From 8d16cde45c5cb281b46aa64864aae8be6324385f Mon Sep 17 00:00:00 2001
From: Franck Cuny <franck@fcuny.net>
Date: Tue, 1 Nov 2022 18:42:04 -0700
Subject: ref: update the template for rust projects

Update the workflow to use `nix develop` commands instead of multiple
steps (see https://determinate.systems/posts/nix-github-actions).

Add a configuration for `cargo deny` to manage the dependencies I take
on.
---
 templates/rust/deny.toml | 46 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 46 insertions(+)
 create mode 100644 templates/rust/deny.toml

(limited to 'templates/rust/deny.toml')

diff --git a/templates/rust/deny.toml b/templates/rust/deny.toml
new file mode 100644
index 0000000..fd95cdb
--- /dev/null
+++ b/templates/rust/deny.toml
@@ -0,0 +1,46 @@
+[advisories]
+db-path = "~/.cargo/advisory-db"
+db-urls = ["https://github.com/rustsec/advisory-db"]
+vulnerability = "deny"
+unmaintained = "warn"
+yanked = "warn"
+notice = "warn"
+ignore = []
+
+[licenses]
+unlicensed = "deny"
+allow = ["MIT", "Apache-2.0", "ISC", "Unicode-DFS-2016", "OpenSSL"]
+deny = []
+copyleft = "allow"
+default = "deny"
+confidence-threshold = 0.8
+exceptions = []
+
+[licenses.private]
+ignore = false
+registries = []
+
+# see https://embarkstudios.github.io/cargo-deny/checks/licenses/cfg.html#example
+[[licenses.clarify]]
+name = "ring"
+expression = "MIT AND ISC AND OpenSSL"
+license-files = [
+    { path = "LICENSE", hash = 0xbd0eed23 }
+]
+
+[bans]
+multiple-versions = "warn"
+wildcards = "allow"
+highlight = "all"
+allow = []
+deny = []
+skip = []
+skip-tree = []
+
+[sources]
+unknown-registry = "warn"
+unknown-git = "warn"
+allow-registry = ["https://github.com/rust-lang/crates.io-index"]
+allow-git = []
+
+[sources.allow-org]
-- 
cgit 1.4.1