diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..f07da5f --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,27 @@ +version: 2 +updates: + + # Maintain dependencies for GitHub Actions + - package-ecosystem: github-actions + directory: '/' + schedule: { interval: weekly } + groups: + all-actions-version-updates: + applies-to: version-updates + patterns: [ '*' ] + all-actions-security-updates: + applies-to: security-updates + patterns: [ '*' ] + + # Update Rust dependencies + - package-ecosystem: cargo + directory: '/' + schedule: { interval: daily, time: '02:00' } + open-pull-requests-limit: 10 + groups: + all-cargo-version-updates: + applies-to: version-updates + patterns: [ '*' ] + all-cargo-security-updates: + applies-to: security-updates + patterns: [ '*' ] diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 0a34f9c..a623669 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -2,9 +2,9 @@ name: CI on: push: - branches: [ main, dev ] + branches: [ main ] pull_request: - branches: [ main, dev ] + branches: [ main ] workflow_dispatch: defaults: @@ -58,8 +58,48 @@ jobs: token: ${{ secrets.CODECOV_TOKEN }} files: target/llvm-cov/codecov.info - cargo-deny: + # This job checks if any of the previous jobs failed or were canceled. + # This approach also allows some jobs to be skipped if they are not needed. + ci-passed: + needs: [ test, test-msrv ] + if: always() runs-on: ubuntu-latest + steps: + - name: Result of the needed steps + run: echo "${{ toJSON(needs) }}" + - if: ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') }} + run: exit 1 + + # Release unpublished packages or create a PR with changes + release-plz: + needs: [ ci-passed ] + if: | + always() + && needs.ci-passed.result == 'success' + && github.event_name == 'push' + && github.ref == 'refs/heads/main' + && github.repository_owner == 'oxibus' + runs-on: ubuntu-latest + permissions: + contents: write + id-token: write + pull-requests: write + concurrency: + group: release-plz-${{ github.ref }} + cancel-in-progress: false steps: - uses: actions/checkout@v5 - - uses: EmbarkStudios/cargo-deny-action@v1 + with: { fetch-depth: 0 } + - uses: dtolnay/rust-toolchain@stable + - name: Publish to crates.io if crate's version is newer + uses: release-plz/action@v0.5 + id: release + with: { command: release } + env: + GITHUB_TOKEN: ${{ secrets.RELEASE_PLZ_TOKEN }} + - if: ${{ steps.release.outputs.releases_created == 'false' }} + name: If version is the same, create a PR proposing new version and changelog for the next release + uses: release-plz/action@v0.5 + with: { command: release-pr } + env: + GITHUB_TOKEN: ${{ secrets.RELEASE_PLZ_TOKEN }} diff --git a/.github/workflows/dependabot.yml b/.github/workflows/dependabot.yml new file mode 100644 index 0000000..b77d18d --- /dev/null +++ b/.github/workflows/dependabot.yml @@ -0,0 +1,23 @@ +name: Dependabot auto-merge +on: pull_request + +jobs: + dependabot: + runs-on: ubuntu-latest + if: github.actor == 'dependabot[bot]' + steps: + - name: Dependabot metadata + id: metadata + uses: dependabot/fetch-metadata@v2 + - name: Approve Dependabot PRs + if: steps.metadata.outputs.update-type == 'version-update:semver-patch' + run: gh pr review --approve "$PR_URL" + env: + PR_URL: ${{ github.event.pull_request.html_url }} + GITHUB_TOKEN: ${{ secrets.RELEASE_PLZ_TOKEN }} + - name: Enable auto-merge for Dependabot PRs + if: steps.metadata.outputs.update-type == 'version-update:semver-patch' + run: gh pr merge --auto --squash "$PR_URL" + env: + PR_URL: ${{ github.event.pull_request.html_url }} + GITHUB_TOKEN: ${{ secrets.RELEASE_PLZ_TOKEN }} diff --git a/README.md b/README.md index 44476d3..0ec92ba 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,6 @@ [![crates.io license](https://img.shields.io/crates/l/can-dbc)](https://github.com/oxibus/can-dbc) [![CI build status](https://github.com/oxibus/can-dbc/actions/workflows/ci.yml/badge.svg)](https://github.com/oxibus/can-dbc/actions) [![Codecov](https://img.shields.io/codecov/c/github/oxibus/can-dbc)](https://app.codecov.io/gh/oxibus/can-dbc) -[![Cargo Deny Status](https://img.shields.io/badge/cargo--deny-license%20checked-green)](https://github.com/oxibus/can-dbc/actions) A CAN-dbc format parser written with Rust's [nom](https://github.com/Geal/nom) parser combinator library. CAN databases are used to exchange details about a CAN network, e.g. what messages are being send over the CAN bus and what data do they contain. diff --git a/deny.toml b/deny.toml index 8f594ac..55c88e0 100644 --- a/deny.toml +++ b/deny.toml @@ -1,128 +1,12 @@ -# This template contains all of the possible sections and their default values - -# Note that all fields that take a lint level have these possible values: -# * deny - An error will be produced and the check will fail -# * warn - A warning will be produced, but the check will not fail -# * allow - No warning or error will be produced, though in some cases a note will be - -# If 1 or more target triples (and optionally, target_features) are specified, only -# the specified targets will be checked when running `cargo deny check`. This means, -# if a particular package is only ever used as a target specific dependency, such -# as, for example, the `nix` crate only being used via the `target_family = "unix"` -# configuration, that only having windows targets in this list would mean the nix -# crate, as well as any of its exclusive dependencies not shared by any other -# crates, would be ignored, as the target list here is effectively saying which -# targets you are building for. -targets = [ - # The triple can be any string, but only the target triples built in to - # rustc (as of 1.40) can be checked against actual config expressions - #{ triple = "x86_64-unknown-linux-musl" }, - # You can also specify which target_features you promise are enabled for a particular - # target. target_features are currently not validated against the actual valid - # features supported by the target architecture. - #{ triple = "wasm32-unknown-unknown", features = ["atomics"] }, -] - -# This section is considered when running `cargo deny check advisories` -# More documentation for the advisories section can be found here: -# https://github.com/EmbarkStudios/cargo-deny#the-advisories-section -[advisories] -# The path where the advisory database is cloned/fetched into -db-path = "~/.cargo/advisory-db" -# The url of the advisory database to use -db-urls = ["https://github.com/rustsec/advisory-db"] -# The lint level for security vulnerabilities -vulnerability = "deny" -# The lint level for unmaintained crates -unmaintained = "warn" -# The lint level for crates with security notices. Note that as of -# 2019-12-17 there are no security notice advisories in https://github.com/rustsec/advisory-db -notice = "warn" -# A list of advisory IDs to ignore. Note that ignored advisories will still output -# a note when they are encountered. -ignore = [] -# Threshold for security vulnerabilities, any vulnerability with a CVSS score -# lower than the range specified will be ignored. Note that ignored advisories -# will still output a note when they are encountered. -# * None - CVSS Score 0.0 -# * Low - CVSS Score 0.1 - 3.9 -# * Medium - CVSS Score 4.0 - 6.9 -# * High - CVSS Score 7.0 - 8.9 -# * Critical - CVSS Score 9.0 - 10.0 -#severity-threshold = - # This section is considered when running `cargo deny check licenses` # More documentation for the licenses section can be found here: -# https://github.com/EmbarkStudios/cargo-deny#the-licenses-section +# https://embarkstudios.github.io/cargo-deny/checks/licenses/cfg.html [licenses] -# The lint level for crates which do not have a detectable license -unlicensed = "deny" -# List of explictly allowed licenses -# See https://spdx.org/licenses/ for list of possible licenses -# [possible values: any SPDX 3.7 short identifier (+ optional exception)]. -allow = ["Apache-2.0", "MIT", "Unicode-DFS-2016", "Unicode-3.0"] -# List of explictly disallowed licenses +# List of explicitly allowed licenses # See https://spdx.org/licenses/ for list of possible licenses -# [possible values: any SPDX 3.7 short identifier (+ optional exception)]. -deny = [] -# The lint level for licenses considered copyleft -copyleft = "warn" -# Blanket approval or denial for OSI-approved or FSF Free/Libre licenses -# * both - The license will only be approved if it is both OSI-approved *AND* FSF/Free -# * either - The license will be approved if it is either OSI-approved *OR* FSF/Free -# * osi-only - The license will be approved if is OSI-approved *AND NOT* FSF/Free -# * fsf-only - The license will be approved if is FSF/Free *AND NOT* OSI-approved -# * neither - The license will be denied if is FSF/Free *OR* OSI-approved -allow-osi-fsf-free = "neither" -# The confidence threshold for detecting a license from license text. -# The higher the value, the more closely the license text must be to the -# canonical license text of a valid SPDX license file. -# [possible values: any between 0.0 and 1.0]. -confidence-threshold = 0.8 - -# This section is considered when running `cargo deny check bans`. -# More documentation about the 'bans' section can be found here: -# https://github.com/EmbarkStudios/cargo-deny#crate-bans-cargo-deny-check-ban -[bans] -# Lint level for when multiple versions of the same crate are detected -multiple-versions = "warn" -# The graph highlighting used when creating dotgraphs for crates -# with multiple versions -# * lowest-version - The path to the lowest versioned duplicate is highlighted -# * simplest-path - The path to the version with the fewest edges is highlighted -# * all - Both lowest-version and simplest-path are used -highlight = "all" -# List of crates that are allowed. Use with care! +# [possible values: any SPDX 3.11 short identifier (+ optional exception)]. allow = [ - #{ name = "ansi_term", version = "=0.11.0" }, -] -# List of crates to deny -deny = [ - # Each entry the name of a crate and a version range. If version is - # not specified, all versions will be matched. - #{ name = "ansi_term", version = "=0.11.0" }, -] -# Certain crates/versions that will be skipped when doing duplicate detection. -skip = [ - #{ name = "ansi_term", version = "=0.11.0" }, -] -# Similarly to `skip` allows you to skip certain crates during duplicate detection, -# unlike skip, it also includes the entire tree of transitive dependencies starting at -# the specified crate, up to a certain depth, which is by default infinite -skip-tree = [ - #{ name = "ansi_term", version = "=0.11.0", depth = 20 }, + "Apache-2.0", + "MIT", + "Unicode-3.0", ] - - -# This section is considered when running `cargo deny check sources`. -# More documentation about the 'sources' section can be found here: -# https://github.com/EmbarkStudios/cargo-deny#crate-sources-cargo-deny-check-sources -[sources] -# Lint level for what to happen when a crate from a crate registry that is not in the allow list is encountered -unknown-registry = "warn" -# Lint level for what to happen when a crate from a git repository that is not in the allow list is encountered -unknown-git = "warn" -# List of URLs for allowed crate registries, by default https://github.com/rust-lang/crates.io-index is included -#allow-registry = [] -# List of URLs for allowed Git repositories -allow-git = [] diff --git a/justfile b/justfile index 4019e1d..e34227a 100755 --- a/justfile +++ b/justfile @@ -38,7 +38,7 @@ ci-coverage: env-info && \ mkdir -p target/llvm-cov # Run all tests as expected by CI -ci-test: env-info test-fmt clippy test test-doc && assert-git-is-clean +ci-test: env-info test-fmt clippy test test-doc deny && assert-git-is-clean # Run minimal subset of tests to ensure compatibility with MSRV ci-test-msrv: env-info check test @@ -56,6 +56,9 @@ clippy *args: coverage *args='--no-clean --open': (cargo-install 'cargo-llvm-cov') cargo llvm-cov {{packages}} {{features}} {{targets}} --include-build-script {{args}} +deny *args='check': (cargo-install 'cargo-deny') + cargo deny {{args}} + # Build and open code documentation docs *args='--open': DOCS_RS=1 cargo doc --no-deps {{args}} {{packages}} {{features}}