chore: adds tests, clippy, formatting, and auditing to CI

changes the following to appease the new CI rules: * ignores unused dep warning for openssl-sys * runs cargo +nightly fmt on source
contentauth · Oct 28, 2024 · 4a8351a · 4a8351a
1 parent 11745b9
commit 4a8351a
Show file tree

Hide file tree

Showing 4 changed files with 167 additions and 28 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -15,6 +15,132 @@ on:
         default: 'false'
 
 jobs:
+  tests:
+    name: Unit tests
+
+    runs-on: ${{ matrix.os }}
+
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ windows-latest, macos-latest, ubuntu-latest ]
+        rust_version: [ stable, 1.76.0 ]
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Install Rust toolchain
+        uses: dtolnay/rust-toolchain@master
+        with:
+          toolchain: ${{ matrix.rust_version }}
+          components: llvm-tools-preview
+
+      - name: Cache Rust dependencies
+        uses: Swatinem/rust-cache@v2
+
+  clippy_check:
+    name: Clippy
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Install Rust toolchain
+        uses: dtolnay/rust-toolchain@stable
+        with:
+          components: clippy
+
+      - name: Cache Rust dependencies
+        uses: Swatinem/rust-cache@v2
+
+      - name: Run Clippy
+        run: cargo clippy --all-features --all-targets -- -Dwarnings
+
+  cargo_fmt:
+    name: Enforce Rust code format
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Install nightly toolchain
+        uses: dtolnay/rust-toolchain@nightly
+        with:
+          components: rustfmt
+
+      - name: Check format
+        run: cargo +nightly fmt --all -- --check
+
+  docs_rs:
+    name: Preflight docs.rs build
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Install nightly Rust toolchain
+        # Nightly is used here because the docs.rs build
+        # uses nightly and we use doc_cfg features that are
+        # not in stable Rust as of this writing (Rust 1.76).
+        uses: dtolnay/rust-toolchain@nightly
+
+      - name: Run cargo docs
+        # This is intended to mimic the docs.rs build
+        # environment. The goal is to fail PR validation
+        # if the subsequent release would result in a failed
+        # documentation build on docs.rs.
+        run: cargo +nightly doc --workspace --all-features --no-deps
+        env:
+          RUSTDOCFLAGS: --cfg docsrs
+          DOCS_RS: 1
+  cargo-deny:
+    name: License / vulnerability audit
+
+    runs-on: ubuntu-latest
+
+    strategy:
+      fail-fast: false
+      matrix:
+        checks:
+          - advisories
+          - bans licenses sources
+
+    # Prevent sudden announcement of a new advisory from failing CI:
+    continue-on-error: ${{ matrix.checks == 'advisories' }}
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Audit crate dependencies
+        uses: EmbarkStudios/cargo-deny-action@v2
+        with:
+          command: check ${{ matrix.checks }}
+
+  unused_deps:
+    name: Check for unused dependencies
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Install nightly Rust toolchain
+        uses: dtolnay/rust-toolchain@nightly
+
+      - name: Run cargo-udeps
+        uses: aig787/cargo-udeps-action@v1
+        with:
+          version: latest
+          args: --all-targets --all-features
+
   linux:
     runs-on: ubuntu-latest
     strategy:

diff --git a/Cargo.toml b/Cargo.toml
@@ -9,6 +9,8 @@ authors = ["Gavin Peacock <[email protected]"]
 name = "c2pa"
 crate-type = ["cdylib"]
 
+[package.metadata.cargo-udeps.ignore]
+normal = ["openssl-src"]
 
 [dependencies]
 c2pa = {version = "0.35.0", features = ["unstable_api", "file_io", "openssl", "pdf", "fetch_remote_manifests"]}
@@ -20,7 +22,6 @@ thiserror = "1.0.49"
 uniffi = "0.24.1"
 openssl-src = "=300.3.1" # Required for openssl-sys
 log = "0.4.21"
-env_logger = "0.11.3"
 
 [build-dependencies]
 uniffi = { version = "0.24.1", features = ["build"] }
diff --git a/src/callback_signer.rs b/src/callback_signer.rs
@@ -10,7 +10,7 @@
 // specific language governing permissions and limitations under
 // each license.
 
-use c2pa::{SigningAlg, Signer};
+use c2pa::{Signer, SigningAlg};
 use log::debug;
 
 use crate::Result;
@@ -29,32 +29,34 @@ pub struct CallbackSigner {
 }
 
 pub struct RemoteSigner {
-    signer_callback : Box<dyn SignerCallback>,
+    signer_callback: Box<dyn SignerCallback>,
     alg: SigningAlg,
     reserve_size: u32,
 }
 
-impl c2pa::Signer for RemoteSigner {
-  fn alg(&self) -> SigningAlg {
-      self.alg
-  }
+impl Signer for RemoteSigner {
+    fn sign(&self, data: &[u8]) -> c2pa::Result<Vec<u8>> {
+        self.signer_callback
+            .sign(data.to_vec())
+            .map_err(|e| c2pa::Error::BadParam(e.to_string()))
+    }
 
-  fn certs(&self) -> c2pa::Result<Vec<Vec<u8>>> {
-      Ok(Vec::new())
-  }
+    fn alg(&self) -> SigningAlg {
+        self.alg
+    }
 
-  // signer will return a COSE structure
-  fn direct_cose_handling(&self) -> bool {
-      true
-  }
+    fn certs(&self) -> c2pa::Result<Vec<Vec<u8>>> {
+        Ok(Vec::new())
+    }
 
-  fn sign(&self, data: &[u8]) -> c2pa::Result<Vec<u8>> {
-      self.signer_callback.sign(data.to_vec()).map_err(|e| c2pa::Error::BadParam(e.to_string()))
-  }
+    fn reserve_size(&self) -> usize {
+        self.reserve_size as usize // TODO: Find better conversion for usize
+    }
 
-  fn reserve_size(&self) -> usize {
-      self.reserve_size as usize // TODO: Find better conversion for usize
-  }
+    // signer will return a COSE structure
+    fn direct_cose_handling(&self) -> bool {
+        true
+    }
 }
 
 impl CallbackSigner {
@@ -76,22 +78,26 @@ impl CallbackSigner {
             signer = signer.set_tsa_url(url);
         }
 
-        Self { signer: Box::new(signer) }
+        Self {
+            signer: Box::new(signer),
+        }
     }
 
     pub fn new_from_signer(
-      callback: Box<dyn SignerCallback>,
-      alg: SigningAlg,
-      reserve_size: u32,
+        callback: Box<dyn SignerCallback>,
+        alg: SigningAlg,
+        reserve_size: u32,
     ) -> Self {
         debug!("c2pa-python: CallbackSigner -> new_from_signer");
         let signer = RemoteSigner {
             signer_callback: callback,
             alg,
-            reserve_size
+            reserve_size,
         };
 
-        Self { signer: Box::new(signer) }
+        Self {
+            signer: Box::new(signer),
+        }
     }
 
     /// The python Builder wrapper sign function calls this

diff --git a/src/lib.rs b/src/lib.rs
@@ -77,10 +77,16 @@ impl Reader {
         Ok(json)
     }
 
-    pub fn from_manifest_data_and_stream(&self, manifest_data: &[u8], format: &str, stream: &dyn Stream) -> Result<String> {
+    pub fn from_manifest_data_and_stream(
+        &self,
+        manifest_data: &[u8],
+        format: &str,
+        stream: &dyn Stream,
+    ) -> Result<String> {
         // uniffi doesn't allow mutable parameters, so we we use an adapter
         let mut stream = StreamAdapter::from(stream);
-        let reader = c2pa::Reader::from_manifest_data_and_stream(manifest_data, format, &mut stream)?;
+        let reader =
+            c2pa::Reader::from_manifest_data_and_stream(manifest_data, format, &mut stream)?;
         let json = reader.to_string();
         if let Ok(mut st) = self.reader.try_write() {
             *st = reader;