From f52341a06c80dc7872058bba127cc4b616010906 Mon Sep 17 00:00:00 2001 From: Yonas Date: Sat, 20 Dec 2025 19:19:23 -0500 Subject: [PATCH 01/19] feat: Add WASM support. --- .cargo/config.toml | 36 ++++++++++++++++++++++++++++++++++++ .config/nextest.toml | 10 ---------- backpack/Cargo.toml | 11 +++++++---- backpack/src/lib.rs | 27 ++++++++++++++++++++++----- backpack/src/main.rs | 5 ++++- 5 files changed, 69 insertions(+), 20 deletions(-) diff --git a/.cargo/config.toml b/.cargo/config.toml index 35049cb..8a2aedc 100644 --- a/.cargo/config.toml +++ b/.cargo/config.toml @@ -1,2 +1,38 @@ [alias] xtask = "run --package xtask --" +t = "test --all -- --nocapture" +t-all = "cargo t-native && cargo t-wasm" +t-native = "test --all -- --nocapture" +t-wasm = "test --target wasm32-unknown-unknown -- --nocapture" +b = "build --workspace" +b-all = "cargo b-native && cargo b-wasm" +b-native = "build --workspace" +b-wasm = "build --workspace --target wasm32-unknown-unknown" +r = "run --release" +r-all = "cargo r-native && cargo r-wasm" +r-native = "run --relase" +r-wasm = "run --relase --target wasm32-unknown-unknown" +fmt = "fmt --all" +cl = "clippy --all-targets --all-features -- -Dwarnings" + +[build] +rustflags = ["-Dwarnings", "-Dunsafe-code"] + +[target.wasm32-unknown-unknown] +runner = "wasm-bindgen-test-runner" + +[profile.dev] +opt-level = 1 +incremental = true + +[env] +RUST_TEST_THREADS = "1" +RUST_BACKTRACE = "1" + +[target.'cfg(all())'] +rustflags = [ + "-Wclippy::all", + "-Wclippy::pedantic", + "-Wclippy::nursery", + "-Wclippy::cargo", +] diff --git a/.config/nextest.toml b/.config/nextest.toml index a95f315..63543e6 100644 --- a/.config/nextest.toml +++ b/.config/nextest.toml @@ -1,16 +1,6 @@ [profile.default] -# Don't cancel the run when a test fails -cancel = "never" - # Retry failing tests up to 2 times before marking them failed retries = 2 -# Set a global timeout for each test (in seconds) -test-timeout = "120s" - # Control output: show failures immediately, but keep passing tests quiet status-level = "all" - -# Optional: store junit-style reports for CI integration -[junit] -path = "target/nextest/junit.xml" diff --git a/backpack/Cargo.toml b/backpack/Cargo.toml index 8851f91..f8c476a 100644 --- a/backpack/Cargo.toml +++ b/backpack/Cargo.toml @@ -16,9 +16,12 @@ coverage = [] [dev-dependencies] demonstrate = "*" -async-attributes = "*" -async-std = "*" pretty_assertions = "*" +wasm-bindgen-test = "0.3.56" -[dependencies] -human-panic = "2.0.2" +[target.'cfg(not(target_arch = "wasm32"))'.dependencies] +smol = "2" +human-panic = "2" + +[target.'cfg(target_arch = "wasm32")'.dependencies] +wasm-bindgen-futures = "0.4" diff --git a/backpack/src/lib.rs b/backpack/src/lib.rs index 082e575..191bf0f 100644 --- a/backpack/src/lib.rs +++ b/backpack/src/lib.rs @@ -8,6 +8,9 @@ mod test { use super::*; use demonstrate::demonstrate; + #[cfg(target_arch = "wasm32")] + use wasm_bindgen_test::wasm_bindgen_test; + demonstrate! { describe "module" { use super::*; @@ -28,16 +31,30 @@ mod test { } } - #[async_attributes::test] - async context "asynchronous" { + // Native async tests + #[cfg(not(target_arch = "wasm32"))] + context "native async" { before { - let is_4_task = async_std::task::spawn(async { + let is_4_task = smol::spawn(async { multiply(2, 2) }); } - it "awaits" { - assert_eq!(four, is_4_task.await) + async it "awaits" { + assert_eq!(four, is_4_task.await); + } + } + + // WASM async tests (wasm-bindgen-test) + #[cfg(target_arch = "wasm32")] + context "wasm async" { + before { + let future_value = async { multiply(2, 2) }; + } + + #[wasm_bindgen_test] + async it "awaits in wasm" { + assert_eq!(four, future_value.await); } } } diff --git a/backpack/src/main.rs b/backpack/src/main.rs index fe2fce0..f8a516c 100644 --- a/backpack/src/main.rs +++ b/backpack/src/main.rs @@ -1,7 +1,10 @@ -use human_panic::{metadata, setup_panic}; use test2::*; +#[cfg(not(target_arch = "wasm32"))] +use human_panic::{metadata, setup_panic}; + fn main() { + #[cfg(not(target_arch = "wasm32"))] setup_panic!(metadata!() .authors("Acme Inc. Date: Sat, 20 Dec 2025 19:30:47 -0500 Subject: [PATCH 02/19] fix: Avoid repeating command. --- .cargo/config.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.cargo/config.toml b/.cargo/config.toml index 8a2aedc..38d3203 100644 --- a/.cargo/config.toml +++ b/.cargo/config.toml @@ -12,7 +12,7 @@ r = "run --release" r-all = "cargo r-native && cargo r-wasm" r-native = "run --relase" r-wasm = "run --relase --target wasm32-unknown-unknown" -fmt = "fmt --all" +fmt = "cargo fmt --all" cl = "clippy --all-targets --all-features -- -Dwarnings" [build] From 9bc1d9baae08576450f9233a957fe2ad79fc670b Mon Sep 17 00:00:00 2001 From: Yonas Date: Sat, 20 Dec 2025 19:32:59 -0500 Subject: [PATCH 03/19] fix: Remove cargo clean due to permission issues. --- .github/workflows/test-with-coverage.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/test-with-coverage.yaml b/.github/workflows/test-with-coverage.yaml index 475f2f8..20dcf13 100644 --- a/.github/workflows/test-with-coverage.yaml +++ b/.github/workflows/test-with-coverage.yaml @@ -99,7 +99,6 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | - cargo clean cargo test $CARGO_OPTIONS -- -Z unstable-options --format json | cargo2junit > results.xml; cargo llvm-cov --all-features --workspace --codecov --output-path ./codecov.json From 7e142d594817da3fcfcb02283f42cdb841bc4331 Mon Sep 17 00:00:00 2001 From: Yonas Date: Sat, 20 Dec 2025 19:48:08 -0500 Subject: [PATCH 04/19] fix: Use toolkit for cargo2junit. --- .github/workflows/test-with-coverage.yaml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/workflows/test-with-coverage.yaml b/.github/workflows/test-with-coverage.yaml index 20dcf13..2e5a904 100644 --- a/.github/workflows/test-with-coverage.yaml +++ b/.github/workflows/test-with-coverage.yaml @@ -92,15 +92,16 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: run: | - git config --global --add safe.directory /github/workspace task test - name: Generate test results and coverage report + uses: yonasBSD/toolkit@main env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - cargo test $CARGO_OPTIONS -- -Z unstable-options --format json | cargo2junit > results.xml; - cargo llvm-cov --all-features --workspace --codecov --output-path ./codecov.json + with: + run: | + cargo test $CARGO_OPTIONS -- -Z unstable-options --format json | cargo2junit > results.xml; + cargo llvm-cov --all-features --workspace --codecov --output-path ./codecov.json - name: Upload test results uses: EnricoMi/publish-unit-test-result-action@170bf24d20d201b842d7a52403b73ed297e6645b # v2.18.0 From cb4fd1a54bb0d29e82bd192e383925c24a5d7490 Mon Sep 17 00:00:00 2001 From: Yonas Date: Sat, 20 Dec 2025 19:56:45 -0500 Subject: [PATCH 05/19] fix(ci): Use toolkit for autofix. --- .github/workflows/autofix.yaml | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/.github/workflows/autofix.yaml b/.github/workflows/autofix.yaml index 369231c..ca9dd4b 100644 --- a/.github/workflows/autofix.yaml +++ b/.github/workflows/autofix.yaml @@ -6,8 +6,18 @@ on: jobs: autofix: + name: Auto Fix runs-on: ubuntu-latest + steps: - - uses: actions/checkout@v6 - - run: cargo fmt - - uses: autofix-ci/action@635ffb0c9798bd160680f18fd73371e355b85f27 + - name: Checkout + uses: actions/checkout@v6 + + - name: Cargo Format + uses: yonasBSD/toolkit@main + with: + run: | + cargo fmt + + - name: Autofix + uses: autofix-ci/action@635ffb0c9798bd160680f18fd73371e355b85f27 From 6197ced25ec1a5ddbf0e8384413006b7ce83d22f Mon Sep 17 00:00:00 2001 From: Yonas Yanfa Date: Sat, 20 Dec 2025 19:59:03 -0500 Subject: [PATCH 06/19] fix: Potential fix for code scanning alert no. 157: Workflow does not contain permissions Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- .github/workflows/autofix.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/autofix.yaml b/.github/workflows/autofix.yaml index ca9dd4b..13dc2e1 100644 --- a/.github/workflows/autofix.yaml +++ b/.github/workflows/autofix.yaml @@ -8,6 +8,9 @@ jobs: autofix: name: Auto Fix runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: write steps: - name: Checkout From c1de086b6406b0fb95e5819adb6aac7cc1f6a9bf Mon Sep 17 00:00:00 2001 From: Yonas Date: Sat, 20 Dec 2025 20:08:31 -0500 Subject: [PATCH 07/19] fix(ci): Use cargo format alias. --- .cargo/config.toml | 2 +- .github/workflows/autofix.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.cargo/config.toml b/.cargo/config.toml index 38d3203..e212a63 100644 --- a/.cargo/config.toml +++ b/.cargo/config.toml @@ -12,7 +12,7 @@ r = "run --release" r-all = "cargo r-native && cargo r-wasm" r-native = "run --relase" r-wasm = "run --relase --target wasm32-unknown-unknown" -fmt = "cargo fmt --all" +format = "fmt --all" cl = "clippy --all-targets --all-features -- -Dwarnings" [build] diff --git a/.github/workflows/autofix.yaml b/.github/workflows/autofix.yaml index 13dc2e1..b633e27 100644 --- a/.github/workflows/autofix.yaml +++ b/.github/workflows/autofix.yaml @@ -20,7 +20,7 @@ jobs: uses: yonasBSD/toolkit@main with: run: | - cargo fmt + cargo format - name: Autofix uses: autofix-ci/action@635ffb0c9798bd160680f18fd73371e355b85f27 From 6f8c2fc0529d5fdd74c666086b801779c4ed1905 Mon Sep 17 00:00:00 2001 From: Yonas Date: Sat, 20 Dec 2025 20:11:57 -0500 Subject: [PATCH 08/19] fix(ci): Use toolkit for cargo fmt and treefmt. --- .github/workflows/lint.yaml | 26 +++++++++++--------------- 1 file changed, 11 insertions(+), 15 deletions(-) diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index 84a8431..b2825a7 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -44,23 +44,19 @@ jobs: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - uses: mozilla-actions/sccache-action@7d986dd989559c6ecdb630a3fd2557667be217ad # v0.0.9 - - uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b # stable + - name: Cargo Format + uses: yonasBSD/toolkit@78ad3a58b6617ea330c3641c2965005585e6652b # v0.1.0 with: - toolchain: stable - components: rustfmt + run: | + cargo format --version + cargo clippy --fix --workspace + cargo format --check - - name: cargo fmt - run: | - cargo fmt --version - cargo clippy --fix --workspace - cargo fmt --all --check - - - name: treefmt - run: | - curl -s https://api.github.com/repos/numtide/treefmt/tags | jq -r '.[0].name' > .ver - curl -sSLo treefmt.tgz https://github.com/numtide/treefmt/releases/download/$(cat .ver)/treefmt_$(cat .ver | cut -d'v' -f2)_linux_amd64.tar.gz - tar -xvf treefmt.tgz - ./treefmt + - name: Tree Format + uses: yonasBSD/toolkit@78ad3a58b6617ea330c3641c2965005585e6652b # v0.1.0 + with: + run: | + treefmt clippy: name: Clippy From a63837b2445d990ff57e78581d6163ae5382ecd8 Mon Sep 17 00:00:00 2001 From: Yonas Date: Sat, 20 Dec 2025 21:50:22 -0500 Subject: [PATCH 09/19] fix(ci): Pin toolkit to commit hash. --- .github/workflows/test-with-coverage.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test-with-coverage.yaml b/.github/workflows/test-with-coverage.yaml index 2e5a904..e7fb7a5 100644 --- a/.github/workflows/test-with-coverage.yaml +++ b/.github/workflows/test-with-coverage.yaml @@ -87,7 +87,7 @@ jobs: tool: grcov,cargo-llvm-cov - name: Run tests - uses: yonasBSD/toolkit@main + uses: yonasBSD/toolkit@78ad3a58b6617ea330c3641c2965005585e6652b # v0.1.0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: From 3f975a2fd7cdd880926f69b9237958e413d2926f Mon Sep 17 00:00:00 2001 From: Yonas Date: Sun, 21 Dec 2025 13:14:59 -0500 Subject: [PATCH 10/19] feat: Add cargo llvm-cov nextest code coverage. --- Taskfile.dist.yaml | 12 +++++++++++- justfile | 3 +++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/Taskfile.dist.yaml b/Taskfile.dist.yaml index a6d0081..89ba810 100644 --- a/Taskfile.dist.yaml +++ b/Taskfile.dist.yaml @@ -241,7 +241,7 @@ tasks: audit: desc: Perform a security audit - deps: ['audit:secrets', 'audit:vulnerabilities', 'audit:code-quality'] + deps: ['audit:secrets', 'audit:vulnerabilities', 'audit:code-quality', 'audit:code-coverage'] audit:secrets: desc: Scan for secrets @@ -288,3 +288,13 @@ tasks: desc: Run sonarcube cmds: - echo sonarcube run + + audit:code-coverage: + desc: Calculate code coverage + cmds: + - task: run:llvm-cov + + run:llvm-cov: + desc: Run LLVM cov + cmds: + - cargo llvm-cov nextest diff --git a/justfile b/justfile index 3b91285..1a16148 100644 --- a/justfile +++ b/justfile @@ -18,6 +18,9 @@ format: audit: task audit +coverage: + task audit:code-coverage + clean: task clean From 590d58744dead65b95b6e90bf07e107b31212221 Mon Sep 17 00:00:00 2001 From: Yonas Date: Sun, 21 Dec 2025 13:19:55 -0500 Subject: [PATCH 11/19] chore: Ignore code coverage result files. --- .gitignore | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitignore b/.gitignore index c9c8665..e3f4436 100644 --- a/.gitignore +++ b/.gitignore @@ -17,3 +17,5 @@ Cargo.lock # Build output build/ coverage/ +**/results.json +**/results.xml From 8b5313ad2b0d3e53c4bbcf55df36593453b1e25f Mon Sep 17 00:00:00 2001 From: Yonas Date: Sun, 21 Dec 2025 13:43:30 -0500 Subject: [PATCH 12/19] fix: clippy warnings. --- backpack/Cargo.toml | 13 +++++++++---- backpack/src/lib.rs | 3 ++- backpack/src/main.rs | 2 +- xtask/Cargo.toml | 7 ++++++- 4 files changed, 18 insertions(+), 7 deletions(-) diff --git a/backpack/Cargo.toml b/backpack/Cargo.toml index f8c476a..9129f3f 100644 --- a/backpack/Cargo.toml +++ b/backpack/Cargo.toml @@ -4,8 +4,11 @@ version = "0.1.0" authors = ["test@example.com"] edition = "2021" license = "MIT" - -# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html +description = "Test" +repository = "https://github.com/yonasBSD/rust-ci-github-actions-workflow" +readme = "README.md" +keywords = ["template", "rust"] +categories = ["template"] [[bin]] name = "test2" @@ -15,8 +18,6 @@ path = "src/main.rs" coverage = [] [dev-dependencies] -demonstrate = "*" -pretty_assertions = "*" wasm-bindgen-test = "0.3.56" [target.'cfg(not(target_arch = "wasm32"))'.dependencies] @@ -25,3 +26,7 @@ human-panic = "2" [target.'cfg(target_arch = "wasm32")'.dependencies] wasm-bindgen-futures = "0.4" + +[dependencies] +demonstrate = { git = "https://github.com/yonasBSD/demonstrate" } +pretty_assertions = "1.4.1" diff --git a/backpack/src/lib.rs b/backpack/src/lib.rs index 191bf0f..ebf5d59 100644 --- a/backpack/src/lib.rs +++ b/backpack/src/lib.rs @@ -1,5 +1,6 @@ /// Multiplies two integers -pub fn multiply(a: i32, b: i32) -> i32 { +#[must_use] +pub const fn multiply(a: i32, b: i32) -> i32 { a * b } diff --git a/backpack/src/main.rs b/backpack/src/main.rs index f8a516c..eadb556 100644 --- a/backpack/src/main.rs +++ b/backpack/src/main.rs @@ -1,4 +1,4 @@ -use test2::*; +use test2::multiply; #[cfg(not(target_arch = "wasm32"))] use human_panic::{metadata, setup_panic}; diff --git a/xtask/Cargo.toml b/xtask/Cargo.toml index 0f05ac1..f37ad78 100644 --- a/xtask/Cargo.toml +++ b/xtask/Cargo.toml @@ -3,10 +3,15 @@ name = "xtask" version = "0.2.0" edition = "2021" license = "Apache-2.0" +description = "Builder" +repository = "https://github.com/yonasBSD/rust-ci-github-actions-workflow" +readme = "README.md" +keywords = ["template", "rust"] +categories = ["template"] # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html [dependencies] anyhow = "1" -xtaskops = { version = "0.5.0", git = "https://github.com/yonasBSD/xtaskops" } +xtaskops = { git = "https://github.com/yonasBSD/xtaskops" } From fbbeadd27f67eb4b12744bece8f292357be1b785 Mon Sep 17 00:00:00 2001 From: Yonas Date: Sun, 21 Dec 2025 14:32:52 -0500 Subject: [PATCH 13/19] feat: Add pretty assertions in tests. --- backpack/src/lib.rs | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/backpack/src/lib.rs b/backpack/src/lib.rs index ebf5d59..8e3ea2f 100644 --- a/backpack/src/lib.rs +++ b/backpack/src/lib.rs @@ -8,6 +8,7 @@ pub const fn multiply(a: i32, b: i32) -> i32 { mod test { use super::*; use demonstrate::demonstrate; + use pretty_assertions::assert_eq as pretty_assert_eq; #[cfg(target_arch = "wasm32")] use wasm_bindgen_test::wasm_bindgen_test; @@ -21,7 +22,7 @@ mod test { } it "can fail" { - assert_eq!(multiply(2, 2), four); + pretty_assert_eq!(multiply(2, 2), four); } test "is returnable" -> Result<(), &'static str> { @@ -42,7 +43,7 @@ mod test { } async it "awaits" { - assert_eq!(four, is_4_task.await); + pretty_assert_eq!(four, is_4_task.await); } } @@ -55,7 +56,7 @@ mod test { #[wasm_bindgen_test] async it "awaits in wasm" { - assert_eq!(four, future_value.await); + pretty_assert_eq!(four, future_value.await); } } } From 2b3ee9bda9e128821c759edb60327c19f88a02c9 Mon Sep 17 00:00:00 2001 From: Yonas Date: Sun, 21 Dec 2025 15:48:25 -0500 Subject: [PATCH 14/19] fix(ci): Hide CARGO_OPTIONS when not set. --- .github/workflows/test-with-coverage.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test-with-coverage.yaml b/.github/workflows/test-with-coverage.yaml index e7fb7a5..8f1a53f 100644 --- a/.github/workflows/test-with-coverage.yaml +++ b/.github/workflows/test-with-coverage.yaml @@ -100,7 +100,7 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: run: | - cargo test $CARGO_OPTIONS -- -Z unstable-options --format json | cargo2junit > results.xml; + cargo test ${CARGO_OPTIONS:+$CARGO_OPTIONS} -- -Z unstable-options --format json | cargo2junit > results.xml; cargo llvm-cov --all-features --workspace --codecov --output-path ./codecov.json - name: Upload test results From 878e9796a113d68f264325f8326edef9d2f462d8 Mon Sep 17 00:00:00 2001 From: Yonas Date: Sun, 21 Dec 2025 21:36:30 -0500 Subject: [PATCH 15/19] fix: Disable semver in linting workflow. Fixes #83. --- .github/workflows/lint.yaml | 65 +++++++++++++++++++------------------ 1 file changed, 33 insertions(+), 32 deletions(-) diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index b2825a7..61ef7ea 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -101,35 +101,36 @@ jobs: args: --all-targets --all-features name: Clippy Output - semver: - name: Check semver - runs-on: ubuntu-latest - env: - SCCACHE_GHA_ENABLED: "true" - RUSTC_WRAPPER: "sccache" - steps: - - name: Harden Runner - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 - with: - disable-sudo: true - egress-policy: block - allowed-endpoints: > - api.deps.dev:443 - api.github.com:443 - api.osv.dev:443 - api.scorecard.dev:443 - fulcio.sigstore.dev:443 - github.com:443 - oss-fuzz-build-logs.storage.googleapis.com:443 - rekor.sigstore.dev:443 - tuf-repo-cdn.sigstore.dev:443 - www.bestpractices.dev:443 - objects.githubusercontent.com:443 - release-assets.githubusercontent.com:443 - static.rust-lang.org:443 - index.crates.io:443 - static.crates.io:443 - - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - - uses: mozilla-actions/sccache-action@7d986dd989559c6ecdb630a3fd2557667be217ad # v0.0.9 - - uses: obi1kenobi/cargo-semver-checks-action@5b298c9520f7096a4683c0bd981a7ac5a7e249ae # v2.8 + # FIXME: https://github.com/yonasBSD/rust-ci-github-actions-workflow/issues/82 + #semver: + # name: Check semver + # runs-on: ubuntu-latest + # env: + # SCCACHE_GHA_ENABLED: "true" + # RUSTC_WRAPPER: "sccache" + # steps: + # - name: Harden Runner + # uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 + # with: + # disable-sudo: true + # egress-policy: block + # allowed-endpoints: > + # api.deps.dev:443 + # api.github.com:443 + # api.osv.dev:443 + # api.scorecard.dev:443 + # fulcio.sigstore.dev:443 + # github.com:443 + # oss-fuzz-build-logs.storage.googleapis.com:443 + # rekor.sigstore.dev:443 + # tuf-repo-cdn.sigstore.dev:443 + # www.bestpractices.dev:443 + # objects.githubusercontent.com:443 + # release-assets.githubusercontent.com:443 + # static.rust-lang.org:443 + # index.crates.io:443 + # static.crates.io:443 + # + # - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + # - uses: mozilla-actions/sccache-action@7d986dd989559c6ecdb630a3fd2557667be217ad # v0.0.9 + # - uses: obi1kenobi/cargo-semver-checks-action@5b298c9520f7096a4683c0bd981a7ac5a7e249ae # v2.8 From cde2e0a24eab9cd87920989fe756999aa1c01e48 Mon Sep 17 00:00:00 2001 From: Yonas Yanfa Date: Sun, 21 Dec 2025 22:06:57 -0500 Subject: [PATCH 16/19] fix(ci): Disable caching target directory in test-with-coverage.yaml --- .github/workflows/test-with-coverage.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/test-with-coverage.yaml b/.github/workflows/test-with-coverage.yaml index 8f1a53f..8ef7512 100644 --- a/.github/workflows/test-with-coverage.yaml +++ b/.github/workflows/test-with-coverage.yaml @@ -73,13 +73,13 @@ jobs: # Cache target directory seperately to prevent cache invalidation of # ~/.cargo when target changes - - name: Cache target directory - uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 - env: - cache-name: cache-dependencies - with: - path: target - key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('Cargo.lock') }} + #- name: Cache target directory + # uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 + # env: + # cache-name: cache-dependencies + # with: + # path: target + # key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('Cargo.lock') }} - name: Install grcov uses: taiki-e/install-action@f63c33fd96cc1e69a29bafd06541cf28588b43a4 # v2.58.21 From 19a2fa8a40b9748a538600f96476ca1d6cd3340c Mon Sep 17 00:00:00 2001 From: Yonas Date: Sun, 21 Dec 2025 22:24:59 -0500 Subject: [PATCH 17/19] fix: Disable xtask coverage in linting workflow. Fixes #85. --- .github/workflows/test-with-coverage.yaml | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/.github/workflows/test-with-coverage.yaml b/.github/workflows/test-with-coverage.yaml index 8ef7512..68b3ec6 100644 --- a/.github/workflows/test-with-coverage.yaml +++ b/.github/workflows/test-with-coverage.yaml @@ -110,13 +110,14 @@ jobs: github_token: ${{ secrets.GITHUB_TOKEN }} files: results.xml - - name: Run xtask coverage - uses: actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505 # v1.0.3 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - command: xtask - args: coverage + # FIXME: https://github.com/yonasBSD/rust-ci-github-actions-workflow/issues/85 + #- name: Run xtask coverage + # uses: actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505 # v1.0.3 + # env: + # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # with: + # command: xtask + # args: coverage #- name: Upload Coverage Report # uses: codecov/codecov-action@v5 From 7fb0787315751abc36f7c50f84b1f6610310c683 Mon Sep 17 00:00:00 2001 From: Yonas Date: Sun, 21 Dec 2025 22:31:49 -0500 Subject: [PATCH 18/19] fix(ci): Pin toolkit to commit hash. --- .github/workflows/licenses.yaml | 2 +- .github/workflows/lint.yaml | 4 ++-- .github/workflows/release-packaging.yaml | 2 +- .github/workflows/security.yaml | 2 +- .github/workflows/test-with-coverage.yaml | 4 ++-- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/licenses.yaml b/.github/workflows/licenses.yaml index 947761d..43c45e6 100644 --- a/.github/workflows/licenses.yaml +++ b/.github/workflows/licenses.yaml @@ -43,7 +43,7 @@ jobs: toolchain: nightly - name: Run cargo-deny - uses: yonasBSD/toolkit@d9d381e7c259d31d02f8a18c491a1ea8980d824f # v0.1.0 + uses: yonasBSD/toolkit@9067fa17c79d97c3bad28da5ebba1d3c32ab3582 # v0.1.0 with: run: | cargo-deny check licenses bans diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index 61ef7ea..23707ba 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -45,7 +45,7 @@ jobs: - uses: mozilla-actions/sccache-action@7d986dd989559c6ecdb630a3fd2557667be217ad # v0.0.9 - name: Cargo Format - uses: yonasBSD/toolkit@78ad3a58b6617ea330c3641c2965005585e6652b # v0.1.0 + uses: yonasBSD/toolkit@9067fa17c79d97c3bad28da5ebba1d3c32ab3582 # v0.1.0 with: run: | cargo format --version @@ -53,7 +53,7 @@ jobs: cargo format --check - name: Tree Format - uses: yonasBSD/toolkit@78ad3a58b6617ea330c3641c2965005585e6652b # v0.1.0 + uses: yonasBSD/toolkit@9067fa17c79d97c3bad28da5ebba1d3c32ab3582 # v0.1.0 with: run: | treefmt diff --git a/.github/workflows/release-packaging.yaml b/.github/workflows/release-packaging.yaml index 7670d33..1d53aea 100644 --- a/.github/workflows/release-packaging.yaml +++ b/.github/workflows/release-packaging.yaml @@ -49,7 +49,7 @@ jobs: toolchain: stable - name: Release Build - uses: yonasBSD/toolkit@d9d381e7c259d31d02f8a18c491a1ea8980d824f # v0.1.0 + uses: yonasBSD/toolkit@9067fa17c79d97c3bad28da5ebba1d3c32ab3582 # v0.1.0 with: run: | cargo auditable build --release diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml index 971b84c..718baf5 100644 --- a/.github/workflows/security.yaml +++ b/.github/workflows/security.yaml @@ -95,7 +95,7 @@ jobs: toolchain: stable - name: Run advisories checklist - uses: yonasBSD/toolkit@d9d381e7c259d31d02f8a18c491a1ea8980d824f # v0.1.0 + uses: yonasBSD/toolkit@9067fa17c79d97c3bad28da5ebba1d3c32ab3582 # v0.1.0 with: run: | echo ### Advisories > $GITHUB_STEP_SUMMARY diff --git a/.github/workflows/test-with-coverage.yaml b/.github/workflows/test-with-coverage.yaml index 68b3ec6..c379fa8 100644 --- a/.github/workflows/test-with-coverage.yaml +++ b/.github/workflows/test-with-coverage.yaml @@ -87,7 +87,7 @@ jobs: tool: grcov,cargo-llvm-cov - name: Run tests - uses: yonasBSD/toolkit@78ad3a58b6617ea330c3641c2965005585e6652b # v0.1.0 + uses: yonasBSD/toolkit@9067fa17c79d97c3bad28da5ebba1d3c32ab3582 # v0.1.0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: @@ -95,7 +95,7 @@ jobs: task test - name: Generate test results and coverage report - uses: yonasBSD/toolkit@main + uses: yonasBSD/toolkit@9067fa17c79d97c3bad28da5ebba1d3c32ab3582 # v0.1.0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: From 8d4c2dbeb30c8114b1336a65d960eefd1479d72d Mon Sep 17 00:00:00 2001 From: Yonas Date: Sun, 21 Dec 2025 22:35:23 -0500 Subject: [PATCH 19/19] fix(ci): Pin toolkit to commit hash. --- .github/workflows/autofix.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/autofix.yaml b/.github/workflows/autofix.yaml index b633e27..d3588bf 100644 --- a/.github/workflows/autofix.yaml +++ b/.github/workflows/autofix.yaml @@ -17,7 +17,7 @@ jobs: uses: actions/checkout@v6 - name: Cargo Format - uses: yonasBSD/toolkit@main + uses: yonasBSD/toolkit@9067fa17c79d97c3bad28da5ebba1d3c32ab3582 # v0.1.0 with: run: | cargo format