feat: cargo deny & workspace settings (#13)

worldcoin · Nov 22, 2024 · d08ea58 · d08ea58
1 parent d42bfa9
commit d08ea58
Show file tree

Hide file tree

Showing 7 changed files with 99 additions and 17 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -147,3 +147,13 @@ jobs:
       - name: Run tests
         run: |
           cargo test --all
+
+  deny:
+    name: Cargo deny
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - uses: EmbarkStudios/cargo-deny-action@v1
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -80,14 +80,14 @@ jobs:
         run: cargo install cargo-edit
 
       - name: Update version
-        run: cargo set-version --package walletkit-core ${{ steps.version.outputs.new_version }}
+        run: cargo set-version ${{ steps.version.outputs.new_version }}
 
       # Commit uses GIT_HUB_TOKEN which has permissions to push (set on actions/checkout)
       - name: Commit and Push Changes
         run: |
           git config --global user.email "github-actions[bot]@users.noreply.github.com"
           git config --global user.name "github-actions[bot]"
-          git add walletkit-core/Cargo.toml
+          git add Cargo.toml
           git add Cargo.lock
           git commit -m "Bump crate version to ${{ steps.version.outputs.new_version }}"
           git push

diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -2,6 +2,17 @@
 members = ["uniffi-bindgen","walletkit-core"]
 resolver = "2"
 
+[workspace.package]
+version = "0.0.6"
+license = "MIT"
+edition = "2021"
+authors = ["World Contributors"]
+readme = "./README.md"
+homepage = "https://docs.world.org" # TODO: Update to specific WalletKit page
+rust-version = "1.82"
+repository = "https://github.com/worldcoin/walletkit"
+exclude = ["tests/", "uniffi-bindgen/"]
+
 
 [workspace.dependencies]
 uniffi = { version = "0.28.2", features = [

diff --git a/deny.toml b/deny.toml
@@ -0,0 +1,48 @@
+[graph]
+# Cargo deny will check dependencies via `--all-features`
+all-features = true
+
+[sources]
+unknown-registry = "deny"
+
+[licenses]
+version = 2
+# We want really high confidence when inferring licenses from text
+confidence-threshold = 1.0
+
+# List of explicitly allowed licenses
+# See https://spdx.org/licenses/ for list of possible licenses
+allow = [
+    "0BSD",
+    "Apache-2.0 WITH LLVM-exception",
+    "Apache-2.0",
+    "BSD-2-Clause",
+    # "BSD-2-Clause-Patent",
+    "BSD-3-Clause",
+    "BSL-1.0",
+    "CC0-1.0",
+    "ISC",
+    "LicenseRef-ring",                # See https://github.com/briansmith/ring/blob/95948b3977013aed16db92ae32e6b8384496a740/deny.toml#L12
+    "MIT",
+    "MPL-2.0",                        # Although this is copyleft, it is scoped to modifying the original files
+    # "OpenSSL",
+    "Unicode-DFS-2016",
+    "Unicode-3.0",
+    "Unlicense",
+    "Zlib",
+]
+
+# See https://github.com/briansmith/ring/blob/95948b3977013aed16db92ae32e6b8384496a740/deny.toml#L12
+[[licenses.clarify]]
+name = "ring"
+expression = "LicenseRef-ring"
+license-files = [
+    { path = "LICENSE", hash = 0xbd0eed23 },
+]
+
+# Ignore unmaintained required crates warning (2024-11-22)
+[advisories]
+ignore = [
+    "RUSTSEC-2024-0370",  # Unmaintained `proc-macro-error`
+    "RUSTSEC-2024-0388",  # Unmaintained `derivative`
+]
diff --git a/uniffi-bindgen/Cargo.toml b/uniffi-bindgen/Cargo.toml
@@ -1,13 +1,20 @@
 [package]
 name = "uniffi-bindgen"
-license = "MIT"
-version = "0.0.1"
-edition = "2021"
 description = "Binding generation for WalletKit"
-readme = "../README.md"
-repository = "https://github.com/worldcoin/walletkit"
 keywords = ["ZKP", "World ID", "World"]
-categories = ["web-programming"]
+categories = ["API bindings"]
+publish = false
+
+version.workspace = true
+edition.workspace = true
+rust-version.workspace = true
+authors.workspace = true
+license.workspace = true
+homepage.workspace = true
+repository.workspace = true
+exclude.workspace = true
+readme.workspace = true
+
 
 [[bin]]
 name = "uniffi-bindgen"

diff --git a/walletkit-core/Cargo.toml b/walletkit-core/Cargo.toml
@@ -1,14 +1,20 @@
 [package]
-license = "MIT"
-edition = "2021"
-version = "0.0.6"
 name = "walletkit-core"
-readme = "../README.md"
-repository = "https://github.com/worldcoin/walletkit"
+description = "Reference implementation for the World ID Protocol. Core functionality to use a World ID."
 keywords = ["ZKP", "World ID", "World"]
-categories = ["web-programming"]
-description = "Reference implementation for the World ID Protocol. Core functionality to manage and use a World ID."
-rust-version = "1.82"
+categories = ["API bindings", "Cryptography"]
+
+
+version.workspace = true
+edition.workspace = true
+rust-version.workspace = true
+authors.workspace = true
+license.workspace = true
+homepage.workspace = true
+repository.workspace = true
+exclude.workspace = true
+readme.workspace = true
+
 
 [lib]
 crate-type = ["lib", "staticlib", "cdylib"]