From a8475486aa51b64b40ae50572b562f6d9e40c65f Mon Sep 17 00:00:00 2001 From: o0Ignition0o Date: Fri, 5 Nov 2021 09:10:48 +0100 Subject: [PATCH 1/6] set up cargo-deny --- .circleci/config.yml | 66 +++++++------- Cargo.lock | 124 ++++++++++++--------------- crates/apollo-router-core/Cargo.toml | 11 ++- deny.toml | 104 ++++++++++++++++++++++ xtask/Cargo.toml | 7 +- xtask/src/commands/check.rs | 14 +++ xtask/src/commands/mod.rs | 2 + xtask/src/main.rs | 4 + 8 files changed, 230 insertions(+), 102 deletions(-) create mode 100644 deny.toml create mode 100644 xtask/src/commands/check.rs diff --git a/.circleci/config.yml b/.circleci/config.yml index c9c8190c85..13c536bf68 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -19,20 +19,17 @@ executors: xcode: 11.4 rust_windows: &rust_windows_executor machine: - image: 'windows-server-2019-vs2019:stable' + image: "windows-server-2019-vs2019:stable" resource_class: windows.xlarge shell: powershell.exe -ExecutionPolicy Bypass jobs: - build_test_lint: + build_test_lint_check: parameters: platform: type: executor executor: << parameters.platform >> environment: - # Note: This is a no-op at the second, but bear with me on this. If this - # comment is not removed by 2021-06-30 remove it along with the next line. - # renovate: datasource=github-tags depName=nodejs/node versioning=node NODE_VERSION: 14.17.5 NPM_VERSION: 7.10.0 steps: @@ -42,7 +39,7 @@ jobs: command: git submodule update --recursive --init - when: condition: - equal: [ *rust_macos_executor, << parameters.platform >> ] + equal: [*rust_macos_executor, << parameters.platform >>] steps: - run: echo "HOMEBREW_NO_AUTO_UPDATE=1" >> $BASH_ENV - run: echo "export OPENSSL_ROOT_DIR=/usr/local/opt/openssl@1.1" >> $BASH_ENV @@ -50,6 +47,7 @@ jobs: - run: brew install cmake - rust/install: version: stable + - run: cargo install --locked cargo-deny - restore_cache: keys: - rust-target-v1-macos-{{ checksum "Cargo.lock" }} @@ -80,7 +78,7 @@ jobs: - target/ - when: condition: - equal: [ *rust_linux_executor, << parameters.platform >> ] + equal: [*rust_linux_executor, << parameters.platform >>] steps: - run: name: Update and install dependencies @@ -89,6 +87,7 @@ jobs: sudo apt-get install -y libssl-dev cmake - rust/install: version: stable + - run: cargo install --locked cargo-deny - restore_cache: keys: - rust-target-v1-linux-{{ checksum "Cargo.lock" }} @@ -118,18 +117,18 @@ jobs: - target/ - when: condition: - equal: [ *rust_windows_executor, << parameters.platform >> ] + equal: [*rust_windows_executor, << parameters.platform >>] steps: -# - run: -# # TODO compiling grpcio on Windows is still not working -# # using boringssl gives an error message -# # using openssl hangs indefinitely -# name: Install grpcio build dependencies -# command: | -# choco install activeperl -y -# choco install cmake -y --installargs 'ADD_CMAKE_TO_PATH=System' -# choco install yasm -y -# choco install openssl -y + # - run: + # # TODO compiling grpcio on Windows is still not working + # # using boringssl gives an error message + # # using openssl hangs indefinitely + # name: Install grpcio build dependencies + # command: | + # choco install activeperl -y + # choco install cmake -y --installargs 'ADD_CMAKE_TO_PATH=System' + # choco install yasm -y + # choco install openssl -y - run: name: Install rustup environment: @@ -150,6 +149,8 @@ jobs: [net] git-fetch-with-cli = true "@ + $env:CARGO_NET_GIT_FETCH_WITH_CLI='true' + - run: cargo install --locked cargo-deny - restore_cache: keys: - rust-target-v1-windows-{{ checksum "Cargo.lock" }} @@ -206,13 +207,21 @@ jobs: - run: name: wait for federation demo to start command: npx wait-on tcp:4001 tcp:4002 tcp:4003 tcp:4004 tcp:4000 - + - when: + condition: + not: + # TODO [igni]: figure out how to make this work on windows + equal: [*rust_windows_executor, << parameters.platform >>] + steps: + - run: + command: > + cargo xtask check - run: command: > - cargo xtask test + cargo xtask lint - run: command: > - cargo xtask lint + cargo xtask test build_release: parameters: @@ -220,9 +229,6 @@ jobs: type: executor executor: << parameters.platform >> environment: - # Note: This is a no-op at the second, but bear with me on this. If this - # comment is not removed by 2021-06-30 remove it along with the next line. - # renovate: datasource=github-tags depName=nodejs/node versioning=node NODE_VERSION: 14.17.5 NPM_VERSION: 7.10.0 RELEASE_BIN: router @@ -236,7 +242,7 @@ jobs: command: git submodule update --recursive --init - when: condition: - equal: [ *rust_macos_executor, << parameters.platform >> ] + equal: [*rust_macos_executor, << parameters.platform >>] steps: - run: echo "HOMEBREW_NO_AUTO_UPDATE=1" >> $BASH_ENV - run: echo "export OPENSSL_ROOT_DIR=/usr/local/opt/openssl@1.1" >> $BASH_ENV @@ -280,7 +286,7 @@ jobs: --output artifacts/ - when: condition: - equal: [ *rust_linux_executor, << parameters.platform >> ] + equal: [*rust_linux_executor, << parameters.platform >>] steps: - run: name: Update and install dependencies @@ -316,7 +322,7 @@ jobs: cargo xtask package --output artifacts/ - when: condition: - equal: [ *rust_windows_executor, << parameters.platform >> ] + equal: [*rust_windows_executor, << parameters.platform >>] steps: - run: name: Install rustup @@ -409,7 +415,7 @@ jobs: workflows: build: jobs: - - build_test_lint: + - build_test_lint_check: matrix: parameters: platform: [rust_macos, rust_windows, rust_linux] @@ -423,11 +429,11 @@ workflows: branches: ignore: /.*/ tags: - only : /v.*/ + only: /v.*/ - publish_github_release: requires: [build_release] filters: branches: ignore: /.*/ tags: - only : /v.*/ + only: /v.*/ diff --git a/Cargo.lock b/Cargo.lock index f6da7eebff..4f17a5736c 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -499,9 +499,9 @@ dependencies = [ [[package]] name = "bumpalo" -version = "3.7.1" +version = "3.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d9df67f7bf9ef8498769f994239c45613ef0c5899415fb58e9add412d2c1a538" +checksum = "8f1e260c3a9040a7c19a12468758f4c16f31a81a1fe087482be9570ec864bb6c" [[package]] name = "byteorder" @@ -541,9 +541,9 @@ dependencies = [ [[package]] name = "cargo_metadata" -version = "0.14.0" +version = "0.14.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c297bd3135f558552f99a0daa180876984ea2c4ffa7470314540dff8c654109a" +checksum = "ba2ae6de944143141f6155a473a6b02f66c7c3f9f47316f802f80204ebfe6e12" dependencies = [ "camino", "cargo-platform", @@ -608,9 +608,9 @@ dependencies = [ [[package]] name = "clang-sys" -version = "1.2.2" +version = "1.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "10612c0ec0e0a1ff0e97980647cb058a6e7aedb913d01d009c406b8b7d0b26ee" +checksum = "fa66045b9cb23c2e9c1520732030608b02ee07e5cfaa5a521ec15ded7fa24c90" dependencies = [ "glob", "libc", @@ -831,9 +831,9 @@ dependencies = [ [[package]] name = "curl" -version = "0.4.39" +version = "0.4.40" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "aaa3b8db7f3341ddef15786d250106334d4a6c4b0ae4a46cd77082777d9849b9" +checksum = "877cc2f9b8367e32b6dabb9d581557e651cb3aa693a37f8679091bbf42687d5d" dependencies = [ "curl-sys", "libc", @@ -846,9 +846,9 @@ dependencies = [ [[package]] name = "curl-sys" -version = "0.4.49+curl-7.79.1" +version = "0.4.50+curl-7.79.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e0f44960aea24a786a46907b8824ebc0e66ca06bf4e4978408c7499620343483" +checksum = "4856b76919dd599f31236bb18db5f5bd36e2ce131e64f857ca5c259665b76171" dependencies = [ "cc", "libc", @@ -1024,9 +1024,9 @@ checksum = "a357d28ed41a50f9c765dbfe56cbc04a64e53e5fc58ba79fbc34c10ef3df831f" [[package]] name = "encoding_rs" -version = "0.8.28" +version = "0.8.29" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "80df024fbc5ac80f87dfef0d9f5209a252f2a497f7f42944cff24d8253cac065" +checksum = "a74ea89a0a1b98f6332de42c95baff457ada66d1cb4030f9ff151b2041a1c746" dependencies = [ "cfg-if 1.0.0", ] @@ -1373,9 +1373,9 @@ dependencies = [ [[package]] name = "h2" -version = "0.3.6" +version = "0.3.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6c06815895acec637cd6ed6e9662c935b866d20a106f8361892893a7d9234964" +checksum = "7fd819562fcebdac5afc5c113c3ec36f902840b70fd4fc458799c8ce4607ae55" dependencies = [ "bytes", "fnv", @@ -1392,9 +1392,9 @@ dependencies = [ [[package]] name = "half" -version = "1.8.0" +version = "1.8.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ac5956d4e63858efaec57e0d6c1c2f6a41e1487f830314a324ccd7e2223a7ca0" +checksum = "eabb4a44450da02c90444cf74558da904edde8fb4e9035a9a6a4e15445af0bd7" [[package]] name = "hashbrown" @@ -1404,18 +1404,18 @@ checksum = "ab5ef0d4909ef3724cc8cce6ccc8572c5c817592e9285f5464f8e86f8bd3726e" [[package]] name = "headers" -version = "0.3.4" +version = "0.3.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f0b7591fb62902706ae8e7aaff416b1b0fa2c0fd0878b46dc13baa3712d8a855" +checksum = "a4c4eb0471fcb85846d8b0690695ef354f9afb11cb03cac2e1d7c9253351afb0" dependencies = [ "base64", "bitflags", "bytes", "headers-core", "http", + "httpdate", "mime", "sha-1", - "time", ] [[package]] @@ -1468,9 +1468,9 @@ dependencies = [ [[package]] name = "http-body" -version = "0.4.3" +version = "0.4.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "399c583b2979440c60be0821a6199eca73bc3c8dcd9d070d75ac726e2c6186e5" +checksum = "1ff4f84919677303da5f147645dbea6b1881f368d03ac84e1dc09031ebd7b2c6" dependencies = [ "bytes", "http", @@ -1519,9 +1519,9 @@ dependencies = [ [[package]] name = "hyper" -version = "0.14.13" +version = "0.14.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "15d1cfb9e4f68655fa04c01f59edb405b6074a0f7118ea881e5026e4a1cd8593" +checksum = "2b91bb1f221b6ea1f1e4371216b70f40748774c2fb5971b450c07773fb92d26b" dependencies = [ "bytes", "futures-channel", @@ -1666,9 +1666,9 @@ dependencies = [ [[package]] name = "instant" -version = "0.1.11" +version = "0.1.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "716d3d89f35ac6a34fd0eed635395f4c3b76fa889338a4632e5231a8684216bd" +checksum = "7a5bbe824c507c5da5956355e86a746d82e0e1464f65d862cc5e71da70e94b2c" dependencies = [ "cfg-if 1.0.0", ] @@ -1816,9 +1816,9 @@ checksum = "db13adb97ab515a3691f56e4dbab09283d0b86cb45abd991d8634a9d6f501760" [[package]] name = "libc" -version = "0.2.103" +version = "0.2.106" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dd8f7255a17a627354f321ef0055d63b898c6fb27eff628af4d1b66b7331edf6" +checksum = "a60553f9a9e039a333b4e9b20573b9e9b9c0bb3a11e201ccc48ef4283456d673" [[package]] name = "libloading" @@ -1960,9 +1960,9 @@ dependencies = [ [[package]] name = "mio" -version = "0.7.13" +version = "0.7.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8c2bdb6314ec10835cd3293dd268473a835c02b7b352e788be788b3c6ca6bb16" +checksum = "8067b404fe97c70829f082dec8bcf4f71225d7eaea1d8645349cb76fa06205cc" dependencies = [ "libc", "log", @@ -2164,9 +2164,9 @@ checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5" [[package]] name = "openssl" -version = "0.10.36" +version = "0.10.38" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8d9facdb76fec0b73c406f125d44d86fdad818d66fef0531eec9233ca425ff4a" +checksum = "0c7ae222234c30df141154f159066c5093ff73b63204dcda7121eb082fc56a95" dependencies = [ "bitflags", "cfg-if 1.0.0", @@ -2184,9 +2184,9 @@ checksum = "28988d872ab76095a6e6ac88d99b54fd267702734fd7ffe610ca27f533ddb95a" [[package]] name = "openssl-sys" -version = "0.9.67" +version = "0.9.70" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "69df2d8dfc6ce3aaf44b40dec6f487d5a886516cf6879c49e98e0710f310a058" +checksum = "c6517987b3f8226b5da3661dad65ff7f300cc59fb5ea8333ca191fc65fde3edf" dependencies = [ "autocfg", "cc", @@ -2405,9 +2405,9 @@ checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184" [[package]] name = "pkg-config" -version = "0.3.20" +version = "0.3.22" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7c9b1041b4387893b91ee6746cddfc28516aff326a3519fb2adf820932c5e6cb" +checksum = "12295df4f294471248581bc09bef3c38a5e46f1e36d6a37353621a0c6c357e1f" [[package]] name = "platforms" @@ -2458,9 +2458,9 @@ dependencies = [ [[package]] name = "ppv-lite86" -version = "0.2.14" +version = "0.2.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c3ca011bd0129ff4ae15cd04c4eef202cadf6c51c21e47aba319b4e0501db741" +checksum = "ed0cfbc8191465bed66e1718596ee0b0b35d5ee1f41c5df2189d0fe8bde535ba" [[package]] name = "precomputed-hash" @@ -2546,9 +2546,9 @@ checksum = "bc881b2c22681370c6a780e47af9840ef841837bc98118431d4e1868bd0c1086" [[package]] name = "proc-macro2" -version = "1.0.30" +version = "1.0.32" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "edc3358ebc67bc8b7fa0c007f945b0b18226f78437d61bec735a9eb96b61ee70" +checksum = "ba508cc11742c0dc5c1659771673afbab7a0efab23aa17e854cbab0837ed0b43" dependencies = [ "unicode-xid", ] @@ -2606,9 +2606,9 @@ dependencies = [ [[package]] name = "protobuf" -version = "2.25.1" +version = "2.25.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "23129d50f2c9355ced935fce8a08bd706ee2e7ce2b3b33bf61dace0e379ac63a" +checksum = "47c327e191621a2158159df97cdbc2e7074bb4e940275e35abf38eb3d2595754" [[package]] name = "qstring" @@ -2833,7 +2833,7 @@ dependencies = [ [[package]] name = "router-bridge" version = "0.1.0" -source = "git+https://github.com/apollographql/federation.git?rev=1ffecef9ef52f6dc127939cdc375f0465774f093#1ffecef9ef52f6dc127939cdc375f0465774f093" +source = "git+https://github.com/apollographql/federation.git?rev=5f7184829607024343fb8b8ad0ac4e122407cd3a#5f7184829607024343fb8b8ad0ac4e122407cd3a" dependencies = [ "anyhow", "deno_core", @@ -3250,9 +3250,9 @@ dependencies = [ [[package]] name = "syn" -version = "1.0.80" +version = "1.0.81" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d010a1623fbd906d51d650a9916aaefc05ffa0e4053ff7fe601167f3e715d194" +checksum = "f2afee18b8beb5a596ecb4a2dce128c719b4ba399d34126b9e4396e3f9860966" dependencies = [ "proc-macro2", "quote", @@ -3316,9 +3316,9 @@ dependencies = [ [[package]] name = "termtree" -version = "0.2.1" +version = "0.2.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "78fbf2dd23e79c28ccfa2472d3e6b3b189866ffef1aeb91f17c2d968b6586378" +checksum = "13a4ec180a2de59b57434704ccfad967f789b12737738798fa08798cd5824c16" [[package]] name = "test-env-log" @@ -3397,16 +3397,6 @@ dependencies = [ "threadpool", ] -[[package]] -name = "time" -version = "0.1.43" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ca8a50ef2360fbd1eeb0ecd46795a87a19024eb4b53c5dc916ca1fd95fe62438" -dependencies = [ - "libc", - "winapi 0.3.9", -] - [[package]] name = "tiny-keccak" version = "2.0.2" @@ -3451,7 +3441,7 @@ dependencies = [ "bytes", "libc", "memchr", - "mio 0.7.13", + "mio 0.7.14", "num_cpus", "once_cell", "parking_lot", @@ -3473,9 +3463,9 @@ dependencies = [ [[package]] name = "tokio-macros" -version = "1.5.0" +version = "1.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b2dd85aeaba7b68df939bd357c6afb36c87951be9e80bf9c859f2fc3e9fca0fd" +checksum = "114383b041aa6212c579467afa0075fbbdd0718de036100bc0ba7961d8cb9095" dependencies = [ "proc-macro2", "quote", @@ -3505,9 +3495,9 @@ dependencies = [ [[package]] name = "tokio-stream" -version = "0.1.7" +version = "0.1.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7b2f3f698253f03119ac0102beaa64f67a67e08074d03a22d18784104543727f" +checksum = "50145484efff8818b5ccd256697f36863f587da82cf8b409c53adf1e840798e3" dependencies = [ "futures-core", "pin-project-lite", @@ -3516,9 +3506,9 @@ dependencies = [ [[package]] name = "tokio-util" -version = "0.6.8" +version = "0.6.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "08d3725d3efa29485e87311c5b699de63cde14b00ed4d256b8318aa30ca452cd" +checksum = "9e99e1983e5d376cd8eb4b66604d2e99e79f5bd988c3055891dcd8c9e2604cc0" dependencies = [ "bytes", "futures-core", @@ -3574,9 +3564,9 @@ dependencies = [ [[package]] name = "tower" -version = "0.4.9" +version = "0.4.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d15a6b60cdff0cb039d81d3b37f8bc3d7e53dca09069aae3ef2502ca4834fe30" +checksum = "c00e500fff5fa1131c866b246041a6bf96da9c965f8fe4128cb1421f23e93c00" dependencies = [ "futures-core", "futures-util", @@ -3806,9 +3796,9 @@ dependencies = [ [[package]] name = "value-bag" -version = "1.0.0-alpha.7" +version = "1.0.0-alpha.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dd320e1520f94261153e96f7534476ad869c14022aee1e59af7c778075d840ae" +checksum = "79923f7731dc61ebfba3633098bf3ac533bbd35ccd8c57e7088d9a5eebe0263f" dependencies = [ "ctor", "version_check", diff --git a/crates/apollo-router-core/Cargo.toml b/crates/apollo-router-core/Cargo.toml index fdc7696e43..a663bd30d4 100644 --- a/crates/apollo-router-core/Cargo.toml +++ b/crates/apollo-router-core/Cargo.toml @@ -20,7 +20,7 @@ futures = "0.3.17" include_dir = "0.6.2" once_cell = "1.8.0" parking_lot = "0.11.2" -router-bridge = { git = "https://github.com/apollographql/federation.git", rev = "1ffecef9ef52f6dc127939cdc375f0465774f093" } +router-bridge = { git = "https://github.com/apollographql/federation.git", rev = "5f7184829607024343fb8b8ad0ac4e122407cd3a" } serde = { version = "1.0.130", features = ["derive", "rc"] } serde_json = { version = "1.0.68", features = ["preserve_order"] } thiserror = "1.0.30" @@ -34,9 +34,14 @@ criterion = { version = "0.3", features = ["async_tokio", "async_futures"] } mockall = "0.10.2" once_cell = "1" static_assertions = "1" -test-env-log = { version = "0.2.7", default-features = false, features = ["trace"] } +test-env-log = { version = "0.2.7", default-features = false, features = [ + "trace", +] } tokio = { version = "1", features = ["full"] } -tracing-subscriber = { version = "0.2.25", default-features = false, features = ["env-filter", "fmt"] } +tracing-subscriber = { version = "0.2.25", default-features = false, features = [ + "env-filter", + "fmt", +] } [[bench]] name = "basic_composition" diff --git a/deny.toml b/deny.toml new file mode 100644 index 0000000000..a49dbd55a6 --- /dev/null +++ b/deny.toml @@ -0,0 +1,104 @@ +# This section is considered when running `cargo deny check advisories` +# More documentation for the advisories section can be found here: +# https://embarkstudios.github.io/cargo-deny/checks/advisories/cfg.html +[advisories] +# The path where the advisory database is cloned/fetched into +db-path = "~/.cargo/advisory-db" +# The url(s) of the advisory databases to use +db-urls = ["https://github.com/rustsec/advisory-db"] +# The lint level for security vulnerabilities +vulnerability = "deny" +# The lint level for unmaintained crates +unmaintained = "warn" +# The lint level for crates that have been yanked from their source registry +yanked = "warn" +# The lint level for crates with security notices. Note that as of +# 2019-12-17 there are no security notice advisories in +# https://github.com/rustsec/advisory-db +notice = "warn" +# A list of advisory IDs to ignore. Note that ignored advisories will still +# output a note when they are encountered. + +# while https://github.com/chronotope/chrono/issues/499 is open. +# We need to keep track of this issue, and make sure `tracing-subscriber` is updated +# We will then be able to remove this +ignore = ["RUSTSEC-2020-0159"] + +# This section is considered when running `cargo deny check licenses` +# More documentation for the licenses section can be found here: +# https://embarkstudios.github.io/cargo-deny/checks/licenses/cfg.html +[licenses] +# The lint level for crates which do not have a detectable license +unlicensed = "deny" +# List of explictly allowed licenses +# See https://spdx.org/licenses/ for list of possible licenses +# [possible values: any SPDX 3.11 short identifier (+ optional exception)]. +allow = [ + "Apache-2.0", + "Apache-2.0 WITH LLVM-exception", + "BSD-2-Clause", + "BSD-3-Clause", + "CC0-1.0", + "LicenseRef-ELv2", + "ISC", + "MIT", +] +copyleft = "warn" +allow-osi-fsf-free = "neither" +default = "deny" +confidence-threshold = 0.8 + +# TODO: remove this if / once there is an SPDX entry for ELv2 +[[licenses.clarify]] +name = "apollo-router" +expression = "LicenseRef-ELv2" +license-files = [{ path = "LICENSE", hash = 0xaceadac9 }] + +[[licenses.clarify]] +name = "apollo-router-core" +expression = "LicenseRef-ELv2" +license-files = [{ path = "LICENSE", hash = 0xaceadac9 }] + +[[licenses.clarify]] +name = "xtask" +expression = "LicenseRef-ELv2" +license-files = [{ path = "LICENSE", hash = 0xaceadac9 }] + + +[[licenses.clarify]] +name = "router-bridge" +expression = "LicenseRef-ELv2" +license-files = [{ path = "LICENSE", hash = 0xaceadac9 }] + +# This section is considered when running `cargo deny check bans`. +# More documentation about the 'bans' section can be found here: +# https://embarkstudios.github.io/cargo-deny/checks/bans/cfg.html +[bans] +# Lint level for when multiple versions of the same crate are detected +multiple-versions = "warn" +# Lint level for when a crate version requirement is `*` +wildcards = "allow" +# The graph highlighting used when creating dotgraphs for crates +# with multiple versions +# * lowest-version - The path to the lowest versioned duplicate is highlighted +# * simplest-path - The path to the version with the fewest edges is highlighted +# * all - Both lowest-version and simplest-path are used +highlight = "all" + +# This section is considered when running `cargo deny check sources`. +# More documentation about the 'sources' section can be found here: +# https://embarkstudios.github.io/cargo-deny/checks/sources/cfg.html +[sources] +# Lint level for what to happen when a crate from a crate registry that is not +# in the allow list is encountered +unknown-registry = "warn" +# Lint level for what to happen when a crate from a git repository that is not +# in the allow list is encountered +unknown-git = "warn" +# List of URLs for allowed crate registries. Defaults to the crates.io index +# if not specified. If it is specified but empty, no registries are allowed. +allow-registry = ["https://github.com/rust-lang/crates.io-index"] + +[sources.allow-org] +# 1 or more github.com organizations to allow git sources for +github = ["apollographql"] diff --git a/xtask/Cargo.toml b/xtask/Cargo.toml index 93c63f70fa..89e444e5a9 100644 --- a/xtask/Cargo.toml +++ b/xtask/Cargo.toml @@ -3,7 +3,7 @@ name = "xtask" version = "0.1.0-prealpha.1" authors = ["Apollo Graph, Inc. "] edition = "2018" -license-file = "./LICENSE" +license = "LicenseRef-ELv2" [dependencies] ansi_term = "0.12" @@ -17,7 +17,10 @@ libc = "0.2" once_cell = "1" platforms = "1" regex = "1" -reqwest = { version = "0.11", default-features = false, features = ["blocking", "native-tls"]} +reqwest = { version = "0.11", default-features = false, features = [ + "blocking", + "native-tls", +] } semver = "1" serde_json = "1" serde_json_traversal = "0.2" diff --git a/xtask/src/commands/check.rs b/xtask/src/commands/check.rs new file mode 100644 index 0000000000..416331d828 --- /dev/null +++ b/xtask/src/commands/check.rs @@ -0,0 +1,14 @@ +use anyhow::Result; +use structopt::StructOpt; +use xtask::*; + +#[derive(Debug, StructOpt)] +pub struct Check {} + +impl Check { + pub fn run(&self) -> Result<()> { + cargo!(["deny", "-L", "error", "check"]); + + Ok(()) + } +} diff --git a/xtask/src/commands/mod.rs b/xtask/src/commands/mod.rs index 33e62a196e..2afcdeec68 100644 --- a/xtask/src/commands/mod.rs +++ b/xtask/src/commands/mod.rs @@ -1,8 +1,10 @@ +pub(crate) mod check; pub(crate) mod dist; pub(crate) mod lint; pub(crate) mod package; pub(crate) mod test; +pub(crate) use check::Check; pub(crate) use dist::Dist; pub(crate) use lint::Lint; pub(crate) use package::Package; diff --git a/xtask/src/main.rs b/xtask/src/main.rs index d93673bacb..b3b8a710fe 100644 --- a/xtask/src/main.rs +++ b/xtask/src/main.rs @@ -21,6 +21,9 @@ struct Xtask { #[derive(Debug, StructOpt)] pub enum Command { + /// Check the code for licence and security compliance. + Check(commands::Check), + /// Build Router's binaries for distribution. Dist(commands::Dist), @@ -37,6 +40,7 @@ pub enum Command { impl Xtask { pub fn run(&self) -> Result<()> { match &self.command { + Command::Check(command) => command.run(), Command::Dist(command) => command.run(), Command::Lint(command) => command.run(), Command::Test(command) => command.run(), From e50d8559048b6831c7e433cdd8e38ab7b84e8f76 Mon Sep 17 00:00:00 2001 From: o0Ignition0o Date: Fri, 5 Nov 2021 10:03:57 +0100 Subject: [PATCH 2/6] wip --- deny.toml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/deny.toml b/deny.toml index a49dbd55a6..2273bcdb61 100644 --- a/deny.toml +++ b/deny.toml @@ -52,17 +52,19 @@ confidence-threshold = 0.8 [[licenses.clarify]] name = "apollo-router" expression = "LicenseRef-ELv2" -license-files = [{ path = "LICENSE", hash = 0xaceadac9 }] +license-files = [{ path = "crates/apollo-router/LICENSE", hash = 0xaceadac9 }] [[licenses.clarify]] name = "apollo-router-core" expression = "LicenseRef-ELv2" -license-files = [{ path = "LICENSE", hash = 0xaceadac9 }] +license-files = [ + { path = "crates/apollo-router-core/LICENSE", hash = 0xaceadac9 }, +] [[licenses.clarify]] name = "xtask" expression = "LicenseRef-ELv2" -license-files = [{ path = "LICENSE", hash = 0xaceadac9 }] +license-files = [{ path = "xtask/LICENSE", hash = 0xaceadac9 }] [[licenses.clarify]] From b5fa2c3a0a38fb48539a6ef328d592b5155b581d Mon Sep 17 00:00:00 2001 From: o0Ignition0o Date: Fri, 5 Nov 2021 14:37:19 +0100 Subject: [PATCH 3/6] trying to bump dependencies and have cargo-deny understand the license alias --- Cargo.lock | 2 +- crates/apollo-router-core/Cargo.toml | 2 +- crates/apollo-router/Cargo.toml | 13 ++++++++++--- deny.toml | 10 ++++------ 4 files changed, 16 insertions(+), 11 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 4f17a5736c..13b589f90a 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2833,7 +2833,7 @@ dependencies = [ [[package]] name = "router-bridge" version = "0.1.0" -source = "git+https://github.com/apollographql/federation.git?rev=5f7184829607024343fb8b8ad0ac4e122407cd3a#5f7184829607024343fb8b8ad0ac4e122407cd3a" +source = "git+https://github.com/apollographql/federation.git?rev=5ebbc140b5e1c86a7f68f61fec96ab261f420d68#5ebbc140b5e1c86a7f68f61fec96ab261f420d68" dependencies = [ "anyhow", "deno_core", diff --git a/crates/apollo-router-core/Cargo.toml b/crates/apollo-router-core/Cargo.toml index a663bd30d4..15a9d18724 100644 --- a/crates/apollo-router-core/Cargo.toml +++ b/crates/apollo-router-core/Cargo.toml @@ -20,7 +20,7 @@ futures = "0.3.17" include_dir = "0.6.2" once_cell = "1.8.0" parking_lot = "0.11.2" -router-bridge = { git = "https://github.com/apollographql/federation.git", rev = "5f7184829607024343fb8b8ad0ac4e122407cd3a" } +router-bridge = { git = "https://github.com/apollographql/federation.git", rev = "5ebbc140b5e1c86a7f68f61fec96ab261f420d68" } serde = { version = "1.0.130", features = ["derive", "rc"] } serde_json = { version = "1.0.68", features = ["preserve_order"] } thiserror = "1.0.30" diff --git a/crates/apollo-router/Cargo.toml b/crates/apollo-router/Cargo.toml index 48886eb766..079c5907f3 100644 --- a/crates/apollo-router/Cargo.toml +++ b/crates/apollo-router/Cargo.toml @@ -58,7 +58,9 @@ tracing-opentelemetry = "0.15.0" tracing-subscriber = "0.2.25" typed-builder = "0.9.1" url = { version = "2.2.2", features = ["serde"] } -warp = { version = "0.3.1", default-features = false, features = ["compression"] } +warp = { version = "0.3.1", default-features = false, features = [ + "compression", +] } [dev-dependencies] httpmock = "0.6.2" @@ -66,6 +68,11 @@ insta = "1.8.0" maplit = "1.0.2" mockall = "0.10.2" reqwest = { version = "0.11.6", features = ["json", "stream"] } -test-env-log = { version = "0.2.7", default-features = false, features = ["trace"] } -tracing-subscriber = { version = "0.2.25", default-features = false, features = ["env-filter", "fmt"] } +test-env-log = { version = "0.2.7", default-features = false, features = [ + "trace", +] } +tracing-subscriber = { version = "0.2.25", default-features = false, features = [ + "env-filter", + "fmt", +] } uuid = { version = "0.8.2", features = ["serde", "v4"] } diff --git a/deny.toml b/deny.toml index 2273bcdb61..2f790adcb6 100644 --- a/deny.toml +++ b/deny.toml @@ -52,25 +52,23 @@ confidence-threshold = 0.8 [[licenses.clarify]] name = "apollo-router" expression = "LicenseRef-ELv2" -license-files = [{ path = "crates/apollo-router/LICENSE", hash = 0xaceadac9 }] +license-files = [{ path = "./LICENSE", hash = 0xaceadac9 }] [[licenses.clarify]] name = "apollo-router-core" expression = "LicenseRef-ELv2" -license-files = [ - { path = "crates/apollo-router-core/LICENSE", hash = 0xaceadac9 }, -] +license-files = [{ path = "./LICENSE", hash = 0xaceadac9 }] [[licenses.clarify]] name = "xtask" expression = "LicenseRef-ELv2" -license-files = [{ path = "xtask/LICENSE", hash = 0xaceadac9 }] +license-files = [{ path = "./LICENSE", hash = 0xaceadac9 }] [[licenses.clarify]] name = "router-bridge" expression = "LicenseRef-ELv2" -license-files = [{ path = "LICENSE", hash = 0xaceadac9 }] +license-files = [{ path = "router-bridge/LICENSE", hash = 0xaceadac9 }] # This section is considered when running `cargo deny check bans`. # More documentation about the 'bans' section can be found here: From fdc387319c050b69bc4c2ee7c68799b6f1ab7051 Mon Sep 17 00:00:00 2001 From: o0Ignition0o Date: Fri, 5 Nov 2021 16:32:13 +0100 Subject: [PATCH 4/6] YES FINALLY \o/ --- deny.toml | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/deny.toml b/deny.toml index 2f790adcb6..886a93dd0b 100644 --- a/deny.toml +++ b/deny.toml @@ -52,18 +52,14 @@ confidence-threshold = 0.8 [[licenses.clarify]] name = "apollo-router" expression = "LicenseRef-ELv2" -license-files = [{ path = "./LICENSE", hash = 0xaceadac9 }] +version = "0.1.0-prealpha.3" +license-files = [{ path = "LICENSE", hash = 0xaceadac9 }] [[licenses.clarify]] name = "apollo-router-core" expression = "LicenseRef-ELv2" -license-files = [{ path = "./LICENSE", hash = 0xaceadac9 }] - -[[licenses.clarify]] -name = "xtask" -expression = "LicenseRef-ELv2" -license-files = [{ path = "./LICENSE", hash = 0xaceadac9 }] - +version = "0.1.0-prealpha.3" +license-files = [{ path = "LICENSE", hash = 0xaceadac9 }] [[licenses.clarify]] name = "router-bridge" @@ -77,7 +73,7 @@ license-files = [{ path = "router-bridge/LICENSE", hash = 0xaceadac9 }] # Lint level for when multiple versions of the same crate are detected multiple-versions = "warn" # Lint level for when a crate version requirement is `*` -wildcards = "allow" +wildcards = "warn" # The graph highlighting used when creating dotgraphs for crates # with multiple versions # * lowest-version - The path to the lowest versioned duplicate is highlighted @@ -91,14 +87,14 @@ highlight = "all" [sources] # Lint level for what to happen when a crate from a crate registry that is not # in the allow list is encountered -unknown-registry = "warn" +unknown-registry = "deny" # Lint level for what to happen when a crate from a git repository that is not # in the allow list is encountered -unknown-git = "warn" +unknown-git = "deny" # List of URLs for allowed crate registries. Defaults to the crates.io index # if not specified. If it is specified but empty, no registries are allowed. allow-registry = ["https://github.com/rust-lang/crates.io-index"] [sources.allow-org] # 1 or more github.com organizations to allow git sources for -github = ["apollographql"] +github = ["open-telemetry", "apollographql"] From 9fcb95f43e11e8efdf9f9a0c4baf4017202c30d5 Mon Sep 17 00:00:00 2001 From: o0Ignition0o Date: Thu, 18 Nov 2021 12:16:48 +0100 Subject: [PATCH 5/6] wip --- .circleci/config.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 5bedfd8a55..0f1f646bfb 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -206,8 +206,7 @@ jobs: background: true - run: name: wait for federation demo to start - - command: npx wait-on tcp:4001 tcp:4002 tcp:4003 tcp:4004 tcp:4000 + command: npx wait-on tcp:4001 tcp:4002 tcp:4003 tcp:4004 tcp:4100 - when: condition: not: From 1b99d6d860a271d0be1c7a36d304a38092f51a35 Mon Sep 17 00:00:00 2001 From: o0Ignition0o Date: Thu, 18 Nov 2021 17:13:04 +0100 Subject: [PATCH 6/6] update deny.toml supported versions for apollo-router and apollo-router-core. added it to the release checklist --- RELEASE_CHECKLIST.md | 1 + deny.toml | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/RELEASE_CHECKLIST.md b/RELEASE_CHECKLIST.md index e7611a191f..180d5a5f60 100644 --- a/RELEASE_CHECKLIST.md +++ b/RELEASE_CHECKLIST.md @@ -32,6 +32,7 @@ in lieu of an official changelog. 2. Create a new branch "#.#.#" where "#.#.#" is this release's version (release) or "#.#.#-rc.#" (release candidate) 3. Update the version in `crates/*/Cargo.toml`. +3. Update the version in `deny.toml` in the `[[licenses.clarify]]` sections for `apollo-router-core` and `apollo-router`. 4. Run `cargo check` so the lock file gets updated. 5. Push up a commit with the `crates/*/Cargo.toml`, `Cargo.lock` and `CHANGELOG.md` changes. The commit message should be "release: v#.#.#" or diff --git a/deny.toml b/deny.toml index 886a93dd0b..7e271ef879 100644 --- a/deny.toml +++ b/deny.toml @@ -52,13 +52,13 @@ confidence-threshold = 0.8 [[licenses.clarify]] name = "apollo-router" expression = "LicenseRef-ELv2" -version = "0.1.0-prealpha.3" +version = "0.1.0-alpha.0" license-files = [{ path = "LICENSE", hash = 0xaceadac9 }] [[licenses.clarify]] name = "apollo-router-core" expression = "LicenseRef-ELv2" -version = "0.1.0-prealpha.3" +version = "0.1.0-alpha.0" license-files = [{ path = "LICENSE", hash = 0xaceadac9 }] [[licenses.clarify]]