provenant-cli 0.1.4

[package]
name = "provenant-cli"
version = "0.1.4"
edition = "2024"
autobins = false
repository = "https://github.com/mstykow/provenant"
homepage = "https://github.com/mstykow/provenant"
documentation = "https://github.com/mstykow/provenant/blob/main/docs/DOCUMENTATION_INDEX.md"
description = "Independent Rust scanner for ScanCode-compatible workflows, licenses, package metadata, SBOMs, and provenance data."
license = "Apache-2.0"
keywords = ["scancode", "sbom", "license", "provenance", "compliance"]
categories = ["command-line-utilities", "development-tools"]
readme = "README.md"
# Include only files needed to build from source
include = [
    "src/**/*",
    "!src/**/*_test.rs",
    "!src/**/test.rs",
    "!src/**/tests.rs",
    "!src/**/*_tests.rs",
    "!src/**/*test_utils.rs",
    "!src/**/test_fixtures.rs",
    "/build.rs",
    "/resources/license_detection/license_index.zst",
    "/resources/license_detection/index_build_policy.toml",
    "/resources/license_detection/overlay/**/*",
    "/resources/license_detection/legalese_data.txt",
    "/Cargo.toml",
    "/Cargo.lock",
    "/ACKNOWLEDGEMENTS.md",
    "/README.md",
    "/CITATION.cff",
    "/DCO",
    "/LICENSE",
    "/NOTICE",
    "/SECURITY.md",
]

[package.metadata.cargo-machete]
ignored = ["md-5", "kamadak-exif"]

[package.metadata.release]
# Sign git tags with GPG
sign-tag = true
# Push automatically
push = true
# Use a versionless subject because workspace release commits cannot
# reliably interpolate {{version}} in cargo-release 0.25.x.
pre-release-commit-message = "chore: release"
pre-release-replacements = [
    { file = "CITATION.cff", search = '^version: ".*"$', replace = 'version: "{{version}}"' },
]
pre-release-hook = ["./scripts/check_release_version_sync.sh", "--update-lockfile"]
# Tag message template
tag-message = "Release v{{version}}"
# Release tags must use the v-prefixed GitHub workflow contract.
tag-name = "v{{version}}"
# Crates.io publish is handled by the tag-triggered GitHub Actions workflow.
publish = false

[workspace]
resolver = "3"
members = ["tools/license-headers", "xtask"]

[workspace.metadata.release]
# Consolidated workspace release commits read their subject from workspace config.
pre-release-commit-message = "chore: release"

[workspace.dependencies]
anyhow = "1.0.102"
clap = { version = "4.6.1", features = ["derive"] }
glob = "0.3.3"
postcard = { version = "1.1.3", default-features = false, features = ["alloc"] }
rayon = "1.12.0"
regex = "1.12.3"
rkyv = "0.8.16"
serde = { version = "1.0.228", features = ["derive"] }
serde_json = { version = "1.0.150", features = ["preserve_order"] }
sha2 = "0.11.0"
tempfile = "3.27.0"
toml = "1.1.2"
url = "2.5.8"
yaml_serde = "0.10.4"
zstd = "0.13.3"

[lib]
name = "provenant"
path = "src/lib.rs"

[[bin]]
name = "provenant"
path = "src/bin/provenant.rs"

[features]
default = ["rpm-sqlite"]
golden-tests = []
rpm-sqlite = ["dep:rusqlite"]

[dependencies]
allsorts = { version = "0.16.1", default-features = false, features = ["flate2_rust"] }
anyhow = { workspace = true }
ar = "0.9"           # Unix ar archive format (for .deb)
base64 = "0.22.1"
bit-set = "0.10.0"
bzip2 = "0.6.1"
chrono = "0.4.44"
clap = { workspace = true }
csv = "1.4.0"
daachorse = "3.0.0"
derive_builder = "0.20.2"
directories = "6.0.0"
env_logger = "0.11.10"
fd-lock = "4.0.4"
file-format = { version = "0.29.0", features = ["reader", "reader-txt", "reader-xml", "reader-zip"] }
file-identify = "0.4.0"
flate2 = "1.1.9"
 glob = { workspace = true }
hex = "0.4.3"
http = "1.4.0"
image = { version = "0.25.10", default-features = false, features = ["jpeg", "png", "tiff", "webp"] }
indicatif = "0.18.4"
indicatif-log-bridge = "0.2.3"
json5 = "1.3.1"
kamadak-exif = "0.6.1"
liblzma = "0.4.6"
log = "0.4.29"
md-5 = "0.11.0"
mime_guess = "2.0.5"
object = { version = "0.39.1", default-features = false, features = ["read_core", "elf", "macho", "pe"] }
os_info = "3.14.0"
packageurl = "0.6.0"
pdf_oxide = "0.3.53"
postcard = { workspace = true }
prost = { version = "0.14.3", features = ["derive"] }
quick-xml = "0.40.1"
rancor = "0.1.1"
rayon = { workspace = true }
regex = { workspace = true }
reqwest = { version = "0.13.3", default-features = false, features = ["blocking", "rustls"] }
rkyv = { workspace = true, features = ["smallvec-1"] }
rpm = { version = "0.23.5", default-features = false, features = ["payload", "gzip-compression", "xz-compression", "zstd-compression", "bzip2-compression"] }
ruff_python_ast = { version = "0.15.8", package = "rustpython-ruff_python_ast" }
ruff_python_parser = { version = "0.15.8", package = "rustpython-ruff_python_parser" }
rusqlite = { version = "0.39.0", features = ["bundled"], optional = true }
rusty-axml = "0.2.1"
schemars = { version = "1.2.1", features = ["derive"] }
serde = { workspace = true }
serde_json = { workspace = true }
sha1 = "0.11.0"
sha2 = { workspace = true }
smallvec = "1.15.1"
starlark_syntax = "0.13.0"
strum = { version = "0.28.0", features = ["derive"] }
tar = "0.4.45"
tempfile = { workspace = true }
tera = { version = "1.20.1", default-features = false }
thiserror = "2.0.18"
 toml = { workspace = true }
ttf-parser = "0.25.1"
url = { workspace = true }
uuid = { version = "1.23.1", features = ["v4"] }
yaml_serde = { workspace = true }
zip = "8.6.0"
zstd = { workspace = true }

[build-dependencies]
rkyv = { workspace = true }

[dev-dependencies]

[lints.clippy]
cargo = { level = "warn", priority = -1 }
cast_lossless = "warn"
checked_conversions = "warn"
cloned_instead_of_copied = "warn"
clone_on_ref_ptr = "warn"
filetype_is_file = "warn"
cast_sign_loss = "warn"

[profile.release]
# Enable link-time optimization for better cross-module optimizations
lto = true

# Enable whole-program optimization
codegen-units = 1

# Maximum optimization level
opt-level = 3

# Strip debug symbols to reduce binary size
strip = true

[profile.ci-release]
inherits = "release"
lto = false
codegen-units = 16
strip = false

[profile.profiling]
inherits = "release"
strip = false
debug = true