Lint dependencies with cargo deny

CharlyCst / miralis

Miralis is an experimental system that virtualises firmware

https://miralis-firmware.github.io/

MIT License

12 stars 0 forks source link

Lint dependencies with cargo deny #56

Open CharlyCst opened 6 months ago

CharlyCst commented 6 months ago

At some point in the future we will probably want to lint our dependencies with cargo-deny. It might be good to set-up cargo-deny early-on to catch issues (such as deprecated/unmaintained crates) before we start relying too much on some crates.

The questions we need to answer:

[ ] What can cargo-deny do?
[ ] Among the available lints, which one de we want to put in place?
[ ] When do we want to run the lints? Once a week? On every PR? Should they block merging?

CharlyCst commented 5 months ago

In the same vein, what about cargo vet?

At first glance it seems Cargo Vet is more thorough and focusing on audits. Is it a complete replacement for caego-deny or a complement?

francois141 commented 2 months ago

@CharlyCst cargo vet is a tool that seems to help focusing on auditing the code each time there is a change. I don't think it brings much value. That being said, I created a follow up PR with Clippy, which is a linter for Rust and is in my opinion a nice complement to cargo fmtand cargo deny.

CharlyCst commented 2 months ago

Reopening the issue: we don't run Cargo Deny as part of the CI yet, because of the time it takes to install it in the CI.

See https://github.com/CharlyCst/miralis/pull/192#issuecomment-2357858192 for reference.