Revert "[PM-29567] Pin binary cargo tools via cargo-run-bin (#1143)"

This reverts commit a2734ac.

Author: coroiu

.github/renovate.json5

@@ -5,24 +5,14 @@
   enabledManagers: ["cargo", "dockerfile", "github-actions", "npm", "nuget", "custom.regex"],
   regexManagers: [
     {
-      // Pinned binary cargo tools declared in [workspace.metadata.bin].
-      // Matches only crates.io-sourced entries (git-pinned tools have `git =`
-      // immediately after the version field, so they are skipped here and
-      // remain manually managed).
-      fileMatch: ["^Cargo\\.toml$"],
-      matchStrings: [
-        '(?<depName>[a-z][a-z0-9_-]*)\\s*=\\s*\\{\\s*version\\s*=\\s*"=?(?<currentValue>\\d+\\.\\d+\\.\\d+)"\\s*,\\s*locked\\s*=\\s*true',
-      ],
-      datasourceTemplate: "crate",
-      versioningTemplate: "cargo",
-    },
-    {
-      // Bootstrap pin for cargo-run-bin in CI workflows.
       fileMatch: ["^\\.github/workflows/.*\\.ya?ml$"],
       matchStrings: [
-        "cargo install (?<depName>cargo-run-bin) --locked --version (?<currentValue>\\d+\\.\\d+\\.\\d+)",
+        "cargo install (?<depName>cargo-dylint) (?:[\\w-]+ )?--version (?<currentValue>\\d+\\.\\d+\\.\\d+) --locked",
+        "cargo install (?<depName>dylint-link) (?:[\\w-]+ )?--version (?<currentValue>\\d+\\.\\d+\\.\\d+) --locked",
+        "cargo install (?<depName>cargo-sort) --version (?<currentValue>\\d+\\.\\d+\\.\\d+) --locked",
+        "cargo install (?<depName>cargo-udeps) --version (?<currentValue>\\d+\\.\\d+\\.\\d+) --locked",
       ],
-      datasourceTemplate: "crate",
+      datasourceTemplate: "cargo",
       versioningTemplate: "cargo",
     },
   ],

.github/workflows/build-android.yml

@@ -47,13 +47,13 @@ jobs:
         with:
           key: ${{ matrix.settings.target }}-cargo
 
-      - name: Install cargo-run-bin
-        run: cargo install cargo-run-bin --locked --version 1.7.4
+      - name: Install Cross
+        run: cargo install cross --locked --git https://github.com/cross-rs/cross.git --rev 185398b1b885820515a212de720a306b08e2c8c9
 
       - name: Build
         env:
           TARGET: ${{ matrix.settings.target }}
-        run: cargo bin cross build -p bitwarden-uniffi --release --target=${{ matrix.settings.target }}
+        run: cross build -p bitwarden-uniffi --release --target=${{ matrix.settings.target }}
 
       - name: Upload artifact
         uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0

.github/workflows/build-rust-crates.yml

@@ -73,8 +73,8 @@ jobs:
       - name: Cache cargo registry
         uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
 
-      - name: Install cargo-run-bin
-        run: cargo install cargo-run-bin --locked --version 1.7.4
+      - name: Install cargo-release
+        run: cargo install cargo-release --version 0.25.20 --locked
 
       - name: Cargo release dry run
-        run: cargo bin cargo-release release publish --no-publish -p bitwarden-api-api -p bitwarden-api-identity -p bitwarden
+        run: cargo-release release publish --no-publish -p bitwarden-api-api -p bitwarden-api-identity -p bitwarden

.github/workflows/check-powerset.yml

@@ -37,10 +37,10 @@ jobs:
       - name: Cache cargo registry
         uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
 
-      - name: Install cargo-run-bin
-        run: cargo install cargo-run-bin --locked --version 1.7.4
+      - name: Install cargo-hack
+        run: cargo install cargo-hack --version 0.6.33 --locked
 
       - name: Build
-        run: cargo bin cargo-hack check --workspace --feature-powerset --no-dev-deps
+        run: cargo hack check --workspace --feature-powerset --no-dev-deps
         env:
           RUSTFLAGS: "-D warnings"

.github/workflows/lint.yml

@@ -42,11 +42,14 @@ jobs:
             needs_rust: true
           - check: sort
             needs_rust: true
+            install: cargo install cargo-sort --version 2.0.2 --locked
           - check: udeps
             needs_rust: true
             needs_rust_nightly: true
+            install: cargo install cargo-udeps --version 0.1.57 --locked
           - check: dylint
             needs_rust: true
+            install: cargo install cargo-dylint dylint-link --version 5.0.0 --locked
           - check: doc
             needs_rust: true
           - check: prettier
@@ -97,32 +100,20 @@ jobs:
         if: matrix.needs_rust
         uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
 
-      # Cache cargo-run-bin's built tools (.bin) separately from rust-cache. The
-      # tools depend only on their pinned versions (Cargo.toml) and the toolchain,
-      # not on Cargo.lock, so this key avoids rust-cache's lockfile rotation. Keyed
-      # per check so each one caches only the tools it builds, with no contention
-      # (rust-cache keys all matrix checks under one shared job-based key).
-      - name: Cache cargo-run-bin tools
-        if: matrix.needs_rust
-        uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
-        with:
-          path: .bin
-          key: cargo-bin-${{ runner.os }}-${{ matrix.check }}-${{ hashFiles('Cargo.toml', 'rust-toolchain.toml') }}
-          restore-keys: |
-            cargo-bin-${{ runner.os }}-${{ matrix.check }}-
+      - name: Install per-check cargo tool
+        if: matrix.install
+        run: ${{ matrix.install }}
 
-      - name: Install cargo-run-bin
-        if: matrix.needs_rust
-        run: cargo install cargo-run-bin --locked --version 1.7.4
+      - name: Install clippy-sarif and sarif-fmt
+        if: matrix.check == 'clippy'
+        run: cargo install clippy-sarif sarif-fmt --locked --git https://github.com/psastras/sarif-rs.git --rev 11c33a53f6ffeaed736856b86fb6b7b09fabdfd8
 
       - name: Run clippy with SARIF output
         if: matrix.check == 'clippy'
-        # Pass `-D warnings` to clippy directly rather than via RUSTFLAGS so the
-        # deny level applies only to the linted crates, not to the from-source
-        # builds of clippy-sarif/sarif-fmt that `cargo bin` triggers in this step
-        # (some of their transitive deps emit warnings we don't control).
-        run: cargo clippy --all-features --all-targets --message-format=json -- -D warnings |
-          cargo bin clippy-sarif | tee clippy_result.sarif | cargo bin sarif-fmt
+        env:
+          RUSTFLAGS: "-D warnings"
+        run: cargo clippy --all-features --all-targets --message-format=json |
+          clippy-sarif | tee clippy_result.sarif | sarif-fmt
 
       - name: Upload clippy results to GitHub
         if: matrix.check == 'clippy'

.github/workflows/rust-test.yml

@@ -105,11 +105,11 @@ jobs:
       - name: Cache cargo registry
         uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
 
-      - name: Install cargo-run-bin
-        run: cargo install cargo-run-bin --locked --version 1.7.4
+      - name: Install cargo-llvm-cov
+        run: cargo install cargo-llvm-cov --version 0.5.38 --locked
 
       - name: Generate coverage
-        run: cargo bin cargo-llvm-cov --all-features --lcov --output-path lcov.info --ignore-filename-regex "crates/bitwarden-api-"
+        run: cargo llvm-cov --all-features --lcov --output-path lcov.info --ignore-filename-regex "crates/bitwarden-api-"
 
       - name: Upload to codecov.io
         uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0

.github/workflows/version-bump.yml

@@ -35,8 +35,8 @@ jobs:
       - name: Cache cargo registry
         uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
 
-      - name: Install cargo-run-bin
-        run: cargo install cargo-run-bin --locked --version 1.7.4
+      - name: Install cargo-release
+        run: cargo install cargo-edit --locked
 
       - name: Log in to Azure
         uses: bitwarden/gh-actions/azure-login@main
@@ -95,14 +95,14 @@ jobs:
         if: ${{ inputs.project == 'bitwarden-core' }}
         env:
           VERSION_NUMBER: ${{ inputs.version_number }}
-        run: cargo bin cargo-set-version -p bitwarden-core "$VERSION_NUMBER"
+        run: cargo set-version -p bitwarden-core "$VERSION_NUMBER"
 
       ### bitwarden-sm
       - name: Bump bitwarden-sm crate Version
         if: ${{ inputs.project == 'bitwarden-sm' }}
         env:
           VERSION_NUMBER: ${{ inputs.version_number }}
-        run: cargo bin cargo-set-version -p bitwarden-sm "$VERSION_NUMBER"
+        run: cargo set-version -p bitwarden-sm "$VERSION_NUMBER"
 
       ############################
       # VERSION BUMP SECTION END #

.gitignore

@@ -1,6 +1,4 @@
 /target
-# cargo-run-bin per-tool build cache
-/.bin
 .DS_Store
 .pytest_cache
 .vscode/c_cpp_properties.json

Cargo.toml

@@ -143,22 +143,6 @@ unexpected_cfgs = { level = "warn", check-cfg = [
 [workspace.metadata.dylint]
 libraries = [{ path = "support/lints" }]
 
-# Pinned binary cargo tools used by CI and `scripts/lint.sh`.
-# Install the runner once with `cargo install cargo-run-bin --locked`, then
-# invoke any tool via `cargo bin <tool> <args>`. See README for details.
-[workspace.metadata.bin]
-cargo-sort = { version = "2.0.2", locked = true }
-cargo-udeps = { version = "0.1.57", locked = true }
-cargo-hack = { version = "0.6.33", locked = true }
-cargo-llvm-cov = { version = "0.5.38", locked = true }
-cargo-release = { version = "0.25.20", locked = true }
-cargo-edit = { version = "0.13.6", locked = true, bins = ["cargo-set-version"] }
-cargo-dylint = { version = "5.0.0", locked = true }
-dylint-link = { version = "5.0.0", locked = true }
-cross = { version = "0.2.5", git = "https://github.com/cross-rs/cross.git", rev = "185398b1b885820515a212de720a306b08e2c8c9", locked = true }
-clippy-sarif = { version = "0.4.2", git = "https://github.com/psastras/sarif-rs.git", rev = "11c33a53f6ffeaed736856b86fb6b7b09fabdfd8", locked = true }
-sarif-fmt = { version = "0.4.2", git = "https://github.com/psastras/sarif-rs.git", rev = "11c33a53f6ffeaed736856b86fb6b7b09fabdfd8", locked = true }
-
 # Turn on a small amount of optimisation in development mode. This might interfere when trying to use a debugger
 # if the compiler decides to optimize some code away, if that's the case, it can be set to 0 or commented out
 [profile.dev]

README.md

@@ -454,17 +454,8 @@ The command is implemented in [scripts/lint.sh](./scripts/lint.sh) and mirrors
 
 ### Installation
 
-Binary cargo tools (cargo-sort, cargo-udeps, cargo-dylint, etc.) are pinned in the root `Cargo.toml`
-under `[workspace.metadata.bin]` and installed lazily by
-[`cargo-run-bin`](https://crates.io/crates/cargo-run-bin), so dev and CI versions stay in sync.
-Bootstrap once:
-
-```bash
-cargo install cargo-run-bin --locked
-```
-
-After that, `npm run lint` (or `scripts/lint.sh` directly) handles installation of any missing tool
-on first invocation. The underlying tools are:
+The tools each check needs (and pinned versions) are installed in the lint workflow above. The
+underlying tools are:
 
 - Nightly [cargo fmt](https://github.com/rust-lang/rustfmt) and
   [cargo udeps](https://github.com/est31/cargo-udeps)
@@ -473,7 +464,7 @@ on first invocation. The underlying tools are:
 - [cargo sort](https://github.com/DevinR528/cargo-sort)
 - [prettier](https://github.com/prettier/prettier)
 
-If `cargo-run-bin` itself is missing locally, `npm run lint` will tell you how to install it.
+If a tool is missing locally, `npm run lint` will tell you which one and how to install it.
 
 ## Documentation