From eb391877af95104156ace5746755accdfd037450 Mon Sep 17 00:00:00 2001 From: Rodney Lab Date: Thu, 25 Jul 2024 16:43:55 +0100 Subject: [PATCH 1/5] =?UTF-8?q?ci:=20=F0=9F=90=9D=20update=20CI=20config?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/PULL_REQUEST_TEMPLATE.md | 7 +- .github/dependabot.yml | 10 ++ .github/workflows/audit-on-push.yml | 16 +++ .github/workflows/deno.yml | 46 +++++++ .github/workflows/dependency-review.yml | 25 ++++ .github/workflows/general.yml | 170 +++++++++++------------- .github/workflows/pre-commit.yml | 26 ++++ .github/workflows/scheduled-audit.yml | 14 ++ .github/workflows/scorecard.yml | 70 ++++++++++ .github/workflows/validate-licenses.yml | 19 +++ .pre-commit-config.yaml | 43 ++++-- LICENSE | 2 +- dprint.json | 20 +-- 13 files changed, 349 insertions(+), 119 deletions(-) create mode 100644 .github/dependabot.yml create mode 100644 .github/workflows/audit-on-push.yml create mode 100644 .github/workflows/deno.yml create mode 100644 .github/workflows/dependency-review.yml create mode 100644 .github/workflows/pre-commit.yml create mode 100644 .github/workflows/scheduled-audit.yml create mode 100644 .github/workflows/scorecard.yml create mode 100644 .github/workflows/validate-licenses.yml diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index cd79543..a2bba84 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -15,6 +15,9 @@ Please delete options that are not relevant. - [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected) - [ ] This change requires a documentation update +- [ ] CI +- [ ] Dependency update +- [ ] Linting # How Has This Been Tested? @@ -22,8 +25,8 @@ Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration -- [ ] Test A -- [ ] Test B +- [ ] cargo test run with all tests passing +- [ ] Deno tests run and passed **Test Configuration**: diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..1557067 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,10 @@ +version: 2 +updates: + - package-ecosystem: github-actions + directory: / + schedule: + interval: daily + - package-ecosystem: cargo + directory: / + schedule: + interval: daily diff --git a/.github/workflows/audit-on-push.yml b/.github/workflows/audit-on-push.yml new file mode 100644 index 0000000..c8f2115 --- /dev/null +++ b/.github/workflows/audit-on-push.yml @@ -0,0 +1,16 @@ +name: Security audit +permissions: + contents: read +on: + push: + paths: + - 'Cargo.toml' + - 'Cargo.lock' +jobs: + security_audit: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: rustsec/audit-check@dd51754d4e59da7395a4cd9b593f0ff2d61a9b95 # v1.4.1 + with: + token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/deno.yml b/.github/workflows/deno.yml new file mode 100644 index 0000000..1a97561 --- /dev/null +++ b/.github/workflows/deno.yml @@ -0,0 +1,46 @@ +name: Deno +on: + push: + branches: + - main + pull_request: + types: [opened, synchronize, reopened] + branches: + - main +jobs: + deno-check: + runs-on: ubuntu-latest + steps: + - name: Harden Runner + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 + with: + egress-policy: audit + disable-telemetry: true + - name: Clone repository + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - name: Install Deno + uses: denoland/setup-deno@ba9dcf3bc3696623d1add6a2f5181ee1b5143de5 # v1.3.0 + with: + deno-version: v1.x + - name: Check formatting + run: deno fmt --check + - name: Lint + run: deno lint + - name: Type Check + run: deno check mod.ts + deno-test: + runs-on: ubuntu-latest + steps: + - name: Harden Runner + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 + with: + egress-policy: audit + disable-telemetry: true + - name: Clone repository + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - name: Install Deno + uses: denoland/setup-deno@ba9dcf3bc3696623d1add6a2f5181ee1b5143de5 # v1.3.0 + with: + deno-version: v1.x + - name: Test Modules + run: deno task test diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml new file mode 100644 index 0000000..fa9854c --- /dev/null +++ b/.github/workflows/dependency-review.yml @@ -0,0 +1,25 @@ +# Dependency Review Action +# +# This Action will scan dependency manifest files that change as part of a Pull Request, +# surfacing known-vulnerable versions of the packages declared or updated in the PR. +# Once installed, if the workflow run is marked as required, +# PRs introducing known-vulnerable packages will be blocked from merging. +# +# Source repository: https://github.com/actions/dependency-review-action +name: 'Dependency Review' +on: [pull_request] +permissions: + contents: read +jobs: + dependency-review: + runs-on: ubuntu-latest + steps: + - name: Harden Runner + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 + with: + egress-policy: audit + disable-telemetry: true + - name: 'Checkout Repository' + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - name: 'Dependency Review' + uses: actions/dependency-review-action@5a2ce3f5b92ee19cbb1541a4984c76d921601d7c # v4.3.4 diff --git a/.github/workflows/general.yml b/.github/workflows/general.yml index 130333f..d7d26b6 100644 --- a/.github/workflows/general.yml +++ b/.github/workflows/general.yml @@ -1,5 +1,4 @@ name: Rust - on: push: branches: @@ -8,120 +7,109 @@ on: types: [opened, synchronize, reopened] branches: - main - +permissions: read-all env: CARGO_TERM_COLOR: always - + RUSTFLAGS: "-Dwarnings -Cinstrument-coverage" + LLVM_PROFILE_FILE: "project-%p-%m.profraw" jobs: test: name: Test runs-on: ubuntu-latest steps: - - name: Checkout repository - uses: actions/checkout@v2 - - name: Cache dependencies - id: cache-dependencies - uses: actions/cache@v2 - with: - path: | - ~/.cargo/registry - ~/.cargo/git - target - key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} - - name: Install stable toolchain - uses: actions-rs/toolchain@v1 - with: - profile: minimal - toolchain: stable - override: true - - name: Run cargo test - uses: actions-rs/cargo@v1 + - name: Harden Runner + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 with: - command: test - + egress-policy: audit + disable-telemetry: true + - name: Install Linux Dependencies + run: sudo apt-get update + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: dtolnay/rust-toolchain@4f366e621dc8fa63f557ca04b8f4361824a35a45 # stable + - name: Run tests + run: cargo test fmt: name: Rustfmt runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 - - uses: actions-rs/toolchain@v1 + - name: Harden Runner + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 + with: + egress-policy: audit + disable-telemetry: true + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: dtolnay/rust-toolchain@4f366e621dc8fa63f557ca04b8f4361824a35a45 # stable with: - toolchain: stable - override: true components: rustfmt - - uses: actions-rs/cargo@v1 + - name: Enforce formatting + run: cargo fmt --check + fmt-dprint: + runs-on: ubuntu-latest + steps: + - name: Harden Runner + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 with: - command: fmt - args: --all -- --check - + egress-policy: audit + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: dprint/check@2f1cf31537886c3bfb05591c031f7744e48ba8a1 # v2.2 clippy: name: Clippy runs-on: ubuntu-latest steps: - - name: Checkout repository - uses: actions/checkout@v2 - - - name: Install stable toolchain - uses: actions-rs/toolchain@v1 + - name: Harden Runner + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 with: - components: clippy - toolchain: stable - override: true - - - name: Run clippy - uses: actions-rs/clippy-check@v1 + egress-policy: audit + disable-telemetry: true + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: dtolnay/rust-toolchain@4f366e621dc8fa63f557ca04b8f4361824a35a45 # stable with: - token: ${{ secrets.GITHUB_TOKEN }} - args: -- -D warnings - - # coverage: - # name: Code coverage - # runs-on: ubuntu-latest - # steps: - # - name: Checkout repository - # uses: actions/checkout@v2 - - # - name: Install stable toolchain - # uses: actions-rs/toolchain@v1 - # with: - # toolchain: stable - # override: true - - # - name: Run cargo-tarpaulin - # uses: actions-rs/tarpaulin@v0.1 - # with: - # args: "--ignore-tests --avoid-cfg-tarpaulin" - deno-check: + components: clippy + - name: Linting + run: cargo clippy -- -D warnings + msrv: runs-on: ubuntu-latest + strategy: + matrix: + msrv: ["1.60.0"] # instrument-coverage flag requires Rust 1.60 + name: ubuntu / ${{ matrix.msrv }} steps: - - name: Clone repository - uses: actions/checkout@v3 - - - name: Install Deno - uses: denoland/setup-deno@v1 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - name: Install Linux Dependencies + run: sudo apt-get update + - name: Install ${{ matrix.msrv }} + uses: dtolnay/rust-toolchain@4f366e621dc8fa63f557ca04b8f4361824a35a45 # stable with: - deno-version: v1.x - - - name: Check formatting - run: deno fmt --check - - - name: Lint - run: deno lint - - - name: Type Check - run: deno check mod.ts - - deno-test: + toolchain: ${{ matrix.msrv }} + - name: cargo +${{ matrix.msrv }} check + run: cargo check + coverage: + name: Code coverage runs-on: ubuntu-latest steps: - - name: Clone repository - uses: actions/checkout@v2 - - - name: Install Deno - uses: denoland/setup-deno@v1 + - name: Harden Runner + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 + with: + egress-policy: audit + disable-telemetry: true + - name: Install Linux Dependencies + run: sudo apt-get update + - name: Checkout repository + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: dtolnay/rust-toolchain@4f366e621dc8fa63f557ca04b8f4361824a35a45 # stable + with: + components: llvm-tools-preview + - name: Install grcov + run: cargo install grcov + - name: Build + run: cargo build + - name: Run tests + run: cargo test + - name: Generate code coverage + run: grcov . -s . --binary-path ./target/debug/ -t lcov --branch --ignore-not-existing -o ./target/debug/ + - name: Upload coverage reports to Codecov + uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673 # v4.5.0 with: - deno-version: v1.x - - - name: Test Modules - run: deno task test - + file: ./target/debug/lcov + env: + CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml new file mode 100644 index 0000000..5cb8e5b --- /dev/null +++ b/.github/workflows/pre-commit.yml @@ -0,0 +1,26 @@ +name: pre-commit +on: + push: + branches: [main, master, dev] + pull_request: + branches: [main, master, dev] +permissions: + contents: read +jobs: + pre-commit: + runs-on: ubuntu-latest + steps: + - name: Harden Runner + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 + with: + egress-policy: audit + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 + disable-telemetry: true + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1 + - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + with: + go-version: '>=1.18.0' + - uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # v3.0.1 + env: + SKIP: no-commit-to-branch diff --git a/.github/workflows/scheduled-audit.yml b/.github/workflows/scheduled-audit.yml new file mode 100644 index 0000000..6d2630e --- /dev/null +++ b/.github/workflows/scheduled-audit.yml @@ -0,0 +1,14 @@ +name: Security audit +on: + schedule: + - cron: '22 7 * * *' +permissions: + contents: read +jobs: + audit: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: rustsec/audit-check@dd51754d4e59da7395a4cd9b593f0ff2d61a9b95 # v1.4.1 + with: + token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml new file mode 100644 index 0000000..6a8e88f --- /dev/null +++ b/.github/workflows/scorecard.yml @@ -0,0 +1,70 @@ +# This workflow uses actions that are not certified by GitHub. They are provided +# by a third-party and are governed by separate terms of service, privacy +# policy, and support documentation. + +name: Scorecard supply-chain security +on: + # For Branch-Protection check. Only the default branch is supported. See + # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection + branch_protection_rule: + # To guarantee Maintained check is occasionally updated. See + # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained + schedule: + - cron: '48 20 * * 0' + push: + branches: ["main"] +# Declare default permissions as read only. +permissions: read-all +jobs: + analysis: + name: Scorecard analysis + runs-on: ubuntu-latest + permissions: + # Needed to upload the results to code-scanning dashboard. + security-events: write + # Needed to publish results and get a badge (see publish_results below). + id-token: write + # Uncomment the permissions below if installing in a private repository. + # contents: read + # actions: read + steps: + - name: Harden Runner + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 + with: + egress-policy: audit + disable-telemetry: true + - name: "Checkout code" + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false + - name: "Run analysis" + uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3 + with: + results_file: results.sarif + results_format: sarif + # (Optional) "write" PAT token. Uncomment the `repo_token` line below if: + # - you want to enable the Branch-Protection check on a *public* repository, or + # - you are installing Scorecard on a *private* repository + # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat. + repo_token: ${{ secrets.SCORECARD_TOKEN }} + # Public repositories: + # - Publish results to OpenSSF REST API for easy access by consumers + # - Allows the repository to include the Scorecard badge. + # - See https://github.com/ossf/scorecard-action#publishing-results. + # For private repositories: + # - `publish_results` will always be set to `false`, regardless + # of the value entered here. + publish_results: true + # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF + # format to the repository Actions tab. + - name: "Upload artifact" + uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 + with: + name: SARIF file + path: results.sarif + retention-days: 5 + # Upload the results to GitHub's code scanning dashboard. + - name: "Upload to code-scanning" + uses: github/codeql-action/upload-sarif@2d790406f505036ef40ecba973cc774a50395aac # v3.25.13 + with: + sarif_file: results.sarif diff --git a/.github/workflows/validate-licenses.yml b/.github/workflows/validate-licenses.yml new file mode 100644 index 0000000..7994662 --- /dev/null +++ b/.github/workflows/validate-licenses.yml @@ -0,0 +1,19 @@ +name: Cargo Deny +on: [push, pull_request] +permissions: + contents: read +jobs: + cargo-deny: + runs-on: ubuntu-22.04 + strategy: + matrix: + checks: + - advisories + - bans licenses sources + # Prevent sudden announcement of a new advisory from failing ci: + continue-on-error: ${{ matrix.checks == 'advisories' }} + steps: + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: EmbarkStudios/cargo-deny-action@3f4a782664881cf5725d0ffd23969fcce89fd868 # v1.6.3 + with: + command: check ${{ matrix.checks }} diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 75eabf5..8d21783 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,13 +1,32 @@ repos: -- hooks: - - id: commitizen - stages: - - commit-msg - repo: https://github.com/commitizen-tools/commitizen - rev: v3.28.0 -- hooks: - - id: fmt - - id: cargo-check - - id: clippy - repo: https://github.com/doublify/pre-commit-rust - rev: v1.0 + - repo: https://github.com/commitizen-tools/commitizen + rev: v3.28.0 + hooks: + - id: commitizen + stages: + - commit-msg + - repo: https://github.com/doublify/pre-commit-rust + rev: v1.0 + hooks: + - id: fmt + - id: cargo-check + - id: clippy + - repo: https://github.com/gitleaks/gitleaks + rev: v8.18.4 + hooks: + - id: gitleaks + - repo: https://github.com/google/yamlfmt + rev: v0.13.0 + hooks: + - id: yamlfmt + - repo: https://github.com/pre-commit/pre-commit-hooks + rev: v4.6.0 + hooks: + - id: trailing-whitespace + args: + - --markdown-linebreak-ext=md + - id: end-of-file-fixer + - id: check-yaml + - id: check-json + exclude: .vscode + - id: no-commit-to-branch diff --git a/LICENSE b/LICENSE index 6565ea0..d73ccd3 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ BSD 3-Clause License -Copyright (c) 2022 – 2023, Rodney Johnson +Copyright (c) 2022 – 2024, Rodney Johnson All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/dprint.json b/dprint.json index 5edab62..a94ac90 100644 --- a/dprint.json +++ b/dprint.json @@ -1,17 +1,11 @@ { - "json": { - }, - "markdown": { - }, - "toml": { - }, - "includes": ["**/*.{json,md,toml}"], - "excludes": [ - "**/*-lock.json" - ], + "json": {}, + "markdown": {}, + "toml": {}, + "excludes": ["**/*-lock.json"], "plugins": [ - "https://plugins.dprint.dev/json-0.17.0.wasm", - "https://plugins.dprint.dev/markdown-0.15.1.wasm", - "https://plugins.dprint.dev/toml-0.5.4.wasm" + "https://plugins.dprint.dev/json-0.19.3.wasm", + "https://plugins.dprint.dev/markdown-0.17.1.wasm", + "https://plugins.dprint.dev/toml-0.6.2.wasm" ] } From 8ce05a448f2f06512e8b3fba7624c7b8f21c267b Mon Sep 17 00:00:00 2001 From: Rodney Lab Date: Thu, 25 Jul 2024 16:45:52 +0100 Subject: [PATCH 2/5] =?UTF-8?q?ci:=20=F0=9F=90=9D=20update=20CI=20config?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/scheduled-audit.yml | 2 +- .github/workflows/scorecard.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/scheduled-audit.yml b/.github/workflows/scheduled-audit.yml index 6d2630e..dabfefe 100644 --- a/.github/workflows/scheduled-audit.yml +++ b/.github/workflows/scheduled-audit.yml @@ -1,7 +1,7 @@ name: Security audit on: schedule: - - cron: '22 7 * * *' + - cron: '44 23 * * *' permissions: contents: read jobs: diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 6a8e88f..77aa7ad 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -10,7 +10,7 @@ on: # To guarantee Maintained check is occasionally updated. See # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained schedule: - - cron: '48 20 * * 0' + - cron: '56 21 * * 0' push: branches: ["main"] # Declare default permissions as read only. From ae07add2e58343e2fbb8ae7f15069f69d60913c4 Mon Sep 17 00:00:00 2001 From: Rodney Lab Date: Thu, 25 Jul 2024 16:48:30 +0100 Subject: [PATCH 3/5] =?UTF-8?q?ci:=20=F0=9F=90=9D=20update=20CI=20config?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- deny.toml | 252 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 252 insertions(+) create mode 100644 deny.toml diff --git a/deny.toml b/deny.toml new file mode 100644 index 0000000..0299cd8 --- /dev/null +++ b/deny.toml @@ -0,0 +1,252 @@ +# This template contains all of the possible sections and their default values + +# Note that all fields that take a lint level have these possible values: +# * deny - An error will be produced and the check will fail +# * warn - A warning will be produced, but the check will not fail +# * allow - No warning or error will be produced, though in some cases a note +# will be + +# The values provided in this template are the default values that will be used +# when any section or field is not specified in your own configuration + +# Root options + +# The graph table configures how the dependency graph is constructed and thus +# which crates the checks are performed against +[graph] +# If 1 or more target triples (and optionally, target_features) are specified, +# only the specified targets will be checked when running `cargo deny check`. +# This means, if a particular package is only ever used as a target specific +# dependency, such as, for example, the `nix` crate only being used via the +# `target_family = "unix"` configuration, that only having windows targets in +# this list would mean the nix crate, as well as any of its exclusive +# dependencies not shared by any other crates, would be ignored, as the target +# list here is effectively saying which targets you are building for. +targets = [ + + + # The triple can be any string, but only the target triples built in to + # rustc (as of 1.40) can be checked against actual config expressions + # "x86_64-unknown-linux-musl", + # You can also specify which target_features you promise are enabled for a + # particular target. target_features are currently not validated against + # the actual valid features supported by the target architecture. + # { triple = "wasm32-unknown-unknown", features = ["atomics"] }, +] +# When creating the dependency graph used as the source of truth when checks are +# executed, this field can be used to prune crates from the graph, removing them +# from the view of cargo-deny. This is an extremely heavy hammer, as if a crate +# is pruned from the graph, all of its dependencies will also be pruned unless +# they are connected to another crate in the graph that hasn't been pruned, +# so it should be used with care. The identifiers are [Package ID Specifications] +# (https://doc.rust-lang.org/cargo/reference/pkgid-spec.html) +# exclude = [] +# If true, metadata will be collected with `--all-features`. Note that this can't +# be toggled off if true, if you want to conditionally enable `--all-features` it +# is recommended to pass `--all-features` on the cmd line instead +all-features = false +# If true, metadata will be collected with `--no-default-features`. The same +# caveat with `all-features` applies +no-default-features = false +# If set, these feature will be enabled when collecting metadata. If `--features` +# is specified on the cmd line they will take precedence over this option. +# features = [] + +# The output table provides options for how/if diagnostics are outputted +[output] +# When outputting inclusion graphs in diagnostics that include features, this +# option can be used to specify the depth at which feature edges will be added. +# This option is included since the graphs can be quite large and the addition +# of features from the crate(s) to all of the graph roots can be far too verbose. +# This option can be overridden via `--feature-depth` on the cmd line +feature-depth = 1 + +# This section is considered when running `cargo deny check advisories` +# More documentation for the advisories section can be found here: +# https://embarkstudios.github.io/cargo-deny/checks/advisories/cfg.html +[advisories] +# The path where the advisory databases are cloned/fetched into +# db-path = "$CARGO_HOME/advisory-dbs" +# The url(s) of the advisory databases to use +# db-urls = ["https://github.com/rustsec/advisory-db"] +# A list of advisory IDs to ignore. Note that ignored advisories will still +# output a note when they are encountered. +ignore = [ + + + # "RUSTSEC-0000-0000", + # { id = "RUSTSEC-0000-0000", reason = "you can specify a reason the advisory is ignored" }, + # "a-crate-that-is-yanked@0.1.1", # you can also ignore yanked crate versions if you wish + # { crate = "a-crate-that-is-yanked@0.1.1", reason = "you can specify why you are ignoring the yanked crate" }, +] +# If this is true, then cargo deny will use the git executable to fetch advisory database. +# If this is false, then it uses a built-in git library. +# Setting this to true can be helpful if you have special authentication requirements that cargo-deny does not support. +# See Git Authentication for more information about setting up git authentication. +# git-fetch-with-cli = true + +# This section is considered when running `cargo deny check licenses` +# More documentation for the licenses section can be found here: +# https://embarkstudios.github.io/cargo-deny/checks/licenses/cfg.html +[licenses] +# List of explicitly allowed licenses +# See https://spdx.org/licenses/ for list of possible licenses +# [possible values: any SPDX 3.11 short identifier (+ optional exception)]. +allow = [ + "Apache-2.0", + "BSD-3-Clause", + "MIT", + "Unicode-DFS-2016", +] +# The confidence threshold for detecting a license from license text. +# The higher the value, the more closely the license text must be to the +# canonical license text of a valid SPDX license file. +# [possible values: any between 0.0 and 1.0]. +confidence-threshold = 0.8 +# Allow 1 or more licenses on a per-crate basis, so that particular licenses +# aren't accepted for every possible crate as with the normal allow list +exceptions = [ + + + # Each entry is the crate and version constraint, and its specific allow + # list + # { allow = ["Zlib"], crate = "adler32" }, +] + +# Some crates don't have (easily) machine readable licensing information, +# adding a clarification entry for it allows you to manually specify the +# licensing information +# [[licenses.clarify]] +# The package spec the clarification applies to +# crate = "ring" +# The SPDX expression for the license requirements of the crate +# expression = "MIT AND ISC AND OpenSSL" +# One or more files in the crate's source used as the "source of truth" for +# the license expression. If the contents match, the clarification will be used +# when running the license check, otherwise the clarification will be ignored +# and the crate will be checked normally, which may produce warnings or errors +# depending on the rest of your configuration +# license-files = [ +# Each entry is a crate relative path, and the (opaque) hash of its contents +# { path = "LICENSE", hash = 0xbd0eed23 } +# ] + +[licenses.private] +# If true, ignores workspace crates that aren't published, or are only +# published to private registries. +# To see how to mark a crate as unpublished (to the official registry), +# visit https://doc.rust-lang.org/cargo/reference/manifest.html#the-publish-field. +ignore = false +# One or more private registries that you might publish crates to, if a crate +# is only published to private registries, and ignore is true, the crate will +# not have its license(s) checked +registries = [ + + + # "https://sekretz.com/registry +] + +# This section is considered when running `cargo deny check bans`. +# More documentation about the 'bans' section can be found here: +# https://embarkstudios.github.io/cargo-deny/checks/bans/cfg.html +[bans] +# Lint level for when multiple versions of the same crate are detected +multiple-versions = "warn" +# Lint level for when a crate version requirement is `*` +wildcards = "allow" +# The graph highlighting used when creating dotgraphs for crates +# with multiple versions +# * lowest-version - The path to the lowest versioned duplicate is highlighted +# * simplest-path - The path to the version with the fewest edges is highlighted +# * all - Both lowest-version and simplest-path are used +highlight = "all" +# The default lint level for `default` features for crates that are members of +# the workspace that is being checked. This can be overridden by allowing/denying +# `default` on a crate-by-crate basis if desired. +workspace-default-features = "allow" +# The default lint level for `default` features for external crates that are not +# members of the workspace. This can be overridden by allowing/denying `default` +# on a crate-by-crate basis if desired. +external-default-features = "allow" +# List of crates that are allowed. Use with care! +allow = [ + + + # "ansi_term@0.11.0", + # { crate = "ansi_term@0.11.0", reason = "you can specify a reason it is allowed" }, +] +# List of crates to deny +deny = [ + + + # "ansi_term@0.11.0", + # { crate = "ansi_term@0.11.0", reason = "you can specify a reason it is banned" }, + # Wrapper crates can optionally be specified to allow the crate when it + # is a direct dependency of the otherwise banned crate + # { crate = "ansi_term@0.11.0", wrappers = ["this-crate-directly-depends-on-ansi_term"] }, +] + +# List of features to allow/deny +# Each entry the name of a crate and a version range. If version is +# not specified, all versions will be matched. +# [[bans.features]] +# crate = "reqwest" +# Features to not allow +# deny = ["json"] +# Features to allow +# allow = [ +# "rustls", +# "__rustls", +# "__tls", +# "hyper-rustls", +# "rustls", +# "rustls-pemfile", +# "rustls-tls-webpki-roots", +# "tokio-rustls", +# "webpki-roots", +# ] +# If true, the allowed features must exactly match the enabled feature set. If +# this is set there is no point setting `deny` +# exact = true + +# Certain crates/versions that will be skipped when doing duplicate detection. +skip = [ + + + # "ansi_term@0.11.0", + # { crate = "ansi_term@0.11.0", reason = "you can specify a reason why it can't be updated/removed" }, +] +# Similarly to `skip` allows you to skip certain crates during duplicate +# detection. Unlike skip, it also includes the entire tree of transitive +# dependencies starting at the specified crate, up to a certain depth, which is +# by default infinite. +skip-tree = [ + + + # "ansi_term@0.11.0", # will be skipped along with _all_ of its direct and transitive dependencies + # { crate = "ansi_term@0.11.0", depth = 20 }, +] + +# This section is considered when running `cargo deny check sources`. +# More documentation about the 'sources' section can be found here: +# https://embarkstudios.github.io/cargo-deny/checks/sources/cfg.html +[sources] +# Lint level for what to happen when a crate from a crate registry that is not +# in the allow list is encountered +unknown-registry = "warn" +# Lint level for what to happen when a crate from a git repository that is not +# in the allow list is encountered +unknown-git = "warn" +# List of URLs for allowed crate registries. Defaults to the crates.io index +# if not specified. If it is specified but empty, no registries are allowed. +allow-registry = ["https://github.com/rust-lang/crates.io-index"] +# List of URLs for allowed Git repositories +allow-git = [] + +[sources.allow-org] +# 1 or more github.com organizations to allow git sources for +# github = [""] +# 1 or more gitlab.com organizations to allow git sources for +# gitlab = [""] +# 1 or more bitbucket.org organizations to allow git sources for +# bitbucket = [""] From 6a9302cf8f9e24eea6d79f090f71e38ca27163a9 Mon Sep 17 00:00:00 2001 From: Rodney Lab Date: Thu, 25 Jul 2024 16:54:54 +0100 Subject: [PATCH 4/5] =?UTF-8?q?ci:=20=F0=9F=90=9D=20update=20CI=20config?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/general.yml | 2 +- Cargo.toml | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/general.yml b/.github/workflows/general.yml index d7d26b6..28b3d89 100644 --- a/.github/workflows/general.yml +++ b/.github/workflows/general.yml @@ -71,7 +71,7 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - msrv: ["1.60.0"] # instrument-coverage flag requires Rust 1.60 + msrv: ["1.64.0"] name: ubuntu / ${{ matrix.msrv }} steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 diff --git a/Cargo.toml b/Cargo.toml index 6e06807..aeaca80 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -5,6 +5,8 @@ authors = ["Rodney Johnson "] edition = "2021" license = "BSD-3-Clause" repository = "https://github.com/rodneylab/parsedown" +# deunicode v.1.4.4 MSRV is 1.64 +rust-version = "1.64" description = "Markdown processing" [lib] From 2219d531e371688ecbdc706fb2cdb755645855ee Mon Sep 17 00:00:00 2001 From: Rodney Lab Date: Thu, 25 Jul 2024 17:02:05 +0100 Subject: [PATCH 5/5] =?UTF-8?q?ci:=20=F0=9F=90=9D=20update=20CI=20config?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/general.yml | 2 +- Cargo.toml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/general.yml b/.github/workflows/general.yml index 28b3d89..54456c9 100644 --- a/.github/workflows/general.yml +++ b/.github/workflows/general.yml @@ -71,7 +71,7 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - msrv: ["1.64.0"] + msrv: ["1.73.0"] name: ubuntu / ${{ matrix.msrv }} steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 diff --git a/Cargo.toml b/Cargo.toml index aeaca80..dfffcb1 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -5,8 +5,8 @@ authors = ["Rodney Johnson "] edition = "2021" license = "BSD-3-Clause" repository = "https://github.com/rodneylab/parsedown" -# deunicode v.1.4.4 MSRV is 1.64 -rust-version = "1.64" +# js-sys v.0.3.69 requires rustc 1.73 +rust-version = "1.73" description = "Markdown processing" [lib]