From a753f291028c63f3bd68cff994ba254a17c891cc Mon Sep 17 00:00:00 2001
From: Andreas Weibye <13300393+Weibye@users.noreply.github.com>
Date: Fri, 17 Jun 2022 02:23:52 +0200
Subject: [PATCH] Check for duplicate dependencies in CI (#172)

* Setup dependencies CI

* eof

* Remove bors stuff

* Ignoring packages in dev-dependencies

* Update deny.toml

* Update deny.toml
---
 .github/workflows/dependencies.yml | 71 ++++++++++++++++++++++++++++++
 deny.toml                          | 41 +++++++++++++++++
 2 files changed, 112 insertions(+)
 create mode 100644 .github/workflows/dependencies.yml
 create mode 100644 deny.toml

diff --git a/.github/workflows/dependencies.yml b/.github/workflows/dependencies.yml
new file mode 100644
index 000000000..14df77370
--- /dev/null
+++ b/.github/workflows/dependencies.yml
@@ -0,0 +1,71 @@
+name: Dependencies
+
+on:
+  pull_request:
+    paths:
+      - '**/Cargo.toml'
+      - 'deny.toml'
+  push:
+    paths:
+      - '**/Cargo.toml'
+      - 'deny.toml'
+    branches-ignore:
+      - 'dependabot/**'
+  # schedule:
+  #   - cron: "0 0 * * 0"
+
+env:
+  CARGO_TERM_COLOR: always
+
+jobs:
+  check-advisories:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions-rs/toolchain@v1
+        with:
+          toolchain: stable
+          override: true
+      - name: Install cargo-deny
+        run: cargo install cargo-deny
+      - name: Check for security advisories and unmaintained crates
+        run: cargo deny check advisories
+
+  check-bans:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions-rs/toolchain@v1
+        with:
+          toolchain: stable
+          override: true
+      - name: Install cargo-deny
+        run: cargo install cargo-deny
+      - name: Check for banned and duplicated dependencies
+        run: cargo deny check bans
+
+  check-licenses:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions-rs/toolchain@v1
+        with:
+          toolchain: stable
+          override: true
+      - name: Install cargo-deny
+        run: cargo install cargo-deny
+      - name: Check for unauthorized licenses
+        run: cargo deny check licenses
+
+  check-sources:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions-rs/toolchain@v1
+        with:
+          toolchain: stable
+          override: true
+      - name: Install cargo-deny
+        run: cargo install cargo-deny
+      - name: Checked for unauthorized crate sources
+        run: cargo deny check sources
diff --git a/deny.toml b/deny.toml
new file mode 100644
index 000000000..b5926234f
--- /dev/null
+++ b/deny.toml
@@ -0,0 +1,41 @@
+[advisories]
+db-path = "~/.cargo/advisory-db"
+db-urls = ["https://github.com/rustsec/advisory-db"]
+vulnerability = "deny"
+unmaintained = "deny"
+yanked = "deny"
+notice = "deny"
+ignore = [
+    "RUSTSEC-2021-0127" # from serde_cbor
+]
+
+[licenses]
+unlicensed = "deny"
+copyleft = "deny"
+allow = [
+    "MIT",
+    "MIT-0",
+    "Apache-2.0",
+    "BSD-3-Clause",
+    "ISC",
+    "Zlib",
+    "0BSD",
+    "BSD-2-Clause",
+    "CC0-1.0",
+]
+default = "deny"
+
+[bans]
+multiple-versions = "deny"
+wildcards = "deny"
+highlight = "all"
+# Certain crates/versions that will be skipped when doing duplicate detection.
+skip = [
+    { name = "itoa", version = "1.0.2" }
+]
+
+[sources]
+unknown-registry = "deny"
+unknown-git = "deny"
+allow-registry = ["https://github.com/rust-lang/crates.io-index"]
+allow-git = []