Add supply_chain test

smoelius · smoelius · commit 1a97f32797ea · 2023-05-17T07:43:16.000-04:00
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -32,39 +32,37 @@ jobs:
       - name: Shellcheck
         run: shellcheck --exclude=SC2002 scripts/*
 
-      - name: Prettier
+      - name: Install dependencies
         run: |
           npm install -g prettier
-          ./scripts/check_prettier.sh
-
-      - name: Cargo sort
-        run: |
-          cargo install cargo-sort
-          find . -name Cargo.toml -print0 | xargs -0 -n 1 dirname | xargs -n 1 cargo sort --check --grouped
-
-      - name: Format
-        run: |
           rm -f "$HOME"/.cargo/bin/cargo-fmt
           rm -f "$HOME"/.cargo/bin/rustfmt
           rustup install nightly
           rustup component add rustfmt --toolchain nightly
-          ./scripts/format.sh && git diff --exit-code
+          cargo install cargo-license
+          cargo install cargo-rdme
+          cargo install cargo-sort
+
+      - name: Prettier
+        run: ./scripts/check_prettier.sh
+
+      - name: Cargo sort
+        run: find . -name Cargo.toml -print0 | xargs -0 -n 1 dirname | xargs -n 1 cargo sort --check --grouped
+
+      - name: Format
+        run: ./scripts/format.sh && git diff --exit-code
 
       - name: Format example READMEs
         run: ./scripts/update_example_READMEs.sh && git diff --exit-code
 
       - name: Format util READMEs
-        run: |
-          cargo install cargo-rdme
-          ./scripts/update_util_READMEs.sh && git diff --exit-code
+        run: ./scripts/update_util_READMEs.sh && git diff --exit-code
 
       - name: Check lockfiles
         run: ./scripts/update_lockfiles.sh && git diff --exit-code
 
       - name: Check licenses
-        run: |
-          cargo install cargo-license
-          ./scripts/check_licenses.sh
+        run: ./scripts/check_licenses.sh
 
       - name: Lint
         run: ./scripts/lint.sh
@@ -106,6 +104,11 @@ jobs:
       - name: Install dylint-link
         run: cargo install --path ./dylint-link
 
+      # smoelius: This list will grow: https://github.com/trailofbits/dylint/issues/636
+      - name: Install dependencies
+        run: |
+          cargo install cargo-supply-chain
+
       - name: Test
         run: |
           if [[ '${{ matrix.environment }}' = 'windows-latest' ]]; then
diff --git a/cargo-dylint/tests/dylint.rs b/cargo-dylint/tests/dylint.rs
@@ -256,6 +256,15 @@ fn markdown_link_check() {
     }
 }
 
+#[test]
+fn supply_chain() {
+    Command::new("cargo")
+        .args(["supply-chain", "publishers", "--no-dev"])
+        .assert()
+        .success()
+        .stdout(predicates::path::eq_file("tests/publishers.txt"));
+}
+
 fn readme_contents(dir: impl AsRef<Path>) -> Result<String> {
     #[allow(unknown_lints, env_cargo_path)]
     read_to_string(
diff --git a/cargo-dylint/tests/publishers.txt b/cargo-dylint/tests/publishers.txt
@@ -0,0 +1,164 @@
+
+The following individuals can publish updates for your dependencies:
+
+ 1. alexcrichton via crates: backtrace, bitflags, bumpalo, cargo, cargo-platform, cfg-if, crates-io, curl, curl-sys, env_logger, filetime, flate2, getopts, git2, git2-curl, glob, home, jobserver, js-sys, libc, libgit2-sys, libnghttp2-sys, libssh2-sys, libz-sys, log, miow, openssl-probe, openssl-sys, pkg-config, rand_core, regex, regex-syntax, rustc-demangle, rustc-workspace-hack, socket2, tar, term, toml, unicode-normalization, unicode-width, unicode-xid, wasi, wasm-bindgen, wasm-bindgen-backend, wasm-bindgen-macro, wasm-bindgen-macro-support, wasm-bindgen-shared
+ 2. tarcieri via crates: base16ct, base64ct, const-oid, cpufeatures, crypto-bigint, der, ecdsa, elliptic-curve, pem-rfc7468, pkcs8, primeorder, rfc6979, sec1, sha1, sha2, signature, spki, zeroize
+ 3. rust-lang-owner via crates: cargo, cargo-platform, cargo-util, cc, cfg-if, crates-io, flate2, git2, git2-curl, glob, home, libc, libgit2-sys, libz-sys, log, pkg-config, rustc-demangle
+ 4. dtolnay via crates: anyhow, itoa, proc-macro2, quote, rustversion, ryu, semver, serde, serde_derive, serde_ignored, serde_json, syn, thiserror, thiserror-impl, unicode-ident
+ 5. epage via crates: anstream, anstyle, anstyle-parse, anstyle-query, anstyle-wincon, clap_builder, clap_lex, colorchoice, serde_spanned, toml, toml_datetime, toml_edit, winnow
+ 6. BurntSushi via crates: aho-corasick, bstr, globset, ignore, memchr, regex, regex-automata, regex-syntax, same-file, termcolor, walkdir, winapi-util
+ 7. newpavlov via crates: base16ct, block-buffer, crypto-common, digest, hkdf, hmac, p384, pkcs8, sha1, sha2, signature
+ 8. fitzgen via crates: addr2line, bumpalo, gimli, js-sys, object, wasm-bindgen, wasm-bindgen-backend, wasm-bindgen-macro, wasm-bindgen-macro-support, wasm-bindgen-shared
+ 9. huonw via crates: bitflags, env_logger, getopts, glob, libc, log, term, unicode-normalization, unicode-width, unicode-xid
+ 10. sfackler via crates: env_logger, foreign-types, foreign-types-shared, log, openssl, openssl-macros, openssl-sys, schannel, shell-escape, socket2
+ 11. SimonSapin via crates: fnv, form_urlencoded, idna, percent-encoding, unicode-bidi, unicode-normalization, unicode-width, unicode-xid, url
+ 12. joshtriplett via crates: ansi_term, cargo, flate2, git2, git2-curl, libc, libgit2-sys, libz-sys, pkg-config
+ 13. kennykerr via crates: windows-sys, windows-targets, windows_aarch64_gnullvm, windows_aarch64_msvc, windows_i686_gnu, windows_i686_msvc, windows_x86_64_gnu, windows_x86_64_gnullvm, windows_x86_64_msvc
+ 14. ehuss via crates: cargo, cargo-platform, cargo-util, git2, git2-curl, home, libgit2-sys, toml
+ 15. Manishearth via crates: camino, compiletest_rs, pathdiff, unicode-normalization, unicode-width, unicode-xid
+ 16. sunfishcode via crates: io-lifetimes, is-terminal, linux-raw-sys, rustix, wasi
+ 17. bluss via crates: arrayvec, either, indexmap, itertools
+ 18. cuviper via crates: autocfg, either, indexmap, num-traits
+ 19. KodrAus via crates: bitflags, log, tempfile
+ 20. bodil via crates: bitmaps, im-rc, sized-chunks
+ 21. chrisduerr via crates: utf8parse, vte, vte_generate_state_changes
+ 22. dhardy via crates: getrandom, rand_core, rand_xoshiro
+ 23. jhpratt via crates: time, time-core, time-macros
+ 24. kwantam via crates: unicode-normalization, unicode-width, unicode-xid
+ 25. larsbergstrom via crates: core-foundation, core-foundation-sys, unicode-bidi
+ 26. malept via crates: commoncrypto, commoncrypto-sys, crypto-hash
+ 27. mbrubeck via crates: core-foundation, ordered-float, unicode-bidi
+ 28. philipc via crates: addr2line, gimli, object
+ 29. pyrossh via crates: rust-embed, rust-embed-impl, rust-embed-utils
+ 30. retep998 via crates: winapi, winapi-i686-pc-windows-gnu, winapi-x86_64-pc-windows-gnu
+ 31. soc via crates: dirs, dirs-sys, option-ext
+ 32. sujayakar via crates: unicode-normalization, unicode-width, unicode-xid
+ 33. Amanieu via crates: hashbrown, thread_local
+ 34. Dylan-DPC via crates: dirs-next, dirs-sys-next
+ 35. Stebalien via crates: tempfile, term
+ 36. alex via crates: openssl, openssl-sys
+ 37. brycx via crates: orion, pasetors
+ 38. ebfull via crates: ff, group
+ 39. jackpot51 via crates: redox_syscall, redox_users
+ 40. jedisct1 via crates: ct-codecs, ed25519-compact
+ 41. jwilm via crates: utf8parse, vte
+ 42. kbknapp via crates: clap, clap_derive
+ 43. lambda-fairy via crates: errno, if_chain
+ 44. matklad via crates: autocfg, once_cell
+ 45. metajack via crates: core-foundation, unicode-bidi
+ 46. nmccarty via crates: dirs-next, dirs-sys-next
+ 47. oli-obk via crates: cargo_metadata, rustfix
+ 48. pietroalbini via crates: git2-curl, libgit2-sys
+ 49. sagebind via crates: curl, curl-sys
+ 50. seanmonstar via crates: num_cpus, url
+ 51. str4d via crates: ff, group
+ 52. 4lDO2 via crates: redox_syscall
+ 53. Byron via crates: libz-sys
+ 54. Eh2406 via crates: cargo
+ 55. Frommi via crates: miniz_oxide
+ 56. Hoverbear via crates: url
+ 57. JasonGross via crates: fiat-crypto
+ 58. JohnTitor via crates: libc
+ 59. Kimundi via crates: lazy_static
+ 60. KokaKiwi via crates: hex
+ 61. Lokathor via crates: tinyvec
+ 62. LucioFranco via crates: home
+ 63. MggMuggins via crates: redox_users
+ 64. Munksgaard via crates: compiletest_rs
+ 65. Seeker14491 via crates: opener
+ 66. SergioBenitez via crates: version_check
+ 67. Soveu via crates: tinyvec_macros
+ 68. Thomasdezeeuw via crates: socket2
+ 69. alicemaz via crates: base64
+ 70. arcnmx via crates: serde-value
+ 71. behnam via crates: unicode-bidi
+ 72. brson via crates: home
+ 73. crisidev via crates: libssh2-sys
+ 74. dguo via crates: strsim
+ 75. eminence via crates: terminal_size
+ 76. faern via crates: miow
+ 77. fizyk20 via crates: generic-array
+ 78. gnzlbg via crates: libc
+ 79. hauleth via crates: num-traits
+ 80. hyunsik via crates: bytesize
+ 81. indiv0 via crates: lazycell
+ 82. isislovecruft via crates: subtle
+ 83. jonas-schievink via crates: adler
+ 84. jplatte via crates: heck
+ 85. jswrenn via crates: itertools
+ 86. kennytm via crates: fwdansi
+ 87. killercup via crates: rustfix
+ 88. kinnison via crates: home
+ 89. kornelski via crates: vcpkg
+ 90. laumann via crates: compiletest_rs
+ 91. luser via crates: strip-ansi-escapes
+ 92. marshallpierce via crates: base64
+ 93. mcgoo via crates: vcpkg
+ 94. messense via crates: tester
+ 95. mexus via crates: sedregex
+ 96. mkroening via crates: hermit-abi
+ 97. mneumann via crates: errno-dragonfly
+ 98. novacrazy via crates: generic-array
+ 99. ogham via crates: ansi_term
+ 100. ordian via crates: toml_edit
+ 101. oyvindln via crates: miniz_oxide
+ 102. paholg via crates: typenum
+ 103. pcwalton via crates: core-foundation
+ 104. pkgw via crates: vcpkg
+ 105. reem via crates: ordered-float
+ 106. rust-bus-owner via crates: http-auth
+ 107. scottlamb via crates: http-auth
+ 108. sdroege via crates: pkg-config
+ 109. sebasmagri via crates: env_logger
+ 110. sebcrozet via crates: instant
+ 111. softprops via crates: atty
+ 112. srijs via crates: crc32fast
+ 113. stanislav-tkach via crates: os_info
+ 114. steffengy via crates: schannel
+ 115. stlankes via crates: hermit-abi
+ 116. sunshowers via crates: camino
+ 117. taiki-e via crates: fastrand
+ 118. tailhook via crates: humantime
+ 119. utkarshkukreti via crates: diff
+ 120. vladikoff via crates: hkdf
+ 121. vorner via crates: once_cell
+ 122. waych via crates: vcpkg
+ 123. wez via crates: libssh2-sys
+ 124. withoutboats via crates: heck
+ 125. yodaldevoid via crates: libssh2-sys
+ 126. yoshuawuyts via crates: miow
+
+All members of the following teams can publish updates for your dependencies:
+
+ 1. "github:servo:cargo-publish" (https://github.com/servo) via crates: core-foundation, core-foundation-sys, fnv, form_urlencoded, idna, ordered-float, percent-encoding, unicode-bidi, url
+ 2. "github:rust-lang:libs" (https://github.com/rust-lang) via crates: backtrace, cargo, cc, cfg-if, crates-io, libc, regex, regex-syntax
+ 3. "github:rust-lang-nursery:libs" (https://github.com/rust-lang-nursery) via crates: bitflags, crates-io, env_logger, getopts, glob, lazy_static, log
+ 4. "github:rustcrypto:formats" (https://github.com/rustcrypto) via crates: base16ct, base64ct, const-oid, der, pem-rfc7468, pkcs8, spki
+ 5. "github:rustwasm:core" (https://github.com/rustwasm) via crates: js-sys, wasm-bindgen, wasm-bindgen-backend, wasm-bindgen-macro, wasm-bindgen-macro-support, wasm-bindgen-shared
+ 6. "github:rust-lang:release-publishers" (https://github.com/rust-lang) via crates: cargo, cargo-platform, cargo-util, crates-io
+ 7. "github:rustcrypto:elliptic-curves" (https://github.com/rustcrypto) via crates: elliptic-curve, p384, primeorder, sec1
+ 8. "github:servo:rust-url" (https://github.com/servo) via crates: form_urlencoded, idna, percent-encoding, url
+ 9. "github:toml-rs:maintainers" (https://github.com/toml-rs) via crates: serde_spanned, toml, toml_datetime, toml_edit
+ 10. "github:alacritty:publishers" (https://github.com/alacritty) via crates: utf8parse, vte, vte_generate_state_changes
+ 11. "github:clap-rs:admins" (https://github.com/clap-rs) via crates: clap, clap_derive, clap_lex
+ 12. "github:rust-bus:maintainers" (https://github.com/rust-bus) via crates: arrayvec, tinyvec, vcpkg
+ 13. "github:rust-cli:maintainers" (https://github.com/rust-cli) via crates: anstyle, clap, clap_lex
+ 14. "github:rust-lang:core" (https://github.com/rust-lang) via crates: cargo, cargo-platform, crates-io
+ 15. "github:rust-random:maintainers" (https://github.com/rust-random) via crates: getrandom, rand_core, rand_xoshiro
+ 16. "github:rustcrypto:traits" (https://github.com/rustcrypto) via crates: crypto-common, digest, signature
+ 17. "github:rustcrypto:utils" (https://github.com/rustcrypto) via crates: block-buffer, cpufeatures, zeroize
+ 18. "github:serde-rs:owners" (https://github.com/serde-rs) via crates: serde, serde_derive, serde_json
+ 19. "github:rust-lang-nursery:log-owners" (https://github.com/rust-lang-nursery) via crates: env_logger, log
+ 20. "github:rust-lang-nursery:regex-owners" (https://github.com/rust-lang-nursery) via crates: regex, regex-syntax
+ 21. "github:rustcrypto:hashes" (https://github.com/rustcrypto) via crates: sha1, sha2
+ 22. "github:rustcrypto:signatures" (https://github.com/rustcrypto) via crates: ecdsa, rfc6979
+ 23. "github:bitflags:owners" (https://github.com/bitflags) via crates: bitflags
+ 24. "github:dalek-cryptography:subtle-maintainers" (https://github.com/dalek-cryptography) via crates: subtle
+ 25. "github:env-logger-rs:publishers" (https://github.com/env-logger-rs) via crates: env_logger
+ 26. "github:rust-lang-nursery:rustfix" (https://github.com/rust-lang-nursery) via crates: rustfix
+ 27. "github:rust-lang:libc" (https://github.com/rust-lang) via crates: libc
+ 28. "github:rustcrypto:crypto-bigint" (https://github.com/rustcrypto) via crates: crypto-bigint
+ 29. "github:rustcrypto:kdfs" (https://github.com/rustcrypto) via crates: hkdf
+ 30. "github:rustcrypto:macs" (https://github.com/rustcrypto) via crates: hmac
+ 31. "github:smol-rs:admins" (https://github.com/smol-rs) via crates: fastrand
+ 32. "github:tokio-rs:socket2" (https://github.com/tokio-rs) via crates: socket2
