths/azure-sdk-for-rust
3 participants
@hallipr @heaths @RickWinter