From 4cbd58350cb6309c08e88db978cb0184e67a57dd Mon Sep 17 00:00:00 2001 From: Nikolas Wipper Date: Wed, 6 May 2026 15:57:11 -0400 Subject: [PATCH 1/9] Add semver workflow --- .github/workflows/semver.yml | 43 ++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 .github/workflows/semver.yml diff --git a/.github/workflows/semver.yml b/.github/workflows/semver.yml new file mode 100644 index 0000000..089de87 --- /dev/null +++ b/.github/workflows/semver.yml @@ -0,0 +1,43 @@ +name: Check semver +on: + pull_request: + merge_group: + workflow_dispatch: + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + +permissions: + contents: read + +jobs: + semver: + name: Check semver + runs-on: ubuntu-24.04 + timeout-minutes: 20 + defaults: + run: + shell: bash + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + fetch-depth: 0 + + - uses: mozilla/actions/rust@25cb84d060946c0ad6d2c3f79da479b16d180d71 # v1.1.0 + with: + tools: cargo-semver-checks + token: ${{ github.token }} + + - uses: mozilla/actions/nss@25cb84d060946c0ad6d2c3f79da479b16d180d71 # v1.1.0 + with: + version-file: min_version.txt + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Check semver + env: + BASE_REF: ${{ github.event.pull_request.base.ref || github.event.repository.default_branch }} + run: | + # shellcheck disable=SC2086 + cargo semver-checks --default-features --baseline-rev "origin/$BASE_REF" From 2bbe24e7a9ca68fe87e2b87a434dcfeeb8ab8a04 Mon Sep 17 00:00:00 2001 From: Nikolas Wipper Date: Wed, 6 May 2026 17:18:45 -0400 Subject: [PATCH 2/9] Compare semver to latest tag --- .github/workflows/semver.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/semver.yml b/.github/workflows/semver.yml index 089de87..ee18f86 100644 --- a/.github/workflows/semver.yml +++ b/.github/workflows/semver.yml @@ -36,8 +36,7 @@ jobs: token: ${{ secrets.GITHUB_TOKEN }} - name: Check semver - env: - BASE_REF: ${{ github.event.pull_request.base.ref || github.event.repository.default_branch }} run: | + LATEST_TAG_COMMIT=$(git rev-list --tags --max-count=1) # shellcheck disable=SC2086 - cargo semver-checks --default-features --baseline-rev "origin/$BASE_REF" + cargo semver-checks --default-features --baseline-rev "$LATEST_TAG_COMMIT" From bb77df4a7212ff493e4b19d375e5f7e345f0ca68 Mon Sep 17 00:00:00 2001 From: Nikolas Wipper Date: Thu, 7 May 2026 10:41:47 -0400 Subject: [PATCH 3/9] Bump verison to satisfy new workflow --- Cargo.lock | 2 +- Cargo.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 7a5e875..5563cb3 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -160,7 +160,7 @@ dependencies = [ [[package]] name = "nss-rs" -version = "0.8.0" +version = "0.9.0" dependencies = [ "bindgen", "enum-map", diff --git a/Cargo.toml b/Cargo.toml index f019786..fea0971 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "nss-rs" -version = "0.8.0" +version = "0.9.0" authors = ["Martin Thomson ", "Andy Leiserson ", "John M. Schanck ", "Benjamin Beurdouche ", "Anna Weine "] categories = ["network-programming", "web-programming"] keywords = ["nss", "crypto", "mozilla", "firefox"] From 495d9cfcacb06d0a0185faf99830b75e480c8294 Mon Sep 17 00:00:00 2001 From: Nikolas Wipper Date: Thu, 7 May 2026 13:48:35 -0400 Subject: [PATCH 4/9] Use action for semver --- .github/workflows/semver.yml | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/.github/workflows/semver.yml b/.github/workflows/semver.yml index ee18f86..f02d967 100644 --- a/.github/workflows/semver.yml +++ b/.github/workflows/semver.yml @@ -25,18 +25,16 @@ jobs: persist-credentials: false fetch-depth: 0 - - uses: mozilla/actions/rust@25cb84d060946c0ad6d2c3f79da479b16d180d71 # v1.1.0 - with: - tools: cargo-semver-checks - token: ${{ github.token }} + - name: Get latest tag + id: tag + run: | + echo "ref=$(git describe --tags --abbrev=0)" >> "$GITHUB_OUTPUT" - uses: mozilla/actions/nss@25cb84d060946c0ad6d2c3f79da479b16d180d71 # v1.1.0 with: version-file: min_version.txt token: ${{ secrets.GITHUB_TOKEN }} - - name: Check semver - run: | - LATEST_TAG_COMMIT=$(git rev-list --tags --max-count=1) - # shellcheck disable=SC2086 - cargo semver-checks --default-features --baseline-rev "$LATEST_TAG_COMMIT" + - uses: mozilla/actions/semver@b179863eaeacb7344a9dd1c9076917787fb453a0 + with: + base-ref: ${{ steps.tag.outputs.ref }} From 5a84b867fa65e7b70a233adc9968d9c8ff394516 Mon Sep 17 00:00:00 2001 From: Nikolas Wipper Date: Thu, 7 May 2026 14:41:30 -0400 Subject: [PATCH 5/9] Update semver action --- .github/workflows/semver.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/semver.yml b/.github/workflows/semver.yml index f02d967..82dde21 100644 --- a/.github/workflows/semver.yml +++ b/.github/workflows/semver.yml @@ -35,6 +35,6 @@ jobs: version-file: min_version.txt token: ${{ secrets.GITHUB_TOKEN }} - - uses: mozilla/actions/semver@b179863eaeacb7344a9dd1c9076917787fb453a0 + - uses: mozilla/actions/semver@f82cc5accfa16039906001520788dfed0b857d03 with: base-ref: ${{ steps.tag.outputs.ref }} From bb16dd359767c3d03d3d812b3c63469db9d2a69a Mon Sep 17 00:00:00 2001 From: Nikolas Wipper Date: Thu, 7 May 2026 14:51:03 -0400 Subject: [PATCH 6/9] Sparse-checkout min_version.txt and fetch tags only Avoid a full clone in the calling workflow: only check out min_version.txt (needed by the nss action) and fetch tag refs to resolve the latest tag. The semver action does its own full checkout afterwards. Co-Authored-By: Claude Opus 4.7 (1M context) --- .github/workflows/semver.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/workflows/semver.yml b/.github/workflows/semver.yml index 82dde21..37ea2ca 100644 --- a/.github/workflows/semver.yml +++ b/.github/workflows/semver.yml @@ -23,12 +23,15 @@ jobs: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - fetch-depth: 0 + fetch-depth: 1 + fetch-tags: true + sparse-checkout: min_version.txt + sparse-checkout-cone-mode: false - name: Get latest tag id: tag run: | - echo "ref=$(git describe --tags --abbrev=0)" >> "$GITHUB_OUTPUT" + echo "ref=$(git tag --sort=-creatordate | head -n 1)" >> "$GITHUB_OUTPUT" - uses: mozilla/actions/nss@25cb84d060946c0ad6d2c3f79da479b16d180d71 # v1.1.0 with: From 6928c2b26be5c2df36b43e978f4c57ca3a1adda7 Mon Sep 17 00:00:00 2001 From: Nikolas Wipper Date: Thu, 7 May 2026 14:58:47 -0400 Subject: [PATCH 7/9] Update semver action --- .github/workflows/semver.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/semver.yml b/.github/workflows/semver.yml index 37ea2ca..f308f82 100644 --- a/.github/workflows/semver.yml +++ b/.github/workflows/semver.yml @@ -38,6 +38,6 @@ jobs: version-file: min_version.txt token: ${{ secrets.GITHUB_TOKEN }} - - uses: mozilla/actions/semver@f82cc5accfa16039906001520788dfed0b857d03 + - uses: mozilla/actions/semver@a832d8ca9b69e2c0f166d430a40d8d2affceb075 with: base-ref: ${{ steps.tag.outputs.ref }} From 8fd7bf219ba2618b92ed84c51a83baf41071f8f5 Mon Sep 17 00:00:00 2001 From: Nikolas Wipper Date: Thu, 7 May 2026 15:29:05 -0400 Subject: [PATCH 8/9] Add version comment to semver --- .github/workflows/semver.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/semver.yml b/.github/workflows/semver.yml index f308f82..94256d7 100644 --- a/.github/workflows/semver.yml +++ b/.github/workflows/semver.yml @@ -38,6 +38,6 @@ jobs: version-file: min_version.txt token: ${{ secrets.GITHUB_TOKEN }} - - uses: mozilla/actions/semver@a832d8ca9b69e2c0f166d430a40d8d2affceb075 + - uses: mozilla/actions/semver@a832d8ca9b69e2c0f166d430a40d8d2affceb075 # v1.1.2 with: base-ref: ${{ steps.tag.outputs.ref }} From 3e68816195d1d47b6af32fe5bbd48bd9a58f52c2 Mon Sep 17 00:00:00 2001 From: Nikolas Wipper Date: Thu, 7 May 2026 15:46:22 -0400 Subject: [PATCH 9/9] Update .github/workflows/semver.yml --- .github/workflows/semver.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/semver.yml b/.github/workflows/semver.yml index 94256d7..04212fc 100644 --- a/.github/workflows/semver.yml +++ b/.github/workflows/semver.yml @@ -31,7 +31,12 @@ jobs: - name: Get latest tag id: tag run: | - echo "ref=$(git tag --sort=-creatordate | head -n 1)" >> "$GITHUB_OUTPUT" + TAG=$(git tag --sort=-version:refname | head -n 1) + if [ -z "$TAG" ]; then + echo "::error::No tags found; cannot determine semver baseline" + exit 1 + fi + echo "ref=$TAG" >> "$GITHUB_OUTPUT" - uses: mozilla/actions/nss@25cb84d060946c0ad6d2c3f79da479b16d180d71 # v1.1.0 with: