diff --git a/.github/dependabot.yml b/.github/dependabot.yml index eae7990..05e07a5 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -9,11 +9,15 @@ updates: github-actions: patterns: - "*" + cooldown: + default-days: 30 - package-ecosystem: "cargo" directory: "/" schedule: interval: "monthly" + cooldown: + default-days: 30 # Security updates only: open-pull-requests-limit: 0 groups: diff --git a/.github/workflows/dependabot-prek.yaml b/.github/workflows/dependabot-prek.yaml deleted file mode 100644 index b4cce55..0000000 --- a/.github/workflows/dependabot-prek.yaml +++ /dev/null @@ -1,34 +0,0 @@ -name: Dependabot `prek auto-update` - -on: - push: - branches: - - "dependabot/github_actions/**" - -jobs: - prek-auto-update: - # Only run on dependabot PRs - if: github.actor == 'dependabot[bot]' - runs-on: ubuntu-latest - permissions: - contents: write - steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - with: - ref: ${{ github.head_ref }} - token: ${{ secrets.PUSH_TOKEN }} - - uses: taiki-e/install-action@25435dc8dd3baed7417e0c96d3fe89013a5b2e09 # v2.81.3 - with: - tool: prek - - run: prek auto-update - - - name: Commit changes - run: | - git config user.name "github-actions[bot]" - git config user.email "41898282+github-actions[bot]@users.noreply.github.com" - - if [[ -n $(git status --porcelain) ]]; then - git add -A - git commit -m $'`prek auto-update`\n\n[dependabot skip]' - git push - fi diff --git a/.github/workflows/pr-checks.yaml b/.github/workflows/pr-checks.yaml index 3a91d98..4af42c0 100644 --- a/.github/workflows/pr-checks.yaml +++ b/.github/workflows/pr-checks.yaml @@ -7,12 +7,21 @@ on: - main pull_request: +permissions: {} + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + env: CLICOLOR: 1 +# These would more naturally be separate jobs, but GitHub actions “bills” each +# job separately and rounds up to the next minute, so four 10 second jobs “cost” +# my account 4 action minutes. jobs: - clippy: - name: cargo clippy + checks: + name: Checks runs-on: ${{ matrix.os }} strategy: matrix: @@ -20,77 +29,66 @@ jobs: - os: ubuntu-latest - os: windows-latest - os: macos-latest + timeout-minutes: 30 + permissions: + security-events: write # SARIF reporting for zizmor steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + - uses: actions-rust-lang/setup-rust-toolchain@46268bd060767258de96ed93c1251119784f2ab6 # v1.16.1 with: + toolchain: stable components: clippy - - run: cargo clippy --all-features --all-targets - - name: check doc lints - env: - RUSTDOCFLAGS: --document-private-items -Dwarnings - run: cargo doc --no-deps --all-features - deny: - name: cargo deny - runs-on: ubuntu-latest + - uses: actions-rust-lang/setup-rust-toolchain@46268bd060767258de96ed93c1251119784f2ab6 # v1.16.1 + with: + toolchain: nightly + components: rustfmt - steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - - uses: EmbarkStudios/cargo-deny-action@bb137d7af7e4fb67e5f82a49c4fce4fad40782fe # v2.0.20 + - uses: Swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4 # v2.9.1 + + - uses: taiki-e/install-action@e49978b799e49ff429d162b7a30601a569ab6538 # v2.81.1 with: - rust-version: "1.85.0" + tool: cargo-msrv - fmt: - name: cargo fmt - runs-on: ubuntu-latest + - uses: crate-ci/typos@37bb98842b0d8c4ffebdb75301a13db0267cef89 # v1.47.2 + if: ${{ !cancelled() && runner.os == 'Linux' }} - steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - - uses: actions-rust-lang/setup-rust-toolchain@46268bd060767258de96ed93c1251119784f2ab6 # v1.16.1 + - uses: zizmorcore/zizmor-action@5f14fd08f7cf1cb1609c1e344975f152c7ee938d # v0.5.6 + if: ${{ !cancelled() && runner.os == 'Linux' }} with: - components: rustfmt - - uses: actions-rust-lang/rustfmt@4066006ec54a31931b9b1fddfd38f2fdf2d27143 # v1.1.2 + persona: pedantic - msrv: - name: cargo msrv - runs-on: ${{ matrix.os }} - strategy: - matrix: - include: - - os: ubuntu-latest - - os: windows-latest - - os: macos-latest + - uses: actions-rust-lang/rustfmt@4066006ec54a31931b9b1fddfd38f2fdf2d27143 # v1.1.2 + if: ${{ !cancelled() && runner.os == 'Linux' }} - steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - - uses: Swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4 # v2.9.1 - - uses: taiki-e/install-action@25435dc8dd3baed7417e0c96d3fe89013a5b2e09 # v2.81.3 + - uses: EmbarkStudios/cargo-deny-action@bb137d7af7e4fb67e5f82a49c4fce4fad40782fe # v2.0.20 + if: ${{ !cancelled() && runner.os == 'Linux' }} with: - tool: cargo-msrv - - run: cargo msrv verify + rust-version: "1.85.0" - test: - name: cargo test - runs-on: ${{ matrix.os }} - strategy: - matrix: - include: - - os: ubuntu-latest - - os: windows-latest - - os: macos-latest + - name: cargo clippy + if: ${{ !cancelled() }} + run: cargo +stable clippy --all-features --all-targets - steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - - uses: actions-rust-lang/setup-rust-toolchain@46268bd060767258de96ed93c1251119784f2ab6 # v1.16.1 - - run: cargo build --tests --all-features - - run: cargo test --all-features + - name: cargo doc lints + if: ${{ !cancelled() }} + env: + RUSTDOCFLAGS: --document-private-items -Dwarnings + run: cargo +stable doc --no-deps --all-features - typos: - name: typos - runs-on: ubuntu-latest + - name: cargo msrv + if: ${{ !cancelled() }} + run: cargo msrv verify - steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - - uses: crate-ci/typos@44e2070e6017f834bf069503acb35ca0ca0b75f2 # v1.47.1 + - name: cargo build + id: cargo_build + if: ${{ !cancelled() }} + run: cargo +stable build --tests --all-features + + - name: cargo test + if: ${{ !cancelled() && steps.cargo_build.outcome == 'success' }} + run: cargo +stable test --all-features diff --git a/.github/workflows/prek-auto-update.yaml b/.github/workflows/prek-auto-update.yaml new file mode 100644 index 0000000..583a5e2 --- /dev/null +++ b/.github/workflows/prek-auto-update.yaml @@ -0,0 +1,29 @@ +name: prek auto-update + +on: + schedule: + - cron: "0 12 * * 5" # Every Friday at 12:00 UTC (5am PDT / 4am PST). + workflow_dispatch: + +permissions: {} + +concurrency: + group: ${{ github.workflow }} + cancel-in-progress: true + +jobs: + prek-auto-update: + name: prek auto-update + runs-on: ubuntu-latest + timeout-minutes: 10 + permissions: + contents: write # Change files + pull-requests: write # Create and update PRs + steps: + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + with: + # zizmor: ignore[artipacked] no archive; needed for git + persist-credentials: true + - uses: danielparks/github-actions/prek-auto-update@2f6c98c73f0a8130d737500b59a0fddf749b484d # v1.1.1 + with: + token: ${{ secrets.AUTO_UPDATE_TOKEN }} diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index bbd2ccd..008d238 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -1,14 +1,17 @@ # Mostly copied from https://github.com/taiki-e/cargo-hack/blob/main/.github/workflows/release.yml name: Release -permissions: - contents: read - on: push: tags: - v*.*.* +permissions: {} + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + env: CARGO_INCREMENTAL: 0 CARGO_NET_GIT_FETCH_WITH_CLI: true @@ -21,22 +24,24 @@ env: jobs: create-release: if: github.repository_owner == 'danielparks' - runs-on: ubuntu-latest + name: Create + timeout-minutes: 5 permissions: - contents: write + contents: write # To create release + runs-on: ubuntu-latest steps: - uses: danielparks/github-actions/create-release@e6897e1bad61baaecaf6683db8a69747ddcf40f1 # v1.0.0 with: token: ${{ secrets.GITHUB_TOKEN }} upload-assets: - name: ${{ matrix.target }} if: github.repository_owner == 'danielparks' + name: ${{ matrix.target }} needs: - create-release timeout-minutes: 60 permissions: - contents: write + contents: write # To upload artifacts to release strategy: matrix: include: @@ -67,4 +72,3 @@ jobs: with: target: ${{ matrix.target }} token: ${{ secrets.GITHUB_TOKEN }} - diff --git a/.pinact.yaml b/.pinact.yaml new file mode 100644 index 0000000..2a2c2d5 --- /dev/null +++ b/.pinact.yaml @@ -0,0 +1,9 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/suzuki-shunsuke/pinact/refs/heads/main/json-schema/pinact.json +# pinact - https://github.com/suzuki-shunsuke/pinact +version: 3 +min_age: + value: 30 +rules: + - min_age: 0 + conditions: + - expr: ActionRepoOwner == "danielparks" diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 152ab8e..9f8f339 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -25,6 +25,13 @@ repos: - id: typos args: [] exclude: "target/" + - repo: https://github.com/zizmorcore/zizmor-pre-commit + rev: v1.25.2 + hooks: + - id: zizmor + args: + - "--no-progress" # https://github.com/zizmorcore/zizmor/issues/582 + - "--persona=pedantic" - repo: local hooks: - id: cargo clippy diff --git a/rustfmt.toml b/rustfmt.toml index 6d008f1..ff11f28 100644 --- a/rustfmt.toml +++ b/rustfmt.toml @@ -2,3 +2,6 @@ max_width = 80 newline_style = "Unix" struct_lit_width = 60 use_field_init_shorthand = true + +unstable_features = true +wrap_comments = true diff --git a/src/lib.rs b/src/lib.rs index 3213c09..9cec7df 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -118,14 +118,14 @@ pub struct Head { /// How many commits are we ahead of upstream? /// - /// `None` means that there is no upstream, or there is no equivalent branch - /// in upstream. + /// `None` means that there is no upstream, or there is no equivalent + /// branch in upstream. pub ahead_of_upstream: Option, /// How many commits are we behind upstream? /// - /// `None` means that there is no upstream, or there is no equivalent branch - /// in upstream. + /// `None` means that there is no upstream, or there is no equivalent + /// branch in upstream. pub behind_upstream: Option, /// An error encountered trying to calculate differences with upstream.