tidy/
extdeps.rs

1//! Check for external package sources. Allow only vendorable packages.
2
3use std::fs;
4use std::path::Path;
5
6use crate::deps::WorkspaceInfo;
7use crate::diagnostics::DiagCtx;
8
9/// List of allowed sources for packages.
10const ALLOWED_SOURCES: &[&str] = &[
11    r#""registry+https://github.com/rust-lang/crates.io-index""#,
12    // This is `rust_team_data` used by `site` in src/tools/rustc-perf,
13    r#""git+https://github.com/rust-lang/team#a5260e76d3aa894c64c56e6ddc8545b9a98043ec""#,
14];
15
16/// Checks for external package sources. `root` is the path to the directory that contains the
17/// workspace `Cargo.toml`.
18pub fn check(root: &Path, diag_ctx: DiagCtx) {
19    let mut check = diag_ctx.start_check("extdeps");
20
21    for &WorkspaceInfo { path, submodules, .. } in crate::deps::WORKSPACES {
22        if crate::deps::has_missing_submodule(root, submodules) {
23            continue;
24        }
25
26        // FIXME check other workspaces too
27        // `Cargo.lock` of rust.
28        let lockfile = root.join(path).join("Cargo.lock");
29
30        if !lockfile.exists() {
31            check.error(format!("the `{path}` workspace doesn't have a Cargo.lock"));
32            continue;
33        }
34
35        // Open and read the whole file.
36        let cargo_lock = t!(fs::read_to_string(&lockfile));
37
38        // Process each line.
39        for line in cargo_lock.lines() {
40            // Consider only source entries.
41            if !line.starts_with("source = ") {
42                continue;
43            }
44
45            // Extract source value.
46            let source = line.split_once('=').unwrap().1.trim();
47
48            // Ensure source is allowed.
49            if !ALLOWED_SOURCES.contains(&source) {
50                check.error(format!("invalid source: {}", source));
51            }
52        }
53    }
54}
tidy/extdeps.rs

tidy/
extdeps.rs
