Skip to content

Check external crates license compatibility in CI #2746

New issue
New issue
Open
Open
Check external crates license compatibility in CI#2746
Labels
CI/CD 🏭CI/CD
@jpraynaud

Description

@jpraynaud
jpraynaud
opened on Oct 20, 2025

Why

We want to audit the licenses of the crates that we use in order to verify their compliance with the license of our repository.

What

Implement a new job that checks the licenses of the dependencies in the CI.

How

  • Configure cargo-deny with the following guide
    • Support LGPL-3 (but leave a comment in the file to explain that this is under legal investigation)
    • Support Zlib (but leave a comment in the file to explain that this is under legal investigation)
    • Support Unicode-3.0 (but leave a comment in the file to explain that this is under legal investigation)
    • Other licenses to be added in this list
  • Add a cargo-deny workflow in the CI with the cargo-deny-action :
    • New workflow licenses.yml (see example)
    • Triggered only when a Cargo.toml file is modified or added
    • Check workspace for the features:
      • default features
      • rug
      • num-integer-backend
      • jemallocator
      • enable-http-compression
      • bundle_tls
    • Check the libraries
      • mithril-client
      • mithril-client-wasm?
    • Add a warning in the PR if the license of a crate is not compatible

Later

  • Ask the legal team to investigate the exact list of licenses that are available
  • Remove the dependencies which are not compliant with the repository license

Resources

Metadata

Metadata

Assignees

No one assigned

    Labels

    CI/CD 🏭CI/CD

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions