Merge pull request #53 from http4s/integration/bobcats-main

Merge in latest bobcats

.github/workflows/ci.yml

@@ -15,19 +15,49 @@ on:
     tags: [v*]
 
 env:
-  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-  SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }}
+  PGP_PASSPHRASE: ${{ secrets.PGP_PASSPHRASE }}
   SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }}
+  SONATYPE_CREDENTIAL_HOST: ${{ secrets.SONATYPE_CREDENTIAL_HOST }}
+  SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }}
   PGP_SECRET: ${{ secrets.PGP_SECRET }}
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
 jobs:
   build:
     name: Build and Test
     strategy:
+      fail-fast: false
       matrix:
         os: [ubuntu-latest]
         scala: [3.1.1, 2.12.15, 2.13.8]
-        java: [temurin@8]
+        java: [temurin@8, temurin@11, temurin@17]
+        project: [rootJS, rootJVM]
+        jsenv: [NodeJS, Chrome, Firefox]
+        exclude:
+          - scala: 3.1.1
+            java: temurin@11
+          - scala: 3.1.1
+            java: temurin@17
+          - scala: 2.12.15
+            java: temurin@11
+          - scala: 2.12.15
+            java: temurin@17
+          - project: rootJS
+            java: temurin@11
+          - project: rootJS
+            java: temurin@17
+          - scala: 3.1.1
+            jsenv: Chrome
+          - scala: 3.1.1
+            jsenv: Firefox
+          - scala: 2.12.15
+            jsenv: Chrome
+          - scala: 2.12.15
+            jsenv: Firefox
+          - project: rootJVM
+            jsenv: Chrome
+          - project: rootJVM
+            jsenv: Firefox
     runs-on: ${{ matrix.os }}
     steps:
       - name: Checkout current branch (full)
@@ -42,6 +72,20 @@ jobs:
           distribution: temurin
           java-version: 8
 
+      - name: Setup Java (temurin@11)
+        if: matrix.java == 'temurin@11'
+        uses: actions/setup-java@v2
+        with:
+          distribution: temurin
+          java-version: 11
+
+      - name: Setup Java (temurin@17)
+        if: matrix.java == 'temurin@17'
+        uses: actions/setup-java@v2
+        with:
+          distribution: temurin
+          java-version: 17
+
       - name: Cache sbt
         uses: actions/cache@v2
         with:
@@ -55,22 +99,50 @@ jobs:
           key: ${{ runner.os }}-sbt-cache-v2-${{ hashFiles('**/*.sbt') }}-${{ hashFiles('project/build.properties') }}
 
       - name: Setup NodeJS v14 LTS
+        if: matrix.project == 'rootJS' && matrix.jsenv == 'NodeJS'
         uses: actions/[email protected]
         with:
           node-version: 14
 
       - name: Check that workflows are up to date
-        run: sbt ++${{ matrix.scala }} githubWorkflowCheck
+        run: 'sbt ''project ${{ matrix.project }}'' ''++${{ matrix.scala }}'' ''set Global / useJSEnv := JSEnv.${{ matrix.jsenv }}'' ''project /'' githubWorkflowCheck'
 
-      - run: sbt ++${{ matrix.scala }} ci
+      - name: Check headers and formatting
+        if: matrix.java == 'temurin@8'
+        run: 'sbt ''project ${{ matrix.project }}'' ''++${{ matrix.scala }}'' ''set Global / useJSEnv := JSEnv.${{ matrix.jsenv }}'' headerCheckAll scalafmtCheckAll ''project /'' scalafmtSbtCheck'
+
+      - name: scalaJSLink
+        if: matrix.project == 'rootJS'
+        run: 'sbt ''project ${{ matrix.project }}'' ''++${{ matrix.scala }}'' ''set Global / useJSEnv := JSEnv.${{ matrix.jsenv }}'' Test/scalaJSLinkerResult'
+
+      - name: Test
+        run: 'sbt ''project ${{ matrix.project }}'' ''++${{ matrix.scala }}'' ''set Global / useJSEnv := JSEnv.${{ matrix.jsenv }}'' test'
+
+      - name: Check binary compatibility
+        if: matrix.java == 'temurin@8'
+        run: 'sbt ''project ${{ matrix.project }}'' ''++${{ matrix.scala }}'' ''set Global / useJSEnv := JSEnv.${{ matrix.jsenv }}'' mimaReportBinaryIssues'
+
+      - name: Generate API documentation
+        if: matrix.java == 'temurin@8'
+        run: 'sbt ''project ${{ matrix.project }}'' ''++${{ matrix.scala }}'' ''set Global / useJSEnv := JSEnv.${{ matrix.jsenv }}'' doc'
+
+      - name: Check unused compile dependencies
+        if: matrix.java == 'temurin@8'
+        run: 'sbt ''project ${{ matrix.project }}'' ''++${{ matrix.scala }}'' ''set Global / useJSEnv := JSEnv.${{ matrix.jsenv }}'' unusedCompileDependenciesTest'
+
+      - name: Make target directories
+        if: github.event_name != 'pull_request' && (startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main')
+        run: mkdir -p crypto/jvm/target target .js/target .jvm/target .native/target test-runtime/.jvm/target crypto/js/target test-runtime/.js/target project/target
 
       - name: Compress target directories
-        run: tar cf targets.tar crypto/jvm/target target rootJS/target rootJVM/target test-runtime/.jvm/target crypto/js/target test-runtime/.js/target project/target
+        if: github.event_name != 'pull_request' && (startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main')
+        run: tar cf targets.tar crypto/jvm/target target .js/target .jvm/target .native/target test-runtime/.jvm/target crypto/js/target test-runtime/.js/target project/target
 
       - name: Upload target directories
+        if: github.event_name != 'pull_request' && (startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main')
         uses: actions/upload-artifact@v2
         with:
-          name: target-${{ matrix.os }}-${{ matrix.scala }}-${{ matrix.java }}
+          name: target-${{ matrix.os }}-${{ matrix.java }}-${{ matrix.scala }}-${{ matrix.jsenv }}-${{ matrix.project }}
           path: targets.tar
 
   publish:
@@ -96,6 +168,20 @@ jobs:
           distribution: temurin
           java-version: 8
 
+      - name: Setup Java (temurin@11)
+        if: matrix.java == 'temurin@11'
+        uses: actions/setup-java@v2
+        with:
+          distribution: temurin
+          java-version: 11
+
+      - name: Setup Java (temurin@17)
+        if: matrix.java == 'temurin@17'
+        uses: actions/setup-java@v2
+        with:
+          distribution: temurin
+          java-version: 17
+
       - name: Cache sbt
         uses: actions/cache@v2
         with:
@@ -108,37 +194,76 @@ jobs:
             ~/Library/Caches/Coursier/v1
           key: ${{ runner.os }}-sbt-cache-v2-${{ hashFiles('**/*.sbt') }}-${{ hashFiles('project/build.properties') }}
 
-      - name: Download target directories (3.1.1)
+      - name: Download target directories (3.1.1, NodeJS, rootJS)
+        uses: actions/download-artifact@v2
+        with:
+          name: target-${{ matrix.os }}-${{ matrix.java }}-3.1.1-NodeJS-rootJS
+
+      - name: Inflate target directories (3.1.1, NodeJS, rootJS)
+        run: |
+          tar xf targets.tar
+          rm targets.tar
+
+      - name: Download target directories (3.1.1, NodeJS, rootJVM)
         uses: actions/download-artifact@v2
         with:
-          name: target-${{ matrix.os }}-3.1.1-${{ matrix.java }}
+          name: target-${{ matrix.os }}-${{ matrix.java }}-3.1.1-NodeJS-rootJVM
 
-      - name: Inflate target directories (3.1.1)
+      - name: Inflate target directories (3.1.1, NodeJS, rootJVM)
         run: |
           tar xf targets.tar
           rm targets.tar
 
-      - name: Download target directories (2.12.15)
+      - name: Download target directories (2.12.15, NodeJS, rootJS)
         uses: actions/download-artifact@v2
         with:
-          name: target-${{ matrix.os }}-2.12.15-${{ matrix.java }}
+          name: target-${{ matrix.os }}-${{ matrix.java }}-2.12.15-NodeJS-rootJS
 
-      - name: Inflate target directories (2.12.15)
+      - name: Inflate target directories (2.12.15, NodeJS, rootJS)
         run: |
           tar xf targets.tar
           rm targets.tar
 
-      - name: Download target directories (2.13.8)
+      - name: Download target directories (2.12.15, NodeJS, rootJVM)
         uses: actions/download-artifact@v2
         with:
-          name: target-${{ matrix.os }}-2.13.8-${{ matrix.java }}
+          name: target-${{ matrix.os }}-${{ matrix.java }}-2.12.15-NodeJS-rootJVM
 
-      - name: Inflate target directories (2.13.8)
+      - name: Inflate target directories (2.12.15, NodeJS, rootJVM)
+        run: |
+          tar xf targets.tar
+          rm targets.tar
+
+      - name: Download target directories (2.13.8, NodeJS, rootJS)
+        uses: actions/download-artifact@v2
+        with:
+          name: target-${{ matrix.os }}-${{ matrix.java }}-2.13.8-NodeJS-rootJS
+
+      - name: Inflate target directories (2.13.8, NodeJS, rootJS)
+        run: |
+          tar xf targets.tar
+          rm targets.tar
+
+      - name: Download target directories (2.13.8, NodeJS, rootJVM)
+        uses: actions/download-artifact@v2
+        with:
+          name: target-${{ matrix.os }}-${{ matrix.java }}-2.13.8-NodeJS-rootJVM
+
+      - name: Inflate target directories (2.13.8, NodeJS, rootJVM)
         run: |
           tar xf targets.tar
           rm targets.tar
 
       - name: Import signing key
-        run: echo $PGP_SECRET | base64 -d | gpg --import
+        if: env.PGP_SECRET != '' && env.PGP_PASSPHRASE == ''
+        run: echo $PGP_SECRET | base64 -di | gpg --import
+
+      - name: Import signing key and strip passphrase
+        if: env.PGP_SECRET != '' && env.PGP_PASSPHRASE != ''
+        run: |
+          echo "$PGP_SECRET" | base64 -di > /tmp/signing-key.gpg
+          echo "$PGP_PASSPHRASE" | gpg --pinentry-mode loopback --passphrase-fd 0 --import /tmp/signing-key.gpg
+          (echo "$PGP_PASSPHRASE"; echo; echo) | gpg --command-fd 0 --pinentry-mode loopback --change-passphrase $(gpg --list-secret-keys --with-colons 2> /dev/null | grep '^sec:' | cut --delimiter ':' --fields 5 | tail -n 1)
 
-      - run: sbt ++${{ matrix.scala }} release
+      - name: Publish
+        run: sbt '++${{ matrix.scala }}' tlRelease

build.sbt

@@ -24,42 +24,39 @@ import JSEnv._
 
 name := "http4s-crypto"
 
-ThisBuild / baseVersion := "0.2"
+ThisBuild / tlBaseVersion := "0.2"
+ThisBuild / tlUntaggedAreSnapshots := false
 
-ThisBuild / organization := "org.http4s"
-ThisBuild / organizationName := "http4s.org"
-ThisBuild / publishGithubUser := "armanbilge"
-ThisBuild / publishFullName := "Arman Bilge"
-
-enablePlugins(SonatypeCiReleasePlugin)
-ThisBuild / spiewakCiReleaseSnapshots := true
-ThisBuild / spiewakMainBranches := Seq("main")
-
-ThisBuild / homepage := Some(url("https://github.com/http4s/http4s-crypto"))
-ThisBuild / scmInfo := Some(
-  ScmInfo(
-    url("https://github.com/http4s/http4s-crypto"),
-    "https://github.com/http4s/http4s-crypto.git"))
+ThisBuild / developers := List(
+  tlGitHubDev("armanbilge", "Arman Bilge")
+)
+ThisBuild / startYear := Some(2021)
 
 ThisBuild / crossScalaVersions := Seq("3.1.1", "2.12.15", "2.13.8")
 
-ThisBuild / githubWorkflowJavaVersions := Seq(JavaSpec.temurin("8"))
-
 ThisBuild / githubWorkflowBuildPreamble ++= Seq(
   WorkflowStep.Use(
     UseRef.Public("actions", "setup-node", "v2.4.0"),
     name = Some("Setup NodeJS v14 LTS"),
-    params = Map("node-version" -> "14")
+    params = Map("node-version" -> "14"),
+    cond = Some("matrix.project == 'rootJS' && matrix.jsenv == 'NodeJS'")
   )
 )
 
-replaceCommandAlias("ci", CI.AllCIs.map(_.toString).mkString)
-addCommandAlias("ciJVM", CI.JVM.toString)
-addCommandAlias("ciNodeJS", CI.NodeJS.toString)
-addCommandAlias("ciFirefox", CI.Firefox.toString)
-addCommandAlias("ciChrome", CI.Chrome.toString)
-
-addCommandAlias("prePR", "; root/clean; scalafmtSbt; +root/scalafmtAll; +root/headerCreate")
+val jsenvs = List(NodeJS, Chrome, Firefox).map(_.toString)
+ThisBuild / githubWorkflowBuildMatrixAdditions += "jsenv" -> jsenvs
+ThisBuild / githubWorkflowBuildSbtStepPreamble += s"set Global / useJSEnv := JSEnv.$${{ matrix.jsenv }}"
+ThisBuild / githubWorkflowBuildMatrixExclusions ++= {
+  for {
+    scala <- (ThisBuild / crossScalaVersions).value.init
+    jsenv <- jsenvs.tail
+  } yield MatrixExclude(Map("scala" -> scala, "jsenv" -> jsenv))
+}
+ThisBuild / githubWorkflowBuildMatrixExclusions ++= {
+  for {
+    jsenv <- jsenvs.tail
+  } yield MatrixExclude(Map("project" -> "rootJVM", "jsenv" -> jsenv))
+}
 
 lazy val useJSEnv =
   settingKey[JSEnv]("Use Node.js or a headless browser for running Scala.js tests")
@@ -88,12 +85,7 @@ val munitVersion = "0.7.29"
 val munitCEVersion = "1.0.7"
 val disciplineMUnitVersion = "1.0.9"
 
-lazy val root =
-  project.in(file(".")).aggregate(rootJS, rootJVM).enablePlugins(NoPublishPlugin)
-lazy val rootJVM =
-  project.aggregate(crypto.jvm, testRuntime.jvm).enablePlugins(NoPublishPlugin)
-lazy val rootJS =
-  project.aggregate(crypto.js, testRuntime.js).enablePlugins(NoPublishPlugin)
+lazy val root = tlCrossRootProject.aggregate(crypto, testRuntime)
 
 lazy val crypto = crossProject(JSPlatform, JVMPlatform)
   .in(file("crypto"))

crypto/js/src/main/scala/org/http4s/crypto/SecureEqPlatform.scala

@@ -0,0 +1,36 @@
+/*
+ * Copyright 2021 http4s.org
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.http4s.crypto
+
+import scodec.bits.ByteVector
+
+private[crypto] trait SecureEqCompanionPlatform { this: SecureEq.type =>
+
+  implicit lazy val secureEqForByteVector: SecureEq[ByteVector] =
+    if (facade.isNodeJSRuntime)
+      new NodeJSSecureEq
+    else
+      new ByteVectorSecureEq
+
+  private[this] final class NodeJSSecureEq extends SecureEq[ByteVector] {
+    import facade.node._
+
+    override def eqv(x: ByteVector, y: ByteVector): Boolean =
+      x.length == y.length && crypto.timingSafeEqual(x.toUint8Array, y.toUint8Array)
+  }
+
+}

crypto/js/src/main/scala/org/http4s/crypto/facade/browser/SubtleCrypto.scala

@@ -20,7 +20,7 @@ import scala.annotation.nowarn
 import scala.scalajs.js
 
 @js.native
-@nowarn("cat=unused")
+@nowarn("msg=never used")
 private[crypto] trait SubtleCrypto extends js.Any {
 
   def digest(

crypto/js/src/main/scala/org/http4s/crypto/facade/browser/crypto.scala

@@ -22,7 +22,7 @@ import scala.scalajs.js.annotation.JSGlobal
 
 @js.native
 @JSGlobal
-@nowarn("cat=unused")
+@nowarn("msg=never used")
 private[crypto] object crypto extends js.Any {
 
   def subtle: SubtleCrypto = js.native

crypto/js/src/main/scala/org/http4s/crypto/facade/node/Hash.scala

@@ -20,7 +20,7 @@ import scala.scalajs.js
 import scala.annotation.nowarn
 
 @js.native
-@nowarn("cat=unused")
+@nowarn("msg=never used")
 private[crypto] trait Hash extends js.Any {
 
   def digest(): js.typedarray.Uint8Array = js.native

crypto/js/src/main/scala/org/http4s/crypto/facade/node/Hmac.scala

@@ -20,7 +20,7 @@ import scala.scalajs.js
 import scala.annotation.nowarn
 
 @js.native
-@nowarn("cat=unused")
+@nowarn("msg=never used")
 private[crypto] trait Hmac extends js.Any {
 
   def digest(): js.typedarray.Uint8Array = js.native