Skip to content

Run cargo deny on CI #8480

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Copilot wants to merge 2 commits into
base: unstable
Choose a base branch
from
+35 −1
Open

Run cargo deny on CI #8480

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
677b638
Initial plan
Copilot Nov 27, 2025
8463a92
Add cargo-deny for dependency control and CI integration
Copilot Nov 27, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion .github/workflows/test-suite.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -324,7 +324,7 @@ jobs:
channel: stable
cache-target: release
components: rustfmt,clippy
bins: cargo-audit
bins: cargo-audit,cargo-deny
- name: Check formatting with cargo fmt
run: make cargo-fmt
- name: Lint code for quality and style with Clippy
Expand All @@ -337,6 +337,8 @@ jobs:
run: make arbitrary-fuzz
- name: Run cargo audit
run: make audit-CI
- name: Run cargo deny
run: make deny-CI
- name: Run cargo vendor to make sure dependencies can be vendored for packaging, reproducibility and archival purpose
run: CARGO_HOME=$(readlink -f $HOME) make vendor
- name: Markdown-linter
Expand Down
9 changes: 9 additions & 0 deletions Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -288,6 +288,15 @@ install-audit:
audit-CI:
cargo audit

# Runs cargo deny (check for banned crates, duplicate versions, and source restrictions)
deny: install-deny deny-CI

install-deny:
cargo install --force cargo-deny --version 0.18.2

deny-CI:
cargo deny check bans sources

# Runs `cargo vendor` to make sure dependencies can be vendored for packaging, reproducibility and archival purpose.
vendor:
cargo vendor
Expand Down
23 changes: 23 additions & 0 deletions deny.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
# cargo-deny configuration for Lighthouse
# See https://embarkstudios.github.io/cargo-deny/

[bans]
# Warn when multiple versions of the same crate are detected
multiple-versions = "warn"
deny = [
# Legacy Ethereum crates that have been replaced with alloy
{ crate = "ethers", reason = "use alloy instead" },
{ crate = "ethereum-types", reason = "use alloy-primitives instead" },
# Replaced by quick-protobuf
{ crate = "protobuf", reason = "use quick-protobuf instead" },
# Prevent duplicate versions of reqwest - heavy crate with build scripts
{ crate = "reqwest", deny-multiple-versions = true, reason = "prevent duplicate versions" },
]

[sources]
unknown-registry = "deny"
unknown-git = "warn"
allow-registry = ["https://github.com/rust-lang/crates.io-index"]

[sources.allow-org]
github = ["sigp"]
Loading