chore: maintenance

Signed-off-by: simonsan <[email protected]>
simonsan · Mar 17, 2024 · 415ba40 · 415ba40
1 parent 6b78181
commit 415ba40
Show file tree

Hide file tree

Showing 16 changed files with 1,235 additions and 99 deletions.
diff --git a/.dprint.json b/.dprint.json
@@ -0,0 +1,30 @@
+{
+    "lineWidth": 80,
+    "markdown": {
+        "lineWidth": 80,
+        "emphasisKind": "asterisks",
+        "strongKind": "asterisks",
+        "textWrap": "always"
+    },
+    "toml": {
+        "lineWidth": 80
+    },
+    "json": {
+        "lineWidth": 80,
+        "indentWidth": 4
+    },
+    "includes": [
+        "**/*.{md}",
+        "**/*.{toml}",
+        "**/*.{json}"
+    ],
+    "excludes": [
+        "target/**/*",
+        "CHANGELOG.md"
+    ],
+    "plugins": [
+        "https://plugins.dprint.dev/markdown-0.16.4.wasm",
+        "https://plugins.dprint.dev/toml-0.6.1.wasm",
+        "https://plugins.dprint.dev/json-0.19.2.wasm"
+    ]
+}
diff --git a/.env b/.env
@@ -0,0 +1 @@
+RHACK_CURRENT_VERSION = 0.1.2
diff --git a/.github/renovate.json b/.github/renovate.json
@@ -0,0 +1,53 @@
+{
+    "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+    "extends": [
+        "config:recommended",
+        ":dependencyDashboard"
+    ],
+    "separateMinorPatch": false,
+    "prHourlyLimit": 1,
+    "prConcurrentLimit": 1,
+    "rebaseConflictedPrs": false,
+    "rebaseStalePrs": false,
+    "major": {
+        "dependencyDashboardApproval": true
+    },
+    "labels": [
+        "A-dependencies"
+    ],
+    "packageRules": [
+        {
+            "description": "Automerge pin updates for GitHub Actions",
+            "matchDatasources": [
+                "github-actions"
+            ],
+            "matchDepTypes": [
+                "action"
+            ],
+            "matchUpdateTypes": [
+                "pin",
+                "digest",
+                "pinDigest"
+            ],
+            "labels": [
+                "A-ci"
+            ],
+            "automerge": true
+        },
+        {
+            "matchDatasources": [
+                "cargo"
+            ],
+            "extends": [
+                "schedule:weekly"
+            ]
+        }
+    ],
+    "lockFileMaintenance": {
+        "enabled": true,
+        "automerge": true,
+        "extends": [
+            "schedule:monthly"
+        ]
+    }
+}
diff --git a/.github/workflows/audit.yaml b/.github/workflows/audit.yaml
@@ -0,0 +1,112 @@
+name: Security audit
+
+permissions:
+  contents: read
+
+on:
+  pull_request:
+  schedule:
+    # Runs at 00:00 UTC everyday
+    - cron: "0 0 * * *"
+  push:
+    paths:
+      - "**/Cargo.toml"
+      - "**/Cargo.lock"
+      - "crates/**/Cargo.toml"
+      - "crates/**/Cargo.lock"
+  merge_group:
+    types: [checks_requested]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+jobs:
+  audit:
+    if: ${{ github.repository_owner == 'simonsan' }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Install Rust toolchain
+        uses: dtolnay/rust-toolchain@v1
+        with:
+          toolchain: stable
+      - uses: Swatinem/rust-cache@v2
+
+      - uses: rustsec/audit-check@v1
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+  cargo-deny:
+    name: Run cargo-deny
+    if: ${{ github.repository_owner == 'simonsan' }}
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: EmbarkStudios/cargo-deny-action@v1
+        with:
+          command: check bans licenses sources
+
+  # https://twitter.com/mycoliza/status/1571295690063753218
+  nightly:
+    runs-on: ubuntu-latest
+    name: ubuntu / nightly
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          submodules: true
+      - name: Install nightly
+        uses: dtolnay/rust-toolchain@nightly
+      - name: cargo generate-lockfile
+        if: hashFiles('Cargo.lock') == ''
+        run: cargo generate-lockfile
+      - name: cargo test --locked
+        run: cargo test --locked --all-features --all-targets
+
+  # https://twitter.com/alcuadrado/status/1571291687837732873
+  update:
+    # This action checks that updating the dependencies of this crate to the latest available that
+    # satisfy the versions in Cargo.toml does not break this crate. This is important as consumers
+    # of this crate will generally use the latest available crates. This is subject to the standard
+    # Cargo semver rules (i.e cargo does not update to a new major version unless explicitly told
+    # to).
+    runs-on: ubuntu-latest
+    name: ubuntu / beta / updated
+    # There's no point running this if no Cargo.lock was checked in in the first place, since we'd
+    # just redo what happened in the regular test job. Unfortunately, hashFiles only works in if on
+    # steps, so we repeat it.
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          submodules: true
+      - name: Install beta
+        if: hashFiles('Cargo.lock') != ''
+        uses: dtolnay/rust-toolchain@beta
+      - name: cargo update
+        if: hashFiles('Cargo.lock') != ''
+        run: cargo update
+      - name: cargo test
+        if: hashFiles('Cargo.lock') != ''
+        run: cargo test --locked --all-features --all-targets
+        env:
+          RUSTFLAGS: -D deprecated
+
+  result:
+    if: ${{ github.repository_owner == 'simonsan' }}
+    name: Result (Audit)
+    runs-on: ubuntu-latest
+    needs:
+      - audit
+      - cargo-deny
+      - nightly
+      - update
+    steps:
+      - name: Mark the job as successful
+        run: exit 0
+        if: success()
+      - name: Mark the job as unsuccessful
+        run: exit 1
+        if: "!success()"
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -0,0 +1,194 @@
+name: Continuous Integration
+
+on:
+  pull_request:
+    paths-ignore:
+      - "**/*.md"
+  push:
+    branches:
+      - main
+      - "renovate/**"
+    paths-ignore:
+      - "**/*.md"
+  schedule:
+    - cron: "0 0 * * 0"
+  merge_group:
+    types: [checks_requested]
+
+# If new code is pushed to a PR branch, then cancel in progress workflows for that PR. Ensures that
+# we don't waste CI time, and returns results quicker https://github.com/jonhoo/rust-ci-conf/pull/5
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+env:
+  CI: true
+
+jobs:
+  fmt:
+    name: Rustfmt
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install Rust toolchain
+        uses: dtolnay/rust-toolchain@v1
+        with:
+          toolchain: stable
+          components: rustfmt
+      - name: Run Cargo Fmt
+        run: cargo fmt --all -- --check
+
+  clippy:
+    name: Clippy
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        # Get early warning of new lints which are regularly introduced in beta channels.
+        toolchain: [stable, beta]
+    steps:
+      - uses: actions/checkout@v4 # v4
+
+      - name: Install Rust ${{ matrix.toolchain }}
+        uses: dtolnay/rust-toolchain@v1
+        with:
+          toolchain: ${{ matrix.toolchain }}
+          components: clippy
+
+      - uses: Swatinem/rust-cache@v2
+      - name: Run clippy
+        run: cargo clippy --all-targets -- -D warnings
+
+  test:
+    name: Test
+    runs-on: ${{ matrix.job.os }}
+    strategy:
+      fail-fast: false
+      matrix:
+        # Get early warning of new lints which are regularly introduced in beta channels.
+        toolchain: [stable, beta]
+        job:
+          - os: macos-latest
+          - os: ubuntu-latest
+          - os: windows-latest
+    steps:
+      - uses: actions/checkout@v4 # v4
+        if: github.event_name != 'pull_request'
+        with:
+          fetch-depth: 0
+
+      - uses: actions/checkout@v4 # v4
+        if: github.event_name == 'pull_request'
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+          fetch-depth: 0
+
+      - name: Install Rust ${{ matrix.toolchain }}
+        uses: dtolnay/rust-toolchain@v1
+        with:
+          toolchain: ${{ matrix.toolchain }}
+      - uses: Swatinem/rust-cache@v2
+      - name: Run Cargo Test
+        id: run_tests
+        # run: cargo test -r --all-targets --features ${{ matrix.feature }} --workspace
+        run: cargo test -r --all-targets --workspace
+        env:
+          INSTA_UPDATE: new
+      - name: Upload snapshots of failed tests
+        if: ${{ failure() && steps.run_tests.outcome == 'failure' }}
+        uses: actions/upload-artifact@v3
+        with:
+          name: failed-snapshots
+          path: "**/snapshots/*.snap.new"
+
+  docs:
+    name: Build docs
+    runs-on: ${{ matrix.job.os }}
+    strategy:
+      matrix:
+        rust: [stable]
+        job:
+          - os: macos-latest
+          - os: ubuntu-latest
+          - os: windows-latest
+    steps:
+      - uses: actions/checkout@v4 # v4
+        if: github.event_name != 'pull_request'
+        with:
+          fetch-depth: 0
+
+      - uses: actions/checkout@v4 # v4
+        if: github.event_name == 'pull_request'
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+          fetch-depth: 0
+
+      - name: Install Rust toolchain
+        uses: dtolnay/rust-toolchain@v1
+        with:
+          toolchain: nightly
+      - uses: Swatinem/rust-cache@v2
+
+      - name: cargo doc
+        run: cargo doc --no-deps --all-features --workspace --examples
+        env:
+          RUSTDOCFLAGS: --cfg docsrs
+
+  msrv:
+    name: Check MSRV
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        crate: [cargo-rhack]
+        msrv: [1.65.0]
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install ${{ matrix.msrv }}
+        uses: dtolnay/rust-toolchain@master
+        with:
+          toolchain: ${{ matrix.msrv }}
+
+      - name: Install cargo-hack
+        uses: taiki-e/install-action@v2
+        with:
+          tool: cargo-hack
+
+      - name: Run Cargo Hack
+        run: cargo hack check --rust-version -p ${{ matrix.crate }}
+
+  powerset:
+    # cargo-hack checks combinations of feature flags to ensure that features are all additive
+    # which is required for feature unification
+    runs-on: ubuntu-latest
+    name: ubuntu / stable / features
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          submodules: true
+      - name: Install stable
+        uses: dtolnay/rust-toolchain@stable
+      - name: cargo install cargo-hack
+        uses: taiki-e/install-action@cargo-hack
+      # intentionally no target specifier; see https://github.com/jonhoo/rust-ci-conf/pull/4
+      # --feature-powerset runs for every combination of features
+      - name: cargo hack
+        run: cargo hack --feature-powerset check
+
+  result:
+    name: Result (CI)
+    runs-on: ubuntu-latest
+    needs:
+      - fmt
+      - clippy
+      - test
+      - docs
+      - msrv
+      - powerset
+    steps:
+      - name: Mark the job as successful
+        run: exit 0
+        if: success()
+      - name: Mark the job as unsuccessful
+        run: exit 1
+        if: "!success()"