From b794de4f9379363608532be8ab7bba1172a1ef8e Mon Sep 17 00:00:00 2001 From: jutty Date: Sun, 1 Mar 2026 04:02:09 -0300 Subject: [PATCH] Merge ci-testing: publish to GJD registry on tag push commit d6fa2986eca62f79761dffa0ccacdcf6898257e3 Author: jutty Date: Sun Mar 1 03:18:50 2026 -0300 Add tag and push-unsafe recipes to justfile commit 6a239e1708b9b114f2dc37e07541f73f4c6c4522 Author: jutty Date: Sun Mar 1 03:18:21 2026 -0300 Update roadmap commit a3da368573811cf4d7c83ce3d1cdc5fa753da986 Author: jutty Date: Thu Feb 26 20:56:48 2026 -0300 Cleanup CI testing files commit b56f53bdc27b14c8624ad134b292800fce82e12b Author: jutty Date: Thu Feb 26 20:17:10 2026 -0300 CI: Adjust curl logging, add a job for internal networking tests commit 435e478b01742f3c83199e4c9ad4892c2f567898 Author: jutty Date: Wed Feb 25 02:35:20 2026 -0300 CI: Move sha256sum calculation before registry upload commit 727ea16769da9825297b6ce78b9c4e913fe8e87d Author: jutty Date: Wed Feb 25 01:51:05 2026 -0300 CI: Add curl -f fail flag to extra tools binary fetching commit 2ff7a6cf1bdebfa24c2eaea957827b6258dcc0ad Author: jutty Date: Wed Feb 25 01:48:00 2026 -0300 CI: Make additional tooling move to /usr/local/bin verbose commit bf88f86bce124eb83dc6a9ad1a4870490df16835 Author: jutty Date: Wed Feb 25 01:40:32 2026 -0300 CI: Adapt to cargo-audit outlier URL structure commit 291081359ef8ad347bb5586a5f1ff0e83e489f27 Author: jutty Date: Wed Feb 25 01:29:13 2026 -0300 CI: Deduplicate additional tool fetching While this moves the source of truth for CI tooling versions to somewhere outside the workflow definitions, it also avoids duplication and keeps debug (check.yaml) and production (publish.yaml) verifications fully independent. commit 7d2a234fc3993a32e511cc48d46117157313f1fd Author: jutty Date: Wed Feb 25 00:32:51 2026 -0300 Add cargo-audit security assessment commit ed30ee7b75933f5378cda070b9e5b514b58103af Author: jutty Date: Thu Feb 19 02:06:42 2026 -0300 CI: Add wildcard branch to check workflow --- .forgejo/workflows/check.yaml | 32 +++--------------- .forgejo/workflows/publish.yaml | 37 +++------------------ .forgejo/workflows/setup-tools.sh | 42 ++++++++++++++++++++++++ .justfile | 40 +++++++++++++++++++++-- Cargo.lock | 54 +++++++++++++++---------------- Cargo.toml | 2 +- static/graph.toml | 13 +++++--- 7 files changed, 126 insertions(+), 94 deletions(-) create mode 100755 .forgejo/workflows/setup-tools.sh diff --git a/.forgejo/workflows/check.yaml b/.forgejo/workflows/check.yaml index 12d5cab..1bb2eab 100644 --- a/.forgejo/workflows/check.yaml +++ b/.forgejo/workflows/check.yaml @@ -1,5 +1,7 @@ on: push: + branches: + - '*' paths: - src/** - tests/** @@ -7,11 +9,6 @@ on: - .forgejo/** - Cargo.toml - Cargo.lock -env: - JUST_VERSION: 1.45.0 - JUST_SHA256SUM: dc3f958aaf8c6506dd90426e9b03f86dd15e74a6467ee0e54929f750af3d9e49 - CARGO_LLVM_COV_VERSION: 0.6.21 - CARGO_LLVM_COV_SHA256SUM: 57f491aedf7cdb261538ceb49cbb1ee9d27df7ca205a5e1a009caaf5cb911afb jobs: verify: runs-on: docker @@ -20,8 +17,7 @@ jobs: image: rust:slim steps: - name: Install action dependencies - run: | - apt-get install --no-install-recommends --update -y nodejs curl + run: apt-get install --no-install-recommends --update -y nodejs curl - name: Checkout code uses: actions/checkout@v6 @@ -32,27 +28,7 @@ jobs: rustup component add --toolchain nightly rustfmt clippy - name: Setup additional tooling - run: | - fetch() { - repo="$1"; tag="$2"; filename="$3"; digest="$4" - - curl -sSLO -w '%{stderr}HTTP %{response_code} %{url}\n' \ - "https://github.com/$repo/releases/download/$tag/$filename" - - printf '%s %s\n' "$digest" "$filename" > digest - sha256sum --check digest && tar xf "$filename" -C tools - } - - mkdir tools - - fetch casey/just ${{ env.JUST_VERSION }} \ - just-${{ env.JUST_VERSION }}-x86_64-unknown-linux-musl.tar.gz \ - ${{ env.JUST_SHA256SUM }} - fetch taiki-e/cargo-llvm-cov v${{ env.CARGO_LLVM_COV_VERSION }} \ - cargo-llvm-cov-x86_64-unknown-linux-gnu.tar.gz \ - ${{ env.CARGO_LLVM_COV_SHA256SUM }} - - mv -v tools/just tools/cargo-llvm-cov /usr/local/bin + run: .forgejo/workflows/setup-tools.sh - name: Build run: just build diff --git a/.forgejo/workflows/publish.yaml b/.forgejo/workflows/publish.yaml index 9be60d6..d4746dc 100644 --- a/.forgejo/workflows/publish.yaml +++ b/.forgejo/workflows/publish.yaml @@ -2,11 +2,6 @@ on: push: tags: - 'v*' -env: - JUST_VERSION: 1.45.0 - JUST_SHA256SUM: dc3f958aaf8c6506dd90426e9b03f86dd15e74a6467ee0e54929f750af3d9e49 - CARGO_LLVM_COV_VERSION: 0.6.21 - CARGO_LLVM_COV_SHA256SUM: 57f491aedf7cdb261538ceb49cbb1ee9d27df7ca205a5e1a009caaf5cb911afb jobs: publish: runs-on: docker @@ -27,41 +22,19 @@ jobs: rustup component add --toolchain nightly rustfmt clippy - name: Setup additional tooling - run: | - fetch() { - repo="$1"; tag="$2"; filename="$3"; digest="$4" - - curl -sSLO --output-dir /tmp \ - -w '%{stderr}HTTP %{response_code} %{url}\n' \ - "https://github.com/$repo/releases/download/$tag/$filename" - - printf '%s %s\n' "$digest" "/tmp/$filename" > /tmp/digest - sha256sum --check /tmp/digest - tar xf "/tmp/$filename" -C /tmp/tools - } - - mkdir /tmp/tools - - fetch casey/just ${{ env.JUST_VERSION }} \ - just-${{ env.JUST_VERSION }}-x86_64-unknown-linux-musl.tar.gz \ - ${{ env.JUST_SHA256SUM }} - fetch taiki-e/cargo-llvm-cov v${{ env.CARGO_LLVM_COV_VERSION }} \ - cargo-llvm-cov-x86_64-unknown-linux-gnu.tar.gz \ - ${{ env.CARGO_LLVM_COV_SHA256SUM }} - - mv -v /tmp/tools/just /tmp/tools/cargo-llvm-cov /usr/local/bin + run: .forgejo/workflows/setup-tools.sh - name: Build release binary run: just full-build + - name: Calculate SHA-256 hash + run: just shasum + - name: Publish to git.jutty.dev package registry run: | version=$(./target/release/en --version) - api_root=https://git.jutty.dev/api/ + api_root=https://git.jutty.dev/api url=$api_root/packages/jutty/generic/en/$version/en-x86_64-linux-gnu curl -fsSL \ --user jutty:${{ secrets.GJD_REGISTRY_TOKEN }} \ --upload-file target/release/en $url - - - name: Print sha256sum - run: just shasum diff --git a/.forgejo/workflows/setup-tools.sh b/.forgejo/workflows/setup-tools.sh new file mode 100755 index 0000000..cd38738 --- /dev/null +++ b/.forgejo/workflows/setup-tools.sh @@ -0,0 +1,42 @@ +#!/usr/bin/env sh + +set -eu + +JUST_VERSION="1.45.0" +JUST_SHA256SUM="dc3f958aaf8c6506dd90426e9b03f86dd15e74a6467ee0e54929f750af3d9e49" +CARGO_LLVM_COV_VERSION="0.6.21" +CARGO_LLVM_COV_SHA256SUM="57f491aedf7cdb261538ceb49cbb1ee9d27df7ca205a5e1a009caaf5cb911afb" +CARGO_AUDIT_VERSION="0.22.1" +CARGO_AUDIT_TAG="cargo-audit%2Fv$CARGO_AUDIT_VERSION" +CARGO_AUDIT_SHA256SUM="1890badd5f15831a9af4b074399fcd21e6f7c0fe42c84e9254cdffc9f813765c" + +TRIPLE="x86_64-unknown-linux-gnu" +TRIPLE_MUSL="x86_64-unknown-linux-musl" + +fetch() { + repo="$1"; tag="$2"; filename="$3"; digest="$4"; binary="$5" + + [ -d /tmp/tools ] || mkdir -p /tmp/tools + + curl -fsSLO --output-dir /tmp \ + -w '%{stderr}HTTP %{response_code} %{url}\n' \ + "https://github.com/$repo/releases/download/$tag/$filename" + + printf '%s %s\n' "$digest" "/tmp/$filename" > /tmp/digest + sha256sum --check /tmp/digest + tar xf "/tmp/$filename" -C /tmp/tools + find /tmp/tools -type f -executable -name "$binary" \ + -exec mv -v '{}' /usr/local/bin ';' +} + +fetch casey/just "$JUST_VERSION" \ + "just-$JUST_VERSION-$TRIPLE_MUSL.tar.gz" \ + "$JUST_SHA256SUM" just + +fetch taiki-e/cargo-llvm-cov "v$CARGO_LLVM_COV_VERSION" \ + "cargo-llvm-cov-$TRIPLE.tar.gz" \ + "$CARGO_LLVM_COV_SHA256SUM" cargo-llvm-cov + +fetch rustsec/rustsec "$CARGO_AUDIT_TAG" \ + "cargo-audit-$TRIPLE-v$CARGO_AUDIT_VERSION.tgz" \ + "$CARGO_AUDIT_SHA256SUM" cargo-audit diff --git a/.justfile b/.justfile index 64a65ee..66e7370 100644 --- a/.justfile +++ b/.justfile @@ -134,13 +134,43 @@ cover-open: alias oo := cover-open +# Tag HEAD with version from Cargo.toml +[script, group: 'assess'] +tag: update && version-assess + last_tag=$(git describe --tags --abbrev=0 \ + $(git rev-list --tags --max-count=1) | tr -d v) + manifest_version=$(grep '^version' Cargo.toml | cut -d \" -f 2) + lockfile_version=$(grep -A 1 'name = "en"' Cargo.lock | + grep version | cut -d '"' -f 2) + + if [ "$last_tag" = "$manifest_version" ]; then + echo "Last tag $last_tag and manifest ($manifest_version) already match" + exit 1 + elif [ "$manifest_version" != "$lockfile_version" ]; then + echo "Manifest and lockfile versions don't match: update failed?" + exit 1 + fi + + git tag "v$manifest_version" HEAD + # Verify and push [group: 'develop'] push: verify git push + git push --tags alias p := push +# Push without verifying +[group: 'develop'] +push-unsafe: + git push --no-verify + git push --tags --no-verify + +alias pu := push-unsafe + +# DOCUMENT + # Generate crate documentation [group: 'document'] doc: @@ -229,13 +259,14 @@ verify: git status exit 1 fi - {{ just_cmd }} update version-assess format-assess lint-assess check test cover-assess + {{ just_cmd }} update version-assess \ + security-assess format-assess lint-assess check test cover-assess alias v := verify # Check tag-manifest consistency [script, group: 'assess'] -version-assess: +version-assess: update last_tag=$(git describe --tags --abbrev=0 \ $(git rev-list --tags --max-count=1) | tr -d v) manifest_version=$(grep '^version' Cargo.toml | cut -d \" -f 2) @@ -252,6 +283,11 @@ version-assess: alias va := version-assess +# Audit security advisories +security-assess: + cargo audit --deny warnings +alias sa := security-assess + # BUILD # Cleanup build artifacts diff --git a/Cargo.lock b/Cargo.lock index 2c44a23..f47ad70 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -123,9 +123,9 @@ dependencies = [ [[package]] name = "bumpalo" -version = "3.20.1" +version = "3.20.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5c6f81257d10a0f602a294ae4182251151ff97dbb504ef9afcdda4a64b24d9b4" +checksum = "5d20789868f4b01b2f2caec9f5c4e0213b41e3e5702a50157d699ae31ced2fcb" [[package]] name = "bytes" @@ -151,9 +151,9 @@ checksum = "9330f8b2ff13f34540b44e946ef35111825727b38d33286ef986142615121801" [[package]] name = "chrono" -version = "0.4.43" +version = "0.4.44" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fac4744fb15ae8337dc853fee7fb3f4e48c0fbaa23d0afe49c447b4fab126118" +checksum = "c673075a2e0e5f4a1dde27ce9dee1ea4558c7ffe648f576438a20ca1d2acc4b0" dependencies = [ "iana-time-zone", "num-traits", @@ -259,7 +259,7 @@ dependencies = [ [[package]] name = "en" -version = "0.1.7" +version = "0.1.0" dependencies = [ "axum", "serde", @@ -534,9 +534,9 @@ checksum = "92ecc6618181def0457392ccd0ee51198e065e016d1d527a7ac1b6dc7c1f09d2" [[package]] name = "js-sys" -version = "0.3.85" +version = "0.3.91" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8c942ebf8e95485ca0d52d97da7c5a2c387d0e7f0ba4c35e93bfcaee045955b3" +checksum = "b49715b7073f385ba4bc528e5747d02e66cb39c6146efb66b781f131f0fb399c" dependencies = [ "once_cell", "wasm-bindgen", @@ -718,9 +718,9 @@ dependencies = [ [[package]] name = "pin-project-lite" -version = "0.2.16" +version = "0.2.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3b3cff922bd51709b605d9ead9aa71031d81447142d828eb4a6eba76fe619f9b" +checksum = "a89322df9ebe1c1578d689c92318e070967d1042b512afbe49518723f4e6d5cd" [[package]] name = "pin-utils" @@ -810,9 +810,9 @@ dependencies = [ [[package]] name = "regex-syntax" -version = "0.8.9" +version = "0.8.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a96887878f22d7bad8a3b6dc5b7440e0ada9a245242924394987b21cf2210a4c" +checksum = "dc897dd8d9e8bd1ed8cdad82b5966c3e0ecae09fb1907d58efaa013543185d0a" [[package]] name = "ring" @@ -830,9 +830,9 @@ dependencies = [ [[package]] name = "rustls" -version = "0.23.36" +version = "0.23.37" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c665f33d38cea657d9614f766881e4d510e0eda4239891eea56b4cadcf01801b" +checksum = "758025cb5fccfd3bc2fd74708fd4682be41d99e5dff73c377c0646c6012c73a4" dependencies = [ "log", "once_cell", @@ -1028,9 +1028,9 @@ checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292" [[package]] name = "syn" -version = "2.0.116" +version = "2.0.117" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3df424c70518695237746f84cede799c9c58fcb37450d7b23716568cc8bc69cb" +checksum = "e665b8803e7b1d2a727f4023456bbbbe74da67099c585258af0ad9c5013b9b99" dependencies = [ "proc-macro2", "quote", @@ -1266,9 +1266,9 @@ checksum = "ccf3ec651a847eb01de73ccad15eb7d99f80485de043efb2f370cd654f4ea44b" [[package]] name = "wasm-bindgen" -version = "0.2.108" +version = "0.2.114" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "64024a30ec1e37399cf85a7ffefebdb72205ca1c972291c51512360d90bd8566" +checksum = "6532f9a5c1ece3798cb1c2cfdba640b9b3ba884f5db45973a6f442510a87d38e" dependencies = [ "cfg-if", "once_cell", @@ -1279,9 +1279,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro" -version = "0.2.108" +version = "0.2.114" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "008b239d9c740232e71bd39e8ef6429d27097518b6b30bdf9086833bd5b6d608" +checksum = "18a2d50fcf105fb33bb15f00e7a77b772945a2ee45dcf454961fd843e74c18e6" dependencies = [ "quote", "wasm-bindgen-macro-support", @@ -1289,9 +1289,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro-support" -version = "0.2.108" +version = "0.2.114" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5256bae2d58f54820e6490f9839c49780dff84c65aeab9e772f15d5f0e913a55" +checksum = "03ce4caeaac547cdf713d280eda22a730824dd11e6b8c3ca9e42247b25c631e3" dependencies = [ "bumpalo", "proc-macro2", @@ -1302,9 +1302,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-shared" -version = "0.2.108" +version = "0.2.114" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1f01b580c9ac74c8d8f0c0e4afb04eeef2acf145458e52c03845ee9cd23e3d12" +checksum = "75a326b8c223ee17883a4251907455a2431acc2791c98c26279376490c378c16" dependencies = [ "unicode-ident", ] @@ -1550,18 +1550,18 @@ checksum = "5a5364e9d77fcdeeaa6062ced926ee3381faa2ee02d3eb83a5c27a8825540829" [[package]] name = "zerocopy" -version = "0.8.39" +version = "0.8.40" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "db6d35d663eadb6c932438e763b262fe1a70987f9ae936e60158176d710cae4a" +checksum = "a789c6e490b576db9f7e6b6d661bcc9799f7c0ac8352f56ea20193b2681532e5" dependencies = [ "zerocopy-derive", ] [[package]] name = "zerocopy-derive" -version = "0.8.39" +version = "0.8.40" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4122cd3169e94605190e77839c9a40d40ed048d305bfdc146e7df40ab0f3e517" +checksum = "f65c489a7071a749c849713807783f70672b28094011623e200cb86dcb835953" dependencies = [ "proc-macro2", "quote", diff --git a/Cargo.toml b/Cargo.toml index e431de5..fe2cf4a 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "en" -version = "0.1.7" +version = "0.1.0" description = "A non-linear writing instrument." license = "AGPL-3.0-only" diff --git a/static/graph.toml b/static/graph.toml index a8007a9..92fc356 100644 --- a/static/graph.toml +++ b/static/graph.toml @@ -834,12 +834,17 @@ text = """ - [x] Checkboxes - [x] Move this roadmap to en - [ ] Special sections - - [ ] Definition (implies metadata `has_definition`) - - [ ] See also (implies a kind of connection, e.g. `related`) - - [ ] Not to be confused with (implies a kind of connection) + - [ ] Top-bound + - [ ] Top-bound is not included in the summary (tooltip) + - Sections + - [ ] Definition (implies metadata `has_definition`) + - [ ] See also (implies a kind of connection, e.g. `related`) + - [ ] Not to be confused with (implies a kind of connection) - [ ] Contrast with (implies a kind of connection) - [ ] Example (implies metadata `has_example`) - - [ ] References/influences (implies metadata `has_references`) + - [ ] Bottom-bound + - [ ] References/influences (implies metadata `has_references`) + - [ ] Aggregated from the full text content - [ ] Meta-awareness - [x] Detached edges - [ ] Most linked to nodes