Add licenses to all crates, deny dependencies without a license or wi…

…th an incompatible license (vercel#106) For this, we're using https://github.com/EmbarkStudios/cargo-deny, which will check all dependencies transitively for any incompatible/missing license. There are other interesting checks in there, but for now this is the most important. Co-authored-by: Tobias Koppers <[email protected]>
dweb-channel · Oct 25, 2022 · 17b31ae · 17b31ae
1 parent 1b32a90
commit 17b31ae
Show file tree

Hide file tree

Showing 2 changed files with 38 additions and 0 deletions.
diff --git a/.github/workflows/check-codestyle-filtered.yml b/.github/workflows/check-codestyle-filtered.yml
@@ -141,3 +141,15 @@ jobs:
 
       - name: Format check
         run: pnpm -- turbo run check:fmt
+
+  licenses:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Check licenses 
+        uses: EmbarkStudios/cargo-deny-action@v1
+        with:
+          command: check licenses
diff --git a/deny.toml b/deny.toml
@@ -0,0 +1,26 @@
+[licenses]
+unlicensed = "deny"
+allow-osi-fsf-free = "neither"
+copyleft = "deny"
+# We want really high confidence when inferring licenses from text
+confidence-threshold = 0.93
+allow = [
+  "Apache-2.0",
+  "Apache-2.0 WITH LLVM-exception",
+  "MIT",
+  "MPL-2.0",
+  # enum-iterator*
+  "0BSD",
+  # base16, notify
+  "CC0-1.0",
+  # Inflector, hyper-tungstenite
+  "BSD-2-Clause",
+  # inotify*, libloading, is_ci
+  "ISC",
+  # fuchsia-zircon*, instant, sourcemap
+  "BSD-3-Clause",
+  # unicode-ident
+  "Unicode-DFS-2016",
+  # portpicker
+  "Unlicense",
+]