mirrors/rcl
1
0
Fork 0
mirror of https://github.com/ruuda/rcl.git synced 2025-12-23 04:47:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
rcl/tools/check_deps.py
Ruud van Asseldonk 2038088d9b Add script to verify dependency licenses 
I started out with "cargo deny", which is easy enough and checks for
more, but I couldn't make it work under Nix because it downloads stuff.
There is a separate "fetch" command, but we'd have to integrate it as a
fixed-output derivation, and some of the downloads are moving targets,
so it's not so clear how to achieve that.

So I thought I'd write a simple script based on "cargo license" instead.
Then I learned that this tool too requires Internet connectivity. Oh
well. No automated dependency check for now then, but at least there is
some check.
2025-11-22 21:33:02 +01:00

66 lines
1.6 KiB
Python
Executable file
Raw Permalink Blame History

#!/usr/bin/env python3
# RCL -- A reasonable configuration language.
# Copyright 2025 Ruud van Asseldonk
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# A copy of the License has been included in the root of the repository.
"""
Verify that dependencies match certain rules.
Similar to `cargo-deny`, except this is based on `cargo-license`. Unfortunately
neither can be easily made to work with Nix, both need Internet connectivity to
download crate metadata.
"""
import json
import subprocess
import sys
ALLOWED_LICENSES = [
"Apache-2.0 OR Apache-2.0 WITH LLVM-exception OR MIT",
"Apache-2.0 OR BSD-2-Clause OR MIT",
"Apache-2.0 OR LGPL-2.1-or-later OR MIT",
"Apache-2.0 OR MIT",
"Apache-2.0",
"MIT OR Unlicense",
"MIT",
"MPL-2.0",
]
ALLOWED_CRATES = [
"unicode-ident",
]
def check_crate(manifest_path: str) -> None:
cmd = [
"cargo",
"license",
"--json",
"--avoid-build-deps",
"--manifest-path",
manifest_path,
]
crates = json.loads(subprocess.check_output(cmd, encoding="utf-8"))
for crate in crates:
try:
if crate["name"] in ALLOWED_CRATES:
continue
assert crate["license"] in ALLOWED_LICENSES
except AssertionError:
print(f"Violation in dependency of {manifest_path}, crate:")
json.dump(crate, sys.stdout, indent=True)
print()
raise
if __name__ == "__main__":
check_crate("Cargo.toml")
check_crate("pyrcl/Cargo.toml")
check_crate("wasm/Cargo.toml")
Reference in a new issue View git blame Copy permalink