worldcoin · TheButlah · Mar 19, 2024 · Mar 7, 2024
@@ -0,0 +1,116 @@
+name: Main CI
+on:
+  pull_request:
+
+  push:
+    branches:
+      - main
+    tags:
+      - '**'
+
+jobs:
+  fmt:
+    name: Format
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/checkout@v3
+      - uses: cachix/install-nix-action@v22
+      - uses: cachix/cachix-action@v12
+        continue-on-error: true
+        with:
+          name: worldcoin
+          authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
+
+      - name: Check Rust formatting
+        run: cargo fmt --check --all
+      - name: Check Nix formatting
+        run: |
+          nix develop -c \
+            nixpkgs-fmt --check flake.nix
+
+  clippy:
+    name: Clippy
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/checkout@v3
+      - uses: cachix/install-nix-action@v22
+      - uses: cachix/cachix-action@v12
+        continue-on-error: true
+        with:
+          name: worldcoin
+          authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
+      - name: Cache cargo dependencies
+        uses: Swatinem/rust-cache@v2
+
+      - name: Clippy lints
+        run: |
+          nix develop -c \
+            cargo clippy --all --all-features --all-targets --no-deps -- -D warnings
+
+  doc:
+    name: Doc
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/checkout@v3
+      - uses: cachix/install-nix-action@v22
+      - uses: cachix/cachix-action@v12
+        continue-on-error: true
+        with:
+          name: worldcoin
+          authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
+      - name: Cache cargo dependencies
+        uses: Swatinem/rust-cache@v2
+
+      - name: Cargo Doc
+        run: |
+          nix develop -c \
+            cargo doc --all --all-features --no-deps --document-private-items
+
+  test:
+    name: Test
+    strategy:
+      matrix:
+        platform: [ubuntu-22.04]
+    runs-on: ${{ matrix.platform }}
+    steps:
+      - uses: actions/checkout@v3
+      - uses: cachix/install-nix-action@v22
+      - uses: cachix/cachix-action@v12
+        continue-on-error: true
+        with:
+          name: worldcoin
+          authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
+      - name: Cache cargo dependencies
+        uses: Swatinem/rust-cache@v2
+
+      - name: Configure cargo to exclude platform-specific crates
+        if: ${{ matrix.platform == 'macos-13' }}
+        run: |
+          MAC_EXCLUDE=(
+          )
+          echo MAC_EXCLUDE="${MAC_EXCLUDE[*]}" >>${GITHUB_ENV}
+          cat ${GITHUB_ENV}
+      - name: Cargo Test
+        run: |
+          uname -a
+          nix develop -c env
+          nix develop -c \
+            cargo test --all --all-features --all-targets $MAC_EXCLUDE
+
+  cargo-deny:
+    name: Check licensing
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/checkout@v3
+      - uses: cachix/install-nix-action@v22
+      - uses: cachix/cachix-action@v12
+        continue-on-error: true
+        with:
+          name: worldcoin
+          authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
+
+      - name: Check licenses and security advisories
+        run: |
+          nix develop -c \
+            cargo deny check
+
@@ -3,6 +3,7 @@ use std::path::Path;
 fn main() {
     // NOTE: We cannot use `CARGO_MANIFEST_DIR`, because protoc doesn't work well with
     // absolute paths.
+    #[allow(clippy::eq_op)]
     let is_public = env!("CARGO_PKG_NAME") == "orb-mcu-messaging";
     let (messages_dir, priv_dir) = if is_public {
         println!("cargo:warning=Be aware that private definitions are stubbed out when building the public crate.");

@@ -0,0 +1,32 @@
+# Cargo deny will check dependencies via `--all-features`
+all-features = true
+
+[sources]
+unknown-registry = "deny"
+
+[licenses]
+unlicensed = "deny"
+copyleft = "deny"
+# We want really high confidence when inferring licenses from text
+confidence-threshold = 1.0
+
+# List of explicitly allowed licenses
+# See https://spdx.org/licenses/ for list of possible licenses
+allow = [
+    "0BSD",
+    "Apache-2.0 WITH LLVM-exception",
+    "Apache-2.0",
+    "BSD-2-Clause",
+    "BSD-2-Clause-Patent",
+    "BSD-3-Clause",
+    "BSL-1.0",
+    "CC0-1.0",
+    "ISC",
+    "LicenseRef-ring", # See https://github.com/briansmith/ring/blob/95948b3977013aed16db92ae32e6b8384496a740/deny.toml#L12
+    "LicenseRef-wc-proprietary",
+    "MIT",
+    "MPL-2.0", # Although this is copyleft, it is scoped to modifying the original files
+    "Unicode-DFS-2016",
+    "Unlicense",
+    "Zlib",
+]