Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ability to exclude unpublished crates from dependency resolution #708

Closed
Tastaturtaste opened this issue Oct 13, 2024 · 1 comment
Closed

Ability to exclude unpublished crates from dependency resolution #708

Tastaturtaste opened this issue Oct 13, 2024 · 1 comment
Labels
enhancement New feature or request

Comments

@Tastaturtaste
Copy link
Contributor

Is your feature request related to a problem? Please describe.
I have a workspace with some published and some unpublished crates. Today I know of no good way to check only the licenses of dependencies of actually published crates. I can set private.ignore = true in deny.toml, but that only excludes the unpublished crates themselves apparently. Running cargo deny check licenses still checks against the dependencies of those unpublished crates or at least includes them during dependency resolution.

Describe the solution you'd like
I want a straightforward way to check if the dependencies of crates I publish have matching licenses, without having to worry about dependencies I use in unpublished crates like examples. I imagine something like cargo deny check --exclude-dev --exclude-unpublished licenses should give the result I am after.

Describe alternatives you've considered
An alternative might be to use the behavior described above by default for crates that are publish = false. I am not sure if that is 100% backwards compatible as I don't know enough about how cargo does dependency resolution. My guess would be that it is.

Additional context
https://github.com/Tastaturtaste/argmin/tree/remove_cargo_deny_exception is the repository I have an issue with at the moment.
@Tastaturtaste Tastaturtaste added the enhancement New feature or request label Oct 13, 2024
This was referenced Oct 19, 2024
Merged
Merged
mergify bot pushed a commit that referenced this issue Nov 14, 2024
@Tastaturtaste @Jake-Shadle
Feature --exclude-unpublished (#710)
2182b47 
This PR adds a new command line flag `--exclude-unpublished`. If the
flag is set, the construction of the crate graph does not use explicitly
unpublished crates as roots. Workspace members are considered explicitly
unpublished if their manifest specifies `publish = false`. For
motivation please see the [associated
issue](#708).

This PR depends on EmbarkStudios/krates#94 to
fix the workspace filters mechanism of
https://github.com/EmbarkStudios/krates. Documentation for the flag will
follow as soon as I find the time.

---------

Co-authored-by: Jake Shadle <[email protected]>
@Jake-Shadle
Copy link
Member

Resolved by #710

@BrewTestBot BrewTestBot mentioned this issue Nov 15, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Jake-Shadle @Tastaturtaste