diff --git a/.forgejo/workflows/check.yaml b/.forgejo/workflows/check.yaml index 12d5cab..1bb2eab 100644 --- a/.forgejo/workflows/check.yaml +++ b/.forgejo/workflows/check.yaml @@ -1,5 +1,7 @@ on: push: + branches: + - '*' paths: - src/** - tests/** @@ -7,11 +9,6 @@ on: - .forgejo/** - Cargo.toml - Cargo.lock -env: - JUST_VERSION: 1.45.0 - JUST_SHA256SUM: dc3f958aaf8c6506dd90426e9b03f86dd15e74a6467ee0e54929f750af3d9e49 - CARGO_LLVM_COV_VERSION: 0.6.21 - CARGO_LLVM_COV_SHA256SUM: 57f491aedf7cdb261538ceb49cbb1ee9d27df7ca205a5e1a009caaf5cb911afb jobs: verify: runs-on: docker @@ -20,8 +17,7 @@ jobs: image: rust:slim steps: - name: Install action dependencies - run: | - apt-get install --no-install-recommends --update -y nodejs curl + run: apt-get install --no-install-recommends --update -y nodejs curl - name: Checkout code uses: actions/checkout@v6 @@ -32,27 +28,7 @@ jobs: rustup component add --toolchain nightly rustfmt clippy - name: Setup additional tooling - run: | - fetch() { - repo="$1"; tag="$2"; filename="$3"; digest="$4" - - curl -sSLO -w '%{stderr}HTTP %{response_code} %{url}\n' \ - "https://github.com/$repo/releases/download/$tag/$filename" - - printf '%s %s\n' "$digest" "$filename" > digest - sha256sum --check digest && tar xf "$filename" -C tools - } - - mkdir tools - - fetch casey/just ${{ env.JUST_VERSION }} \ - just-${{ env.JUST_VERSION }}-x86_64-unknown-linux-musl.tar.gz \ - ${{ env.JUST_SHA256SUM }} - fetch taiki-e/cargo-llvm-cov v${{ env.CARGO_LLVM_COV_VERSION }} \ - cargo-llvm-cov-x86_64-unknown-linux-gnu.tar.gz \ - ${{ env.CARGO_LLVM_COV_SHA256SUM }} - - mv -v tools/just tools/cargo-llvm-cov /usr/local/bin + run: .forgejo/workflows/setup-tools.sh - name: Build run: just build diff --git a/.forgejo/workflows/publish.yaml b/.forgejo/workflows/publish.yaml index 9be60d6..d4746dc 100644 --- a/.forgejo/workflows/publish.yaml +++ b/.forgejo/workflows/publish.yaml @@ -2,11 +2,6 @@ on: push: tags: - 'v*' -env: - JUST_VERSION: 1.45.0 - JUST_SHA256SUM: dc3f958aaf8c6506dd90426e9b03f86dd15e74a6467ee0e54929f750af3d9e49 - CARGO_LLVM_COV_VERSION: 0.6.21 - CARGO_LLVM_COV_SHA256SUM: 57f491aedf7cdb261538ceb49cbb1ee9d27df7ca205a5e1a009caaf5cb911afb jobs: publish: runs-on: docker @@ -27,41 +22,19 @@ jobs: rustup component add --toolchain nightly rustfmt clippy - name: Setup additional tooling - run: | - fetch() { - repo="$1"; tag="$2"; filename="$3"; digest="$4" - - curl -sSLO --output-dir /tmp \ - -w '%{stderr}HTTP %{response_code} %{url}\n' \ - "https://github.com/$repo/releases/download/$tag/$filename" - - printf '%s %s\n' "$digest" "/tmp/$filename" > /tmp/digest - sha256sum --check /tmp/digest - tar xf "/tmp/$filename" -C /tmp/tools - } - - mkdir /tmp/tools - - fetch casey/just ${{ env.JUST_VERSION }} \ - just-${{ env.JUST_VERSION }}-x86_64-unknown-linux-musl.tar.gz \ - ${{ env.JUST_SHA256SUM }} - fetch taiki-e/cargo-llvm-cov v${{ env.CARGO_LLVM_COV_VERSION }} \ - cargo-llvm-cov-x86_64-unknown-linux-gnu.tar.gz \ - ${{ env.CARGO_LLVM_COV_SHA256SUM }} - - mv -v /tmp/tools/just /tmp/tools/cargo-llvm-cov /usr/local/bin + run: .forgejo/workflows/setup-tools.sh - name: Build release binary run: just full-build + - name: Calculate SHA-256 hash + run: just shasum + - name: Publish to git.jutty.dev package registry run: | version=$(./target/release/en --version) - api_root=https://git.jutty.dev/api/ + api_root=https://git.jutty.dev/api url=$api_root/packages/jutty/generic/en/$version/en-x86_64-linux-gnu curl -fsSL \ --user jutty:${{ secrets.GJD_REGISTRY_TOKEN }} \ --upload-file target/release/en $url - - - name: Print sha256sum - run: just shasum diff --git a/.forgejo/workflows/setup-tools.sh b/.forgejo/workflows/setup-tools.sh new file mode 100755 index 0000000..cd38738 --- /dev/null +++ b/.forgejo/workflows/setup-tools.sh @@ -0,0 +1,42 @@ +#!/usr/bin/env sh + +set -eu + +JUST_VERSION="1.45.0" +JUST_SHA256SUM="dc3f958aaf8c6506dd90426e9b03f86dd15e74a6467ee0e54929f750af3d9e49" +CARGO_LLVM_COV_VERSION="0.6.21" +CARGO_LLVM_COV_SHA256SUM="57f491aedf7cdb261538ceb49cbb1ee9d27df7ca205a5e1a009caaf5cb911afb" +CARGO_AUDIT_VERSION="0.22.1" +CARGO_AUDIT_TAG="cargo-audit%2Fv$CARGO_AUDIT_VERSION" +CARGO_AUDIT_SHA256SUM="1890badd5f15831a9af4b074399fcd21e6f7c0fe42c84e9254cdffc9f813765c" + +TRIPLE="x86_64-unknown-linux-gnu" +TRIPLE_MUSL="x86_64-unknown-linux-musl" + +fetch() { + repo="$1"; tag="$2"; filename="$3"; digest="$4"; binary="$5" + + [ -d /tmp/tools ] || mkdir -p /tmp/tools + + curl -fsSLO --output-dir /tmp \ + -w '%{stderr}HTTP %{response_code} %{url}\n' \ + "https://github.com/$repo/releases/download/$tag/$filename" + + printf '%s %s\n' "$digest" "/tmp/$filename" > /tmp/digest + sha256sum --check /tmp/digest + tar xf "/tmp/$filename" -C /tmp/tools + find /tmp/tools -type f -executable -name "$binary" \ + -exec mv -v '{}' /usr/local/bin ';' +} + +fetch casey/just "$JUST_VERSION" \ + "just-$JUST_VERSION-$TRIPLE_MUSL.tar.gz" \ + "$JUST_SHA256SUM" just + +fetch taiki-e/cargo-llvm-cov "v$CARGO_LLVM_COV_VERSION" \ + "cargo-llvm-cov-$TRIPLE.tar.gz" \ + "$CARGO_LLVM_COV_SHA256SUM" cargo-llvm-cov + +fetch rustsec/rustsec "$CARGO_AUDIT_TAG" \ + "cargo-audit-$TRIPLE-v$CARGO_AUDIT_VERSION.tgz" \ + "$CARGO_AUDIT_SHA256SUM" cargo-audit diff --git a/.justfile b/.justfile index 64a65ee..66e7370 100644 --- a/.justfile +++ b/.justfile @@ -134,13 +134,43 @@ cover-open: alias oo := cover-open +# Tag HEAD with version from Cargo.toml +[script, group: 'assess'] +tag: update && version-assess + last_tag=$(git describe --tags --abbrev=0 \ + $(git rev-list --tags --max-count=1) | tr -d v) + manifest_version=$(grep '^version' Cargo.toml | cut -d \" -f 2) + lockfile_version=$(grep -A 1 'name = "en"' Cargo.lock | + grep version | cut -d '"' -f 2) + + if [ "$last_tag" = "$manifest_version" ]; then + echo "Last tag $last_tag and manifest ($manifest_version) already match" + exit 1 + elif [ "$manifest_version" != "$lockfile_version" ]; then + echo "Manifest and lockfile versions don't match: update failed?" + exit 1 + fi + + git tag "v$manifest_version" HEAD + # Verify and push [group: 'develop'] push: verify git push + git push --tags alias p := push +# Push without verifying +[group: 'develop'] +push-unsafe: + git push --no-verify + git push --tags --no-verify + +alias pu := push-unsafe + +# DOCUMENT + # Generate crate documentation [group: 'document'] doc: @@ -229,13 +259,14 @@ verify: git status exit 1 fi - {{ just_cmd }} update version-assess format-assess lint-assess check test cover-assess + {{ just_cmd }} update version-assess \ + security-assess format-assess lint-assess check test cover-assess alias v := verify # Check tag-manifest consistency [script, group: 'assess'] -version-assess: +version-assess: update last_tag=$(git describe --tags --abbrev=0 \ $(git rev-list --tags --max-count=1) | tr -d v) manifest_version=$(grep '^version' Cargo.toml | cut -d \" -f 2) @@ -252,6 +283,11 @@ version-assess: alias va := version-assess +# Audit security advisories +security-assess: + cargo audit --deny warnings +alias sa := security-assess + # BUILD # Cleanup build artifacts diff --git a/Cargo.lock b/Cargo.lock index 2c44a23..f47ad70 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -123,9 +123,9 @@ dependencies = [ [[package]] name = "bumpalo" -version = "3.20.1" +version = "3.20.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5c6f81257d10a0f602a294ae4182251151ff97dbb504ef9afcdda4a64b24d9b4" +checksum = "5d20789868f4b01b2f2caec9f5c4e0213b41e3e5702a50157d699ae31ced2fcb" [[package]] name = "bytes" @@ -151,9 +151,9 @@ checksum = "9330f8b2ff13f34540b44e946ef35111825727b38d33286ef986142615121801" [[package]] name = "chrono" -version = "0.4.43" +version = "0.4.44" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fac4744fb15ae8337dc853fee7fb3f4e48c0fbaa23d0afe49c447b4fab126118" +checksum = "c673075a2e0e5f4a1dde27ce9dee1ea4558c7ffe648f576438a20ca1d2acc4b0" dependencies = [ "iana-time-zone", "num-traits", @@ -259,7 +259,7 @@ dependencies = [ [[package]] name = "en" -version = "0.1.7" +version = "0.1.0" dependencies = [ "axum", "serde", @@ -534,9 +534,9 @@ checksum = "92ecc6618181def0457392ccd0ee51198e065e016d1d527a7ac1b6dc7c1f09d2" [[package]] name = "js-sys" -version = "0.3.85" +version = "0.3.91" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8c942ebf8e95485ca0d52d97da7c5a2c387d0e7f0ba4c35e93bfcaee045955b3" +checksum = "b49715b7073f385ba4bc528e5747d02e66cb39c6146efb66b781f131f0fb399c" dependencies = [ "once_cell", "wasm-bindgen", @@ -718,9 +718,9 @@ dependencies = [ [[package]] name = "pin-project-lite" -version = "0.2.16" +version = "0.2.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3b3cff922bd51709b605d9ead9aa71031d81447142d828eb4a6eba76fe619f9b" +checksum = "a89322df9ebe1c1578d689c92318e070967d1042b512afbe49518723f4e6d5cd" [[package]] name = "pin-utils" @@ -810,9 +810,9 @@ dependencies = [ [[package]] name = "regex-syntax" -version = "0.8.9" +version = "0.8.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a96887878f22d7bad8a3b6dc5b7440e0ada9a245242924394987b21cf2210a4c" +checksum = "dc897dd8d9e8bd1ed8cdad82b5966c3e0ecae09fb1907d58efaa013543185d0a" [[package]] name = "ring" @@ -830,9 +830,9 @@ dependencies = [ [[package]] name = "rustls" -version = "0.23.36" +version = "0.23.37" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c665f33d38cea657d9614f766881e4d510e0eda4239891eea56b4cadcf01801b" +checksum = "758025cb5fccfd3bc2fd74708fd4682be41d99e5dff73c377c0646c6012c73a4" dependencies = [ "log", "once_cell", @@ -1028,9 +1028,9 @@ checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292" [[package]] name = "syn" -version = "2.0.116" +version = "2.0.117" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3df424c70518695237746f84cede799c9c58fcb37450d7b23716568cc8bc69cb" +checksum = "e665b8803e7b1d2a727f4023456bbbbe74da67099c585258af0ad9c5013b9b99" dependencies = [ "proc-macro2", "quote", @@ -1266,9 +1266,9 @@ checksum = "ccf3ec651a847eb01de73ccad15eb7d99f80485de043efb2f370cd654f4ea44b" [[package]] name = "wasm-bindgen" -version = "0.2.108" +version = "0.2.114" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "64024a30ec1e37399cf85a7ffefebdb72205ca1c972291c51512360d90bd8566" +checksum = "6532f9a5c1ece3798cb1c2cfdba640b9b3ba884f5db45973a6f442510a87d38e" dependencies = [ "cfg-if", "once_cell", @@ -1279,9 +1279,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro" -version = "0.2.108" +version = "0.2.114" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "008b239d9c740232e71bd39e8ef6429d27097518b6b30bdf9086833bd5b6d608" +checksum = "18a2d50fcf105fb33bb15f00e7a77b772945a2ee45dcf454961fd843e74c18e6" dependencies = [ "quote", "wasm-bindgen-macro-support", @@ -1289,9 +1289,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro-support" -version = "0.2.108" +version = "0.2.114" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5256bae2d58f54820e6490f9839c49780dff84c65aeab9e772f15d5f0e913a55" +checksum = "03ce4caeaac547cdf713d280eda22a730824dd11e6b8c3ca9e42247b25c631e3" dependencies = [ "bumpalo", "proc-macro2", @@ -1302,9 +1302,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-shared" -version = "0.2.108" +version = "0.2.114" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1f01b580c9ac74c8d8f0c0e4afb04eeef2acf145458e52c03845ee9cd23e3d12" +checksum = "75a326b8c223ee17883a4251907455a2431acc2791c98c26279376490c378c16" dependencies = [ "unicode-ident", ] @@ -1550,18 +1550,18 @@ checksum = "5a5364e9d77fcdeeaa6062ced926ee3381faa2ee02d3eb83a5c27a8825540829" [[package]] name = "zerocopy" -version = "0.8.39" +version = "0.8.40" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "db6d35d663eadb6c932438e763b262fe1a70987f9ae936e60158176d710cae4a" +checksum = "a789c6e490b576db9f7e6b6d661bcc9799f7c0ac8352f56ea20193b2681532e5" dependencies = [ "zerocopy-derive", ] [[package]] name = "zerocopy-derive" -version = "0.8.39" +version = "0.8.40" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4122cd3169e94605190e77839c9a40d40ed048d305bfdc146e7df40ab0f3e517" +checksum = "f65c489a7071a749c849713807783f70672b28094011623e200cb86dcb835953" dependencies = [ "proc-macro2", "quote", diff --git a/Cargo.toml b/Cargo.toml index e431de5..fe2cf4a 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "en" -version = "0.1.7" +version = "0.1.0" description = "A non-linear writing instrument." license = "AGPL-3.0-only" diff --git a/static/graph.toml b/static/graph.toml index a8007a9..92fc356 100644 --- a/static/graph.toml +++ b/static/graph.toml @@ -834,12 +834,17 @@ text = """ - [x] Checkboxes - [x] Move this roadmap to en - [ ] Special sections - - [ ] Definition (implies metadata `has_definition`) - - [ ] See also (implies a kind of connection, e.g. `related`) - - [ ] Not to be confused with (implies a kind of connection) + - [ ] Top-bound + - [ ] Top-bound is not included in the summary (tooltip) + - Sections + - [ ] Definition (implies metadata `has_definition`) + - [ ] See also (implies a kind of connection, e.g. `related`) + - [ ] Not to be confused with (implies a kind of connection) - [ ] Contrast with (implies a kind of connection) - [ ] Example (implies metadata `has_example`) - - [ ] References/influences (implies metadata `has_references`) + - [ ] Bottom-bound + - [ ] References/influences (implies metadata `has_references`) + - [ ] Aggregated from the full text content - [ ] Meta-awareness - [x] Detached edges - [ ] Most linked to nodes