use cargo-deny

Author: Cass Fridkin

.github/workflows/test.yaml

@@ -1,7 +1,7 @@
 # yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
 
 name: CI
-on: push
+on: [push, pull_request]
 jobs:
   build-and-test:
     name: Build and Test
@@ -33,11 +33,19 @@ jobs:
           args: ${{ matrix.mode }} --verbose
   lint:
     runs-on: ubuntu-latest
-    name: Lint
+    name: Clippy
     steps:
       - uses: actions/checkout@v2
         name: Checkout Repo
       - uses: actions-rs/cargo@v1
         name: Run Clippy
         with:
           command: clippy
+  cargo-deny:
+    runs-on: ubuntu-latest
+    name: Cargo Deny
+    steps:
+      - uses: actions/checkout@v2
+        name: Checkout Repo
+      - uses: EmbarkStudios/cargo-deny-action@v1
+        name: Run cargo-deny

deny.toml

@@ -0,0 +1,23 @@
+[advisories]
+db-path       = "~/.cargo/advisory-db"
+db-urls       = ["https://github.com/rustsec/advisory-db"]
+notice        = "deny"
+unmaintained  = "warn"
+vulnerability = "deny"
+yanked        = "deny"
+
+[licenses]
+allow                = ["MIT", "Apache-2.0"]
+allow-osi-fsf-free   = "neither"
+confidence-threshold = 0.8
+default              = "deny"
+unlicensed           = "deny"
+
+[[licenses.exceptions]]
+allow = ["Unicode-DFS-2016"]
+name  = "unicode-ident"
+
+[sources]
+allow-registry   = ["https://github.com/rust-lang/crates.io-index"]
+unknown-git      = "deny"
+unknown-registry = "deny"

envcrypt-test/Cargo.toml

@@ -1,5 +1,6 @@
 [package]
 edition = "2021"
+license = "MIT OR Apache-2.0"
 name    = "envcrypt-test"
 publish = false
 version = "0.0.0"