From e0299b7c766d96353abdcdb0bda45cdf459389d9 Mon Sep 17 00:00:00 2001 From: Mathias Tervo Date: Wed, 20 Sep 2023 12:26:47 +0200 Subject: [PATCH] Enable CI jobs (#16) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Enable CI jobs * Fix clippy lints * Add cargo deny config * Add license exception for rustls-webpki * Add cargo deny ban skip exception for socket2 --------- Co-authored-by: Björn Westlin --- .github/workflows/rust-ci.yml | 144 +++++----------------------------- deny.toml | 71 +++++++++++++++++ src/client.rs | 31 +++----- 3 files changed, 99 insertions(+), 147 deletions(-) create mode 100644 deny.toml diff --git a/.github/workflows/rust-ci.yml b/.github/workflows/rust-ci.yml index 3278b80..e4d61af 100644 --- a/.github/workflows/rust-ci.yml +++ b/.github/workflows/rust-ci.yml @@ -1,12 +1,10 @@ -# TODO: Replace this line with the commented ones to actually run the action in your repo(s) -on: public -# on: -# push: -# branches: -# - main -# tags: -# - "*" -# pull_request: +on: + push: + branches: + - main + tags: + - "*" + pull_request: name: CI jobs: @@ -54,7 +52,6 @@ jobs: - name: cargo test run: cargo test --release - # TODO: Remove this check if you don't use cargo-deny in the repo deny-check: name: cargo-deny runs-on: ubuntu-latest @@ -62,7 +59,6 @@ jobs: - uses: actions/checkout@v3 - uses: EmbarkStudios/cargo-deny-action@v1 - # TODO: Remove this check if you don't publish the crate(s) from this repo publish-check: name: Publish Check runs-on: ubuntu-latest @@ -76,123 +72,19 @@ jobs: - name: cargo publish check run: cargo publish --dry-run - # TODO: Remove this job if you don't release binaries - # Replace occurances of $BIN_NAME with the name of your binary - release: - name: Release - needs: [test, deny-check] + publish: + name: Publish + needs: [test, deny-check, publish-check] + runs-on: ubuntu-latest if: startsWith(github.ref, 'refs/tags/') - strategy: - matrix: - os: [ubuntu-latest, macOS-latest, windows-latest] - include: - - os: ubuntu-latest - rust: stable - target: x86_64-unknown-linux-musl - bin: $BIN_NAME - # We don't enable the progress feature when targeting - # musl since there are some dependencies on shared libs - features: "" - - os: windows-latest - rust: stable - target: x86_64-pc-windows-msvc - bin: $BIN_NAME.exe - features: progress - - os: macOS-latest - rust: stable - target: x86_64-apple-darwin - bin: $BIN_NAME - features: progress - runs-on: ${{ matrix.os }} steps: - - name: Install stable toolchain - uses: actions-rs/toolchain@v1 + - uses: actions/checkout@v2 + - uses: actions-rs/toolchain@v1 with: - toolchain: ${{ matrix.rust }} + toolchain: stable override: true - target: ${{ matrix.target }} - - name: Install musl tools - if: matrix.os == 'ubuntu-latest' - run: sudo apt-get install -y musl-tools - - name: Checkout - uses: actions/checkout@v3 - - run: cargo fetch --target ${{ matrix.target }} - - name: Release build - shell: bash - run: | - if [ "${{ matrix.features }}" != "" ]; then - cargo build --release --target ${{ matrix.target }} --features ${{ matrix.features }} - else - cargo build --release --target ${{ matrix.target }} - fi - - name: Package - shell: bash - run: | - name=$BIN_NAME - tag=$(git describe --tags --abbrev=0) - release_name="$name-$tag-${{ matrix.target }}" - release_tar="${release_name}.tar.gz" - mkdir "$release_name" - - if [ "${{ matrix.target }}" != "x86_64-pc-windows-msvc" ]; then - strip "target/${{ matrix.target }}/release/${{ matrix.bin }}" - fi - - cp "target/${{ matrix.target }}/release/${{ matrix.bin }}" "$release_name/" - cp README.md LICENSE-APACHE LICENSE-MIT "$release_name/" - tar czvf "$release_tar" "$release_name" - - rm -r "$release_name" - - # Windows environments in github actions don't have the gnu coreutils installed, - # which includes the shasum exe, so we just use powershell instead - if [ "${{ matrix.os }}" == "windows-latest" ]; then - echo "(Get-FileHash \"${release_tar}\" -Algorithm SHA256).Hash | Out-File -Encoding ASCII -NoNewline \"${release_tar}.sha256\"" | pwsh -c - - else - echo -n "$(shasum -ba 256 "${release_tar}" | cut -d " " -f 1)" > "${release_tar}.sha256" - fi - - name: Publish - uses: softprops/action-gh-release@v1 - with: - draft: true - files: "$BIN_NAME*" + - run: cargo fetch + - name: cargo publish env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - # TODO: Remove this job if you don't publish container images on each release - # TODO: Create a repository on DockerHub with the same name as the GitHub repo - # TODO: Add the new repo to the buildbot group with read & write permissions - # TODO: Add the embarkbot dockerhub password to the repo secrets as DOCKERHUB_PASSWORD - publish-container-images: - name: Publish container images - runs-on: ubuntu-latest - if: startsWith(github.ref, 'refs/tags/') - needs: [test, deny-check] - steps: - - name: Checkout - uses: actions/checkout@v3 - - name: Set up QEMU - uses: docker/setup-qemu-action@v1 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 - - name: Login to Dockerhub - uses: docker/login-action@v1 - with: - username: embarkbot - password: ${{ secrets.DOCKERHUB_PASSWORD }} - - name: Docker meta - id: docker_meta - uses: crazy-max/ghaction-docker-meta@v1 - with: - images: embarkstudios/${{ github.event.repository.name }} - tag-semver: | - {{version}} - {{major}}.{{minor}} - - name: Build and push - uses: docker/build-push-action@v2 - with: - context: . - file: ./Dockerfile - push: true - tags: ${{ steps.docker_meta.outputs.tags }} - labels: ${{ steps.docker_meta.outputs.labels }} + CARGO_REGISTRY_TOKEN: ${{ secrets.CRATES_IO_TOKEN }} + run: cargo publish diff --git a/deny.toml b/deny.toml new file mode 100644 index 0000000..2c5aa18 --- /dev/null +++ b/deny.toml @@ -0,0 +1,71 @@ +targets = [ + { triple = "x86_64-unknown-linux-gnu" }, + { triple = "x86_64-unknown-linux-musl" }, + { triple = "x86_64-pc-windows-msvc" }, + { triple = "x86_64-apple-darwin" }, +] + +[advisories] +unmaintained = "deny" +ignore = [] + +[bans] +multiple-versions = "deny" +deny = [{ name = "openssl" }, { name = "openssl-sys" }] +skip = [{ name = "socket2" }] +skip-tree = [] + +[licenses] +unlicensed = "deny" +# We want really high confidence when inferring licenses from text +confidence-threshold = 0.92 +allow = ["Apache-2.0", "MIT", "BSD-3-Clause", "Unicode-DFS-2016"] +exceptions = [ + { allow = [ + "MPL-2.0", + ], name = "webpki-roots" }, + { allow = [ + "ISC", + ], name = "untrusted" }, + { allow = [ + "ISC", + ], name = "webpki" }, + { allow = [ + "ISC", + ], name = "rustls-webpki" }, + { allow = [ + "ISC", + "MIT", + "OpenSSL", + ], name = "ring" }, + { allow = [ + "Zlib", + ], name = "tinyvec" }, +] + +[[licenses.clarify]] +name = "ring" +# SPDX considers OpenSSL to encompass both the OpenSSL and SSLeay licenses +# https://spdx.org/licenses/OpenSSL.html +# ISC - Both BoringSSL and ring use this for their new files +# MIT - "Files in third_party/ have their own licenses, as described therein. The MIT +# license, for third_party/fiat, which, unlike other third_party directories, is +# compiled into non-test libraries, is included below." +# OpenSSL - Obviously +expression = "ISC AND MIT AND OpenSSL" +license-files = [{ path = "LICENSE", hash = 0xbd0eed23 }] + +[[licenses.clarify]] +name = "encoding_rs" +expression = "(Apache-2.0 OR MIT) AND BSD-3-Clause" +license-files = [{ path = "COPYRIGHT", hash = 0x39f8ad31 }] + +[[licenses.clarify]] +name = "webpki" +expression = "ISC" +license-files = [{ path = "LICENSE", hash = 0x001c7e6c }] + +[[licenses.clarify]] +name = "rustls-webpki" +expression = "ISC" +license-files = [{ path = "LICENSE", hash = 0x001c7e6c }] \ No newline at end of file diff --git a/src/client.rs b/src/client.rs index 5a9c84b..003a09b 100644 --- a/src/client.rs +++ b/src/client.rs @@ -85,7 +85,7 @@ pub fn query_string(api_key: &str, text: &str, method: Method) -> String { .append_pair("format", "json") .append_pair("api_key", api_key) .append_pair("text", text) - .append_pair("method", &method_str) + .append_pair("method", method_str) .append_pair("semail", "1") .append_pair("slink", "1") .append_pair("rsp", "1") @@ -241,8 +241,7 @@ where if !api_response .rsp .method - .as_ref() - .map(|s| s.as_str()) + .as_deref() .eq(&Some(method.method_str())) { return Err(ResponseError::MisMatchedMethod( @@ -346,10 +345,8 @@ mod test { #[test] fn check_result_missing_found() -> Result<(), Box> { - let body = format!("{{\"rsp\":{{\"@attributes\":{{\"stat\":\"ok\",\"rsp\":\"0.0072040557861328\"}},\"method\":\"webpurify.live.check\",\"format\":\"rest\",\"api_key\":\"123\"}}}}"); - let response = Response::builder() - .status(StatusCode::OK) - .body(body.as_bytes().to_vec()); + let body = b"{{\"rsp\":{{\"@attributes\":{{\"stat\":\"ok\",\"rsp\":\"0.0072040557861328\"}},\"method\":\"webpurify.live.check\",\"format\":\"rest\",\"api_key\":\"123\"}}}}"; + let response = Response::builder().status(StatusCode::OK).body(body); let result = client::profanity_check_result(response?); assert!(result.is_err()); Ok(()) @@ -368,9 +365,7 @@ mod test { #[test] fn replace_result() -> Result<(), Box> { let body = b"{\"rsp\":{\"@attributes\":{\"stat\":\"ok\",\"rsp\":\"0.018898963928223\"},\"method\":\"webpurify.live.replace\",\"format\":\"rest\",\"found\":\"3\",\"text\":\"foo\",\"api_key\":\"123\"}}"; - let response = Response::builder() - .status(StatusCode::OK) - .body((*body).into_iter().collect::>())?; + let response = Response::builder().status(StatusCode::OK).body(body)?; let result = client::profanity_replace_result(response)?; assert_eq!(result, "foo".to_owned()); @@ -380,9 +375,7 @@ mod test { #[test] fn replace_result_missing_found() -> Result<(), Box> { let body = b"{\"rsp\":{\"@attributes\":{\"stat\":\"ok\",\"rsp\":\"0.018898963928223\"},\"method\":\"webpurify.live.replace\",\"format\":\"rest\",\"text\":\"foo\",\"api_key\":\"123\"}}"; - let response = Response::builder() - .status(StatusCode::OK) - .body((*body).into_iter().collect::>())?; + let response = Response::builder().status(StatusCode::OK).body(body)?; let result = client::profanity_replace_result(response)?; assert_eq!(result, "foo".to_owned()); @@ -412,7 +405,7 @@ mod test { ), ] { let result = client::profanity_replace_result(response(code)?); - let result_err = result.err().expect("Expected error"); + let result_err = result.expect_err("Expected error"); assert!( std::mem::discriminant(&result_err) == std::mem::discriminant(&err), "Expected error: {:?} but got: {:?}", @@ -427,18 +420,14 @@ mod test { #[test] fn mismatched_response_methods() -> Result<(), Box> { // Check treated as replace result - let body = format!("{{\"rsp\":{{\"@attributes\":{{\"stat\":\"ok\",\"rsp\":\"0.0072040557861328\"}},\"method\":\"webpurify.live.check\",\"format\":\"rest\",\"found\":\"1\",\"api_key\":\"123\"}}}}"); - let response = Response::builder() - .status(StatusCode::OK) - .body(body.as_bytes().to_vec()); + let body = b"{{\"rsp\":{{\"@attributes\":{{\"stat\":\"ok\",\"rsp\":\"0.0072040557861328\"}},\"method\":\"webpurify.live.check\",\"format\":\"rest\",\"found\":\"1\",\"api_key\":\"123\"}}}}"; + let response = Response::builder().status(StatusCode::OK).body(body); let result = client::profanity_replace_result(response?); assert!(result.is_err()); // Replace treated as check result let body = b"{\"rsp\":{\"@attributes\":{\"stat\":\"ok\",\"rsp\":\"0.018898963928223\"},\"method\":\"webpurify.live.replace\",\"format\":\"rest\",\"found\":\"3\",\"text\":\"foo\",\"api_key\":\"123\"}}"; - let response = Response::builder() - .status(StatusCode::OK) - .body((*body).into_iter().collect::>())?; + let response = Response::builder().status(StatusCode::OK).body(body)?; let result = client::profanity_check_result(response); assert!(result.is_err());