ci: Update deny to v2 #3427
ci: Update deny to v2 #3427
Conversation
It looks like the v1 action due to a crate bump started hard requiring a newer rust? Signed-off-by: Colin Walters <walters@verbum.org>
There was a problem hiding this comment.
Hello @cgwalters, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!
Summary of Changes
Hello! Gemini here, providing a summary of this pull request. This PR, authored by cgwalters, aims to update the configuration for the deny CI check to version 2. According to the description, this update seems necessary because the previous version (v1) might be requiring a newer Rust version due to a crate dependency bump. The primary change involves modifying the deny.toml configuration file to align with the requirements or defaults of the v2 action.
Highlights
- CI Configuration Update: The core purpose of this PR is to update the project's CI configuration, specifically the
denycheck, from version 1 to version 2. - License Policy Changes: As part of the
denyv2 update, the configuration filedeny.tomlhas been modified. This includes removing specific rules related to 'unlicensed' and 'copyleft' licenses, which may be handled differently or no longer configurable in the same way in the new version.
Changelog
- deny.toml
- Removed the configuration line
unlicensed = "deny". - Removed the configuration line
copyleft = "allow".
- Removed the configuration line
Using Gemini Code Assist
The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.
Invoking Gemini
You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.
| Feature | Command | Description |
|---|---|---|
| Code Review | /gemini review |
Performs a code review for the current pull request in its current state. |
| Pull Request Summary | /gemini summary |
Provides a summary of the current pull request in its current state. |
| Comment | @gemini-code-assist | Responds in comments when explicitly tagged, both in issue comments and review comments. |
| Help | /gemini help |
Displays a list of available commands. |
Customization
To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.
Limitations & Feedback
Gemini Code Assist is currently in preview and may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments to provide feedback.
You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.
CI runs the test,
Update config, put to rest,
Green checks are the best.
Footnotes
-
Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩
There was a problem hiding this comment.
Code Review
This pull request updates the deny.toml configuration, presumably to align with version 2 of the cargo-deny GitHub action. The changes involve removing two specific license handling rules: unlicensed = "deny" and copyleft = "allow".
While the removal of unlicensed = "deny" is a minor simplification as it aligns with the default behavior of recent cargo-deny versions, the removal of copyleft = "allow" has more significant implications. It effectively changes the project's policy from explicitly allowing copyleft-licensed dependencies to denying them by default. This needs careful consideration and confirmation.
Summary of Findings
- Potential unintended change in copyleft license policy: The removal of
copyleft = "allow"fromdeny.tomlchanges the effective policy for handling copyleft-licensed dependencies from 'allow' to 'deny' (the default in recentcargo-denyversions). This is a significant policy shift that needs confirmation as to whether it's intentional and its impact has been assessed, especially concerning dependencies that might use licenses like LGPL or MPL.
Merge Readiness
This pull request makes a small but potentially impactful change to the project's license compliance configuration. The primary concern is the removal of copyleft = "allow", which alters how copyleft-licensed dependencies are handled.
Due to the potential for this change to unintentionally restrict permissible licenses or break the build if copyleft dependencies are in use (or planned), I recommend that the author clarify the intent behind this specific modification. Addressing the high-severity comment regarding this change is crucial before merging.
I am unable to approve pull requests directly, but based on this review, changes are requested to ensure the licensing policy is correctly and intentionally configured. Other reviewers should also assess this change.
|
@cgwalters: The following test failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
It looks like the v1 action due to a crate bump
started hard requiring a newer rust?