From 555c52ef2ae8d5db6a56971f0ac5648b7696d02f Mon Sep 17 00:00:00 2001 From: Manuel Alonso <434575+manute@users.noreply.github.com> Date: Sat, 22 Nov 2025 06:43:06 +0100 Subject: [PATCH 1/6] chore(sec): pipeline for security --- .github/workflows/sec.yml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 .github/workflows/sec.yml diff --git a/.github/workflows/sec.yml b/.github/workflows/sec.yml new file mode 100644 index 0000000..52ba3be --- /dev/null +++ b/.github/workflows/sec.yml @@ -0,0 +1,24 @@ +name: Security + +on: + push: { branches: ["**"] } + pull_request: { branches: ["**"] } + schedule: + - cron: "0 3 * * 1" + +jobs: + cargo-deny: + name: Cargo Deny + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + + - name: Install Rust + uses: dtolnay/rust-toolchain@stable + + - name: Install cargo-deny + run: cargo install cargo-deny + + - name: Run cargo-deny + run: cargo deny check From 4bfc5940980f6c2e297977e282b59406a7939c3e Mon Sep 17 00:00:00 2001 From: Manuel Alonso <434575+manute@users.noreply.github.com> Date: Sat, 22 Nov 2025 06:52:23 +0100 Subject: [PATCH 2/6] chore(docs): license --- LICENSE => LICENSE-MIT | 6 ------ README.md | 4 +--- 2 files changed, 1 insertion(+), 9 deletions(-) rename LICENSE => LICENSE-MIT (99%) diff --git a/LICENSE b/LICENSE-MIT similarity index 99% rename from LICENSE rename to LICENSE-MIT index 7af0f86..9ff5474 100644 --- a/LICENSE +++ b/LICENSE-MIT @@ -1,7 +1,5 @@ Copyright (c) 2015 Manuel Alonso - - Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights @@ -9,13 +7,9 @@ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: - - The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. - - THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE diff --git a/README.md b/README.md index 2a22937..853ccd3 100644 --- a/README.md +++ b/README.md @@ -67,9 +67,7 @@ See the full example [here](https://github.com/manute/rawsql/tree/master/example ## License -Copyright © 2015 Manuel Alonso - -MIT License +Licensed under MIT license ([LICENSE-MIT](LICENSE-MIT) or ) ### Why not execute SQL this lib? In rust there is not yet a general driver like *JDBC* or go's *database/sql* so I decide to abstract first the parser of sql files to use directly with the libs already exists for each DB. From 9cef91e790f305d93f16203564380ef8ee90d92a Mon Sep 17 00:00:00 2001 From: Manuel Alonso <434575+manute@users.noreply.github.com> Date: Sat, 22 Nov 2025 07:03:30 +0100 Subject: [PATCH 3/6] chore(deny): license deny file --- README.md | 3 ++- deny.toml | 14 ++++++++++++++ 2 files changed, 16 insertions(+), 1 deletion(-) create mode 100644 deny.toml diff --git a/README.md b/README.md index 853ccd3..d6529c7 100644 --- a/README.md +++ b/README.md @@ -67,7 +67,8 @@ See the full example [here](https://github.com/manute/rawsql/tree/master/example ## License -Licensed under MIT license ([LICENSE-MIT](LICENSE-MIT) or ) +Licensed under: + - MIT license ([LICENSE-MIT](LICENSE-MIT) or ) ### Why not execute SQL this lib? In rust there is not yet a general driver like *JDBC* or go's *database/sql* so I decide to abstract first the parser of sql files to use directly with the libs already exists for each DB. diff --git a/deny.toml b/deny.toml new file mode 100644 index 0000000..6d61acb --- /dev/null +++ b/deny.toml @@ -0,0 +1,14 @@ +# deny.toml +[licenses] +allow = [ + "MIT" +] + +# Reject copyleft unless explicitly added: +copyleft = "deny" + +# Warn instead of error if we don't know the license +unlicensed = "warn" + +# Ensure all dependencies have a license +allow-osi-fsf-free = "both" From ad3428d608c5b195b100ee02f91a40c40b6b9060 Mon Sep 17 00:00:00 2001 From: Manuel Alonso <434575+manute@users.noreply.github.com> Date: Sat, 22 Nov 2025 07:07:28 +0100 Subject: [PATCH 4/6] chore(ci): workflow --- .github/workflows/ci.yml | 8 ++++++-- .github/workflows/sec.yml | 10 ++++++---- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4ec5117..6b9ca8c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,8 +1,12 @@ name: CI on: - push: { branches: ["**"] } - pull_request: { branches: ["**"] } + push: + branches: + - master + tags: + - "*" + pull_request: jobs: ci: diff --git a/.github/workflows/sec.yml b/.github/workflows/sec.yml index 52ba3be..c00b62d 100644 --- a/.github/workflows/sec.yml +++ b/.github/workflows/sec.yml @@ -1,10 +1,12 @@ name: Security on: - push: { branches: ["**"] } - pull_request: { branches: ["**"] } - schedule: - - cron: "0 3 * * 1" + push: + branches: + - master + tags: + - "*" + pull_request: jobs: cargo-deny: From 19177fee6099325faec474ae0eeda1bfdcf28dfd Mon Sep 17 00:00:00 2001 From: Manuel Alonso <434575+manute@users.noreply.github.com> Date: Sat, 22 Nov 2025 07:13:10 +0100 Subject: [PATCH 5/6] chore(sec): faster exec --- .github/workflows/sec.yml | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/.github/workflows/sec.yml b/.github/workflows/sec.yml index c00b62d..84e08de 100644 --- a/.github/workflows/sec.yml +++ b/.github/workflows/sec.yml @@ -10,17 +10,21 @@ on: jobs: cargo-deny: - name: Cargo Deny runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - name: Install Rust - uses: dtolnay/rust-toolchain@stable + - name: Install cargo-deny (fast) + uses: taiki-e/install-action@v2 + with: + tool: cargo-deny - - name: Install cargo-deny - run: cargo install cargo-deny + - name: Cache advisory DB + uses: actions/cache@v4 + with: + path: ~/.cargo/advisory-db + key: advisory-db-v1 - name: Run cargo-deny - run: cargo deny check + run: cargo deny check licenses bans advisories sources From 3fe68f7e01c2817af337aab75c46861aeac9783e Mon Sep 17 00:00:00 2001 From: Manuel Alonso <434575+manute@users.noreply.github.com> Date: Sat, 22 Nov 2025 07:19:55 +0100 Subject: [PATCH 6/6] chore(sec): better deny toml --- .github/workflows/sec.yml | 1 + deny.toml | 28 ++++++++++++++++++++-------- 2 files changed, 21 insertions(+), 8 deletions(-) diff --git a/.github/workflows/sec.yml b/.github/workflows/sec.yml index 84e08de..2694647 100644 --- a/.github/workflows/sec.yml +++ b/.github/workflows/sec.yml @@ -10,6 +10,7 @@ on: jobs: cargo-deny: + name: Cargo Deny runs-on: ubuntu-latest steps: diff --git a/deny.toml b/deny.toml index 6d61acb..d54bf37 100644 --- a/deny.toml +++ b/deny.toml @@ -1,14 +1,26 @@ # deny.toml [licenses] +# We want really high confidence when inferring licenses from text +confidence-threshold = 0.93 allow = [ - "MIT" + "Apache-2.0", + "Apache-2.0 WITH LLVM-exception", + "MIT", + "BSD-3-Clause", + "ISC", + "Unicode-3.0", + "Zlib", +] +exceptions = [ + # Use exceptions for these as they only have a single user + { allow = ["CDLA-Permissive-2.0"], crate = "webpki-roots" }, ] -# Reject copyleft unless explicitly added: -copyleft = "deny" - -# Warn instead of error if we don't know the license -unlicensed = "warn" +[sources] +unknown-registry = "deny" +unknown-git = "deny" -# Ensure all dependencies have a license -allow-osi-fsf-free = "both" +[advisories] +unmaintained = "workspace" +ignore = [ +]