diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 1822d5e8..225902e6 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -21,7 +21,7 @@ updates: - package-ecosystem: github-actions directory: / schedule: - interval: weekly + interval: monthly cooldown: default-days: 14 commit-message: diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 0f72c6d4..ed159d7d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,7 +1,6 @@ name: CI -permissions: - contents: read +permissions: {} on: pull_request: @@ -36,9 +35,9 @@ concurrency: jobs: msrv: needs: tidy - uses: taiki-e/github-actions/.github/workflows/msrv.yml@d34e3b863da529f7c30e571fec0170fbf64fa40c # main + uses: taiki-e/github-actions/.github/workflows/msrv.yml@2474ed4664eb8903c151603a9d841512c069f7f6 # main tidy: - uses: taiki-e/github-actions/.github/workflows/tidy.yml@d34e3b863da529f7c30e571fec0170fbf64fa40c # main + uses: taiki-e/github-actions/.github/workflows/tidy.yml@2474ed4664eb8903c151603a9d841512c069f7f6 # main permissions: contents: write # for creating branch for pr pull-requests: write # unused (used in `codegen-automerge: true` case) @@ -64,11 +63,11 @@ jobs: strategy: fail-fast: false matrix: ${{ fromJSON(needs.prepare.outputs.test-matrix) }} - runs-on: ${{ matrix.os || 'ubuntu-latest' }} + runs-on: ${{ matrix.os || 'ubuntu-24.04' }} timeout-minutes: 60 steps: - uses: taiki-e/checkout-action@7d1e50e93dc4fb3bba58f85018fadf77898aee8b # v1.4.2 - - uses: taiki-e/github-actions/free-device-space@d34e3b863da529f7c30e571fec0170fbf64fa40c # main # zizmor: ignore[stale-action-refs] + - uses: taiki-e/github-actions/free-device-space@2474ed4664eb8903c151603a9d841512c069f7f6 # main # zizmor: ignore[stale-action-refs] if: startsWith(matrix.target, 'hexagon') # - run: sudo apt-get -o Acquire::Retries=10 -qq update && sudo apt-get -o Acquire::Retries=10 -o Dpkg::Use-Pty=0 install -y --no-install-recommends moreutils # if: startsWith(matrix.os, 'ubuntu') || matrix.os == '' @@ -76,24 +75,21 @@ jobs: # if: startsWith(matrix.os, 'macos') # - run: C:/msys64/usr/bin/pacman -S --noconfirm moreutils # if: startsWith(matrix.os, 'windows') - - uses: taiki-e/install-action@b8be7f5e140177087325943c4a8e169d01c59b3d # v2.75.3 - with: - tool: cargo-hack,cargo-minimal-versions - fallback: none - - uses: taiki-e/install-action@b8be7f5e140177087325943c4a8e169d01c59b3d # v2.75.3 + - uses: taiki-e/install-action@7ea35f098a7369cd23488403f58be9c491a6c55f # v2.77.0 with: # 0.4.8 fails with at least nightly-2023-05-09 to nightly-2024-01-05 tool: cargo-careful${{ (startsWith(matrix.rust, 'nightly-2023') || startsWith(matrix.rust, 'nightly-2024')) && '@0.4.7' || '' }} fallback: none if: startsWith(matrix.rust, 'nightly') && !(startsWith(matrix.os, 'ubuntu') && contains(matrix.os, '-arm')) - - uses: taiki-e/cache-cargo-install-action@a8b9ecf8e0c0ea09d7481cfc583a5203ecd585b5 # v3.0.5 + - uses: taiki-e/cache-cargo-install-action@f9eed3e4680f27610dc6d8c67be1b88593f7dade # v3.0.6 with: # 0.4.8 fails with at least nightly-2023-05-09 to nightly-2024-01-05 tool: cargo-careful${{ (startsWith(matrix.rust, 'nightly-2023') || startsWith(matrix.rust, 'nightly-2024')) && '@0.4.7' || '' }} if: startsWith(matrix.rust, 'nightly') && startsWith(matrix.os, 'ubuntu') && contains(matrix.os, '-arm') - - uses: taiki-e/github-actions/install-rust@d34e3b863da529f7c30e571fec0170fbf64fa40c # main # zizmor: ignore[stale-action-refs] + - uses: taiki-e/install-action@7ea35f098a7369cd23488403f58be9c491a6c55f # v2.77.0 with: - toolchain: ${{ matrix.rust }} + tool: rust@${{ matrix.rust }},cargo-hack,cargo-minimal-versions + fallback: none - id: prepare run: | if [[ -z "${TARGET}" ]]; then @@ -107,9 +103,11 @@ jobs: fi env: TARGET: ${{ matrix.target }} - - uses: taiki-e/setup-cross-toolchain-action@d62f33b587e73b0004731caebc7d2d46b18a7567 # v1.39.2 + - uses: taiki-e/setup-cross-toolchain-action@129361238c06ff2cc1c4ca5c5d2217af441ffdf6 # v1.40.1 with: target: ${{ matrix.target }} + # TODO(loongarch): wrong result + qemu: ${{ startsWith(matrix.target, 'loongarch64-') && '10.2' || '' }} if: steps.prepare.outputs.target-not-host == 'true' && !startsWith(matrix.target, 'csky-') # TODO: not yet supported in setup-cross-toolchain-action - run: | @@ -153,6 +151,9 @@ jobs: env: TARGET: ${{ matrix.target }} if: startsWith(matrix.target, 'csky-') + - run: | + printf 'QEMU_CPU=\n' >>"${GITHUB_ENV}" + if: startsWith(matrix.target, 'loongarch64-') - run: | target_lower="${TARGET//-/_}" target_lower="${target_lower//./_}" @@ -544,7 +545,7 @@ jobs: runner: native os: ubuntu-24.04-arm container: debian:13-slim - runs-on: ${{ matrix.os || 'ubuntu-latest' }} + runs-on: ${{ matrix.os || 'ubuntu-24.04' }} timeout-minutes: 60 container: image: ${{ matrix.container }} @@ -555,28 +556,26 @@ jobs: apt-get -o Acquire::Retries=10 -qq update apt-get -o Acquire::Retries=10 -o Dpkg::Use-Pty=0 install -y --no-install-recommends gcc libc6-dev # apt-get -o Acquire::Retries=10 -o Dpkg::Use-Pty=0 install -y --no-install-recommends moreutils - - uses: taiki-e/install-action@b8be7f5e140177087325943c4a8e169d01c59b3d # v2.75.3 - with: - tool: cargo-hack - fallback: none - - uses: taiki-e/install-action@b8be7f5e140177087325943c4a8e169d01c59b3d # v2.75.3 + - uses: taiki-e/install-action@7ea35f098a7369cd23488403f58be9c491a6c55f # v2.77.0 with: # 0.4.8 fails with at least nightly-2023-05-09 to nightly-2024-01-05 tool: cargo-careful${{ (startsWith(matrix.rust, 'nightly-2023') || startsWith(matrix.rust, 'nightly-2024')) && '@0.4.7' || '' }} fallback: none if: startsWith(matrix.rust, 'nightly') && !(startsWith(matrix.os, 'ubuntu') && contains(matrix.os, '-arm')) - - uses: taiki-e/github-actions/install-rust@d34e3b863da529f7c30e571fec0170fbf64fa40c # main # zizmor: ignore[stale-action-refs] + - uses: taiki-e/install-action@7ea35f098a7369cd23488403f58be9c491a6c55f # v2.77.0 with: - toolchain: stable + tool: rust@stable + fallback: none if: startsWith(matrix.rust, 'nightly') && startsWith(matrix.os, 'ubuntu') && contains(matrix.os, '-arm') - - uses: taiki-e/cache-cargo-install-action@a8b9ecf8e0c0ea09d7481cfc583a5203ecd585b5 # v3.0.5 + - uses: taiki-e/cache-cargo-install-action@f9eed3e4680f27610dc6d8c67be1b88593f7dade # v3.0.6 with: # 0.4.8 fails with at least nightly-2023-05-09 to nightly-2024-01-05 tool: cargo-careful${{ (startsWith(matrix.rust, 'nightly-2023') || startsWith(matrix.rust, 'nightly-2024')) && '@0.4.7' || '' }} if: startsWith(matrix.rust, 'nightly') && startsWith(matrix.os, 'ubuntu') && contains(matrix.os, '-arm') - - uses: taiki-e/github-actions/install-rust@d34e3b863da529f7c30e571fec0170fbf64fa40c # main # zizmor: ignore[stale-action-refs] + - uses: taiki-e/install-action@7ea35f098a7369cd23488403f58be9c491a6c55f # v2.77.0 with: - toolchain: ${{ matrix.rust }} + tool: rust@${{ matrix.rust }},cargo-hack + fallback: none - id: prepare run: | if [[ -z "${TARGET}" ]]; then @@ -590,7 +589,7 @@ jobs: fi env: TARGET: ${{ matrix.target }} - - uses: taiki-e/setup-cross-toolchain-action@d62f33b587e73b0004731caebc7d2d46b18a7567 # v1.39.2 + - uses: taiki-e/setup-cross-toolchain-action@129361238c06ff2cc1c4ca5c5d2217af441ffdf6 # v1.40.1 with: target: ${{ matrix.target }} runner: ${{ matrix.runner }} @@ -658,16 +657,13 @@ jobs: - name: nightly, --tests rust: nightly tests: 1 - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 timeout-minutes: 60 steps: - uses: taiki-e/checkout-action@7d1e50e93dc4fb3bba58f85018fadf77898aee8b # v1.4.2 - - uses: taiki-e/github-actions/install-rust@d34e3b863da529f7c30e571fec0170fbf64fa40c # main # zizmor: ignore[stale-action-refs] - with: - toolchain: ${{ matrix.rust }} - - uses: taiki-e/install-action@b8be7f5e140177087325943c4a8e169d01c59b3d # v2.75.3 + - uses: taiki-e/install-action@7ea35f098a7369cd23488403f58be9c491a6c55f # v2.77.0 with: - tool: cargo-hack + tool: rust@${{ matrix.rust }},cargo-hack fallback: none - run: tools/build.sh env: @@ -693,18 +689,14 @@ jobs: # - nightly-2025-08-06 # Rust 1.91, LLVM 20 # - nightly-2026-01-28 # Rust 1.95, LLVM 21 - nightly - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 timeout-minutes: 60 steps: - uses: taiki-e/checkout-action@7d1e50e93dc4fb3bba58f85018fadf77898aee8b # v1.4.2 - - uses: taiki-e/github-actions/install-rust@d34e3b863da529f7c30e571fec0170fbf64fa40c # main # zizmor: ignore[stale-action-refs] + - uses: taiki-e/install-action@7ea35f098a7369cd23488403f58be9c491a6c55f # v2.77.0 with: - toolchain: ${{ matrix.rust }} - - uses: taiki-e/install-action@b8be7f5e140177087325943c4a8e169d01c59b3d # v2.75.3 - with: - tool: cargo-hack,espup + tool: rust@${{ matrix.rust }}${{ matrix.rust == 'stable' && ',cargo-hack,espup' || '' }} fallback: none - if: matrix.rust == 'stable' - run: | retry() { for i in {1..10}; do @@ -825,13 +817,14 @@ jobs: # TODO: "unhandled instruction: 0x4508 0xD103" in atomic_sub in Arc::drop (as of Valgrind 3.26) # - target: thumbv7neon-unknown-linux-gnueabihf # os: ubuntu-24.04-arm - runs-on: ${{ matrix.os || 'ubuntu-latest' }} + runs-on: ${{ matrix.os || 'ubuntu-24.04' }} timeout-minutes: 60 steps: - uses: taiki-e/checkout-action@7d1e50e93dc4fb3bba58f85018fadf77898aee8b # v1.4.2 - - uses: taiki-e/github-actions/install-rust@d34e3b863da529f7c30e571fec0170fbf64fa40c # main # zizmor: ignore[stale-action-refs] + - uses: taiki-e/install-action@7ea35f098a7369cd23488403f58be9c491a6c55f # v2.77.0 with: - toolchain: nightly + tool: rust@nightly + fallback: none - id: prepare run: | if [[ -z "${TARGET}" ]]; then @@ -845,7 +838,7 @@ jobs: env: TARGET: ${{ matrix.target }} # - run: apt-get -o Acquire::Retries=10 -qq update && apt-get -o Acquire::Retries=10 -o Dpkg::Use-Pty=0 install -y --no-install-recommends moreutils - - uses: taiki-e/setup-cross-toolchain-action@d62f33b587e73b0004731caebc7d2d46b18a7567 # v1.39.2 + - uses: taiki-e/setup-cross-toolchain-action@129361238c06ff2cc1c4ca5c5d2217af441ffdf6 # v1.40.1 with: target: ${{ matrix.target }} runner: valgrind @@ -937,19 +930,20 @@ jobs: arch: riscv64 - target: s390x-unknown-linux-gnu arch: s390x - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 timeout-minutes: 60 steps: - uses: taiki-e/checkout-action@7d1e50e93dc4fb3bba58f85018fadf77898aee8b # v1.4.2 - - uses: taiki-e/github-actions/install-rust@d34e3b863da529f7c30e571fec0170fbf64fa40c # main # zizmor: ignore[stale-action-refs] + - uses: taiki-e/install-action@7ea35f098a7369cd23488403f58be9c491a6c55f # v2.77.0 with: - toolchain: nightly + tool: rust@nightly + fallback: none # - run: sudo apt-get -o Acquire::Retries=10 -qq update && apt-get -o Acquire::Retries=10 -o Dpkg::Use-Pty=0 install -y --no-install-recommends moreutils - - uses: taiki-e/setup-cross-toolchain-action@d62f33b587e73b0004731caebc7d2d46b18a7567 # v1.39.2 + - uses: taiki-e/setup-cross-toolchain-action@129361238c06ff2cc1c4ca5c5d2217af441ffdf6 # v1.40.1 with: target: ${{ matrix.target }} runner: valgrind - - uses: taiki-e/github-actions/setup-docker@d34e3b863da529f7c30e571fec0170fbf64fa40c # main # zizmor: ignore[stale-action-refs] + - uses: taiki-e/github-actions/setup-docker@2474ed4664eb8903c151603a9d841512c069f7f6 # main # zizmor: ignore[stale-action-refs] with: buildx: false qemu: ${{ matrix.arch }} @@ -1015,12 +1009,14 @@ jobs: done cat -- ./run chmod +x ./run + # https://github.com/taiki-e/dockerfiles/pkgs/container/valgrind + valgrind_version='3.26.0' docker run --rm --init --user "$(id -u)":"$(id -g)" \ --mount "type=bind,source=${workspace_dir},target=${workspace_dir}" --workdir "${workspace_dir}" \ -e CI -e GITHUB_ACTIONS \ -e RUST_BACKTRACE -e RUST_TEST_THREADS \ -e ATOMIC_MAYBE_UNINIT_DENY_WARNINGS \ - --platform=linux/"${ARCH}" ghcr.io/taiki-e/valgrind:"${ARCH}"-cross \ + --platform=linux/"${ARCH}" ghcr.io/taiki-e/valgrind:"${valgrind_version}-${ARCH}"-cross \ ./run env: TARGET: ${{ matrix.target }} @@ -1028,17 +1024,13 @@ jobs: asm-test: needs: tidy - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 timeout-minutes: 60 steps: - uses: taiki-e/checkout-action@7d1e50e93dc4fb3bba58f85018fadf77898aee8b # v1.4.2 - - uses: taiki-e/github-actions/install-rust@d34e3b863da529f7c30e571fec0170fbf64fa40c # main # zizmor: ignore[stale-action-refs] - with: - toolchain: nightly - component: rust-src - - uses: taiki-e/install-action@b8be7f5e140177087325943c4a8e169d01c59b3d # v2.75.3 + - uses: taiki-e/install-action@7ea35f098a7369cd23488403f58be9c491a6c55f # v2.77.0 with: - tool: espup + tool: rust@nightly+rust-src,espup fallback: none - run: | retry() { diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index aef89a87..843d6679 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,7 +1,6 @@ name: Release -permissions: - contents: read +permissions: {} on: workflow_dispatch: @@ -26,7 +25,7 @@ concurrency: jobs: release: if: github.repository_owner == 'taiki-e' - uses: taiki-e/github-actions/.github/workflows/rust-release.yml@d34e3b863da529f7c30e571fec0170fbf64fa40c # main + uses: taiki-e/github-actions/.github/workflows/rust-release.yml@2474ed4664eb8903c151603a9d841512c069f7f6 # main permissions: contents: write # for taiki-e/create-gh-release-action id-token: write # for rust-lang/crates-io-auth-action diff --git a/tools/tidy.sh b/tools/tidy.sh index e178d061..e43e9b7b 100755 --- a/tools/tidy.sh +++ b/tools/tidy.sh @@ -9,13 +9,22 @@ cd -- "$(dirname -- "$0")"/.. # GITHUB_TOKEN=$(gh auth token) ./tools/tidy.sh # # Note: This script requires the following tools: -# - docker +# - docker or podman (or compatible CLI specified by TIDY_DOCKER_PATH. when both available and TIDY_DOCKER_PATH is not set, docker is preferred) # # This script is shared by projects under github.com/taiki-e, so there may also # be checks for files not included in this repository, but they will be skipped # if the corresponding files do not exist. # It is not intended for manual editing. +bail() { + if [[ -n "${GITHUB_ACTIONS:-}" ]]; then + printf '::error::%s\n' "$*" + else + printf >&2 'error: %s\n' "$*" + fi + exit 1 +} + if [[ $# -gt 0 ]]; then cat </dev/null; then + docker='docker' +elif type -P podman >/dev/null; then + docker='podman' +else + bail 'this script requires docker or podman' +fi +rootless='' +if [[ "$("${docker}" --version)" == *'podman'* ]]; then + if [[ "$("${docker}" info)" == *'rootless: true'* ]]; then + rootless=1 + fi +elif [[ "$("${docker}" info -f '{{println .SecurityOptions}}')" == *'rootless'* ]]; then + rootless=1 +fi +if [[ -n "${rootless}" ]]; then + printf 'docker path: %s\n' "${docker} (rootless)" +else + printf 'docker path: %s\n' "${docker}" + common_args+=(--user "${user}") +fi + # Map ignored files (e.g., .env) to dummy files. while IFS= read -r path; do if [[ -d "${path}" ]]; then @@ -73,7 +111,7 @@ while IFS= read -r path; do done < <(git status --porcelain --ignored | grep -E '^!!' | cut -d' ' -f2) docker_run() { - docker "${common_args[@]}" "$@" + "${docker}" "${common_args[@]}" "$@" code2="$?" if [[ ${code} -eq 0 ]] && [[ ${code2} -ne 0 ]]; then code="${code2}"