Skip to content

Commit

Permalink
ci: run cargo-check-external-types
Browse files Browse the repository at this point in the history 
This commit adds a CI task to run cargo-check-external-types[0] with the
goal of ensuring we don't unintentionally leak types from deps (e.g.
`untrusted`) in our public API.

[0]: https:/awslabs/cargo-check-external-types
  • Loading branch information
@cpu
cpu committed Oct 18, 2023
1 parent 5390ec5 commit 595ecd5
Show file tree
Hide file tree
Showing 2 changed files with 26 additions and 0 deletions.
20 changes: 20 additions & 0 deletions .github/workflows/ci.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -268,6 +268,26 @@ jobs:
- name: Check semver
uses: obi1kenobi/cargo-semver-checks-action@v2

check-external-types:
name: Validate external types appearing in public API
runs-on: ubuntu-latest
steps:
- name: Checkout sources
uses: actions/checkout@v4
with:
persist-credentials: false

- name: Install rust toolchain
uses: dtolnay/rust-toolchain@master
with:
toolchain: nightly-2023-10-10
# ^ sync with https:/awslabs/cargo-check-external-types/blob/main/rust-toolchain.toml

- run: cargo install --locked cargo-check-external-types

- name: run cargo-check-external-types
run: cargo check-external-types

coverage:
name: Measure coverage
runs-on: ubuntu-20.04
Expand Down
6 changes: 6 additions & 0 deletions Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,12 @@ include = [
all-features = true
rustdoc-args = ["--cfg", "docsrs"]

[package.metadata.cargo_check_external_types]
allowed_external_types = [
"rustls_pki_types::*",
"rustls_pki_types", # To allow re-export.
]

[lib]
name = "webpki"

Expand Down

0 comments on commit 595ecd5

Please sign in to comment.