chore(license): check license using cargo-deny (#492)

Author: kyu08

.github/workflows/brew-release.yml

@@ -4,8 +4,7 @@ on:
     tags: 
       - 'v*'
 jobs:
-  release:
-    name: Bump Homebrew formula
+  bump-homebrew-formula:
     runs-on: ubuntu-latest
     steps:
       - uses: mislav/bump-homebrew-formula-action@v3

.github/workflows/check-licenses.yml

@@ -0,0 +1,14 @@
+name: Check licenses
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+
+jobs:
+  check-licenses:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+    - uses: EmbarkStudios/cargo-deny-action@v2
+      with:
+        command: check licenses

.github/workflows/spell-check.yml

@@ -6,7 +6,6 @@ on:
 
 jobs:
   spell-check:
-    name: Spell Check with Typos
     runs-on: ubuntu-latest
     steps:
     - name: Checkout

Makefile

@@ -1,6 +1,6 @@
 # Checks same as CI
 .PHONY: ci
-ci: test-ci check fmt-check detect-unused-dependencies update-license-file spell-check
+ci: test-ci check fmt-check detect-unused-dependencies check-licenses update-license-file spell-check
 
 .PHONY: run
 run:
@@ -12,25 +12,31 @@ tools: tool-test tool-bump-version tool-spell-check
 .PHONY: tool-test
 tool-test:
 	@if ! which cargo-nextest > /dev/null; then \
-		cargo install cargo-nextest; \
+		cargo install --locked cargo-nextest; \
 	fi
 
 .PHONY: tool-bump-version
 tool-bump-version:
 	@if ! which cargo-set-version > /dev/null; then \
-		cargo install cargo-edit; \
+		cargo install --locked cargo-edit; \
 	fi
 
 .PHONY: tool-spell-check
 tool-spell-check:
 	@if ! which typos > /dev/null; then \
-		cargo install typos-cli; \
+		cargo install --locked typos-cli; \
 	fi
 
 .PHONY: tool-detect-unused-dependencies
 tool-detect-unused-dependencies:
 	@if ! which cargo-machete > /dev/null; then \
-		cargo install cargo-machete; \
+		cargo install --locked cargo-machete; \
+	fi
+
+.PHONY: tool-check-licenses
+tool-check-licenses:
+	@if ! which cargo-deny > /dev/null; then \
+		cargo install --locked cargo-deny; \
 	fi
 
 .PHONY: tool-update-license-file
@@ -85,6 +91,10 @@ detect-unused-dependencies: tool-detect-unused-dependencies
 update-license-file: tool-update-license-file
 	cargo about generate about.hbs > license.html
 
+.PHONY: check-licenses
+check-licenses: tool-check-licenses
+	cargo deny check licenses
+
 DEBUG_EXECUTABLE = ./target/debug/fzf-make
 TEST_DIR = ./test_data
 .PHONY: run-in-test-data

deny.toml

@@ -0,0 +1,21 @@
+# doc: https://embarkstudios.github.io/cargo-deny/checks/licenses/cfg.html
+[licenses]
+allow = [
+    "MIT",
+    "ISC",
+    "Apache-2.0",
+    "MPL-2.0",
+    "BSD-2-Clause",
+    "BSD-3-Clause",
+    "Unicode-DFS-2016",
+    "OpenSSL",
+]
+confidence-threshold = 0.8
+exceptions = []
+
+[[licenses.clarify]]
+name = "ring"
+expression = "MIT AND ISC AND OpenSSL"
+license-files = [
+    { path = "LICENSE", hash = 0xbd0eed23 }
+]