diff --git a/.github/actions/toolchains/rust/action.yml b/.github/actions/toolchains/rust/action.yml new file mode 100644 index 00000000..4b367706 --- /dev/null +++ b/.github/actions/toolchains/rust/action.yml @@ -0,0 +1,29 @@ +name: rust-toolchain +description: Setup Rust toolchain with specified version and components +inputs: + toolchain: + description: 'Rust toolchain version' + required: false + default: '1.89.0' + components: + description: 'Additional components to install' + required: false + default: 'clippy rustfmt' + targets: + description: 'Target architectures to install' + required: false + default: '' +runs: + using: composite + steps: + - shell: bash + run: | + rustup override set ${{ inputs.toolchain }} + if [ -n "${{ inputs.components }}" ]; then + rustup component add ${{ inputs.components }} + fi + if [ -n "${{ inputs.targets }}" ]; then + rustup target add ${{ inputs.targets }} + fi + cargo --version + rustc --version diff --git a/.github/workflows/pr-extensions.yml b/.github/workflows/pr-extensions.yml index 1d1212c8..c964d527 100644 --- a/.github/workflows/pr-extensions.yml +++ b/.github/workflows/pr-extensions.yml @@ -18,7 +18,9 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 + - name: Setup Rust toolchain + uses: ./.github/actions/toolchains/rust - name: Build only std run: cargo build -r --example regorus --no-default-features --features "std,rego-extensions" - name: Doc Tests diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index d94ea184..ba3abf71 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -18,7 +18,9 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 + - name: Setup Rust toolchain + uses: ./.github/actions/toolchains/rust - name: Format Check run: cargo fmt --check - name: Fetch diff --git a/.github/workflows/publish-java.yml b/.github/workflows/publish-java.yml index 73610de6..b9833026 100644 --- a/.github/workflows/publish-java.yml +++ b/.github/workflows/publish-java.yml @@ -32,18 +32,18 @@ jobs: os: windows-latest extension: dll steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 with: fetch-depth: 0 - - uses: actions/setup-java@v4 + - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 with: java-version: 8 distribution: "corretto" - - uses: dtolnay/rust-toolchain@stable + - uses: ./.github/actions/toolchains/rust with: targets: ${{ matrix.target }} - if: ${{ matrix.build_cmd == 'zigbuild' }} - uses: actions/setup-python@v5 + uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 with: python-version: "3.11" - if: ${{ matrix.build_cmd == 'zigbuild' }} @@ -52,7 +52,7 @@ jobs: - run: cargo ${{ matrix.build_cmd || 'build' }} --release --frozen --target ${{ matrix.target }}${{ matrix.glibc && format('.{0}', matrix.glibc) || '' }} --manifest-path ./bindings/java/Cargo.toml - run: mkdir -p native/${{ matrix.target }} - run: mv target/${{ matrix.target }}/release/*.${{ matrix.extension }} ./native/${{ matrix.target }}/ - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: native-libraries-${{ matrix.target }} path: native/ @@ -62,24 +62,24 @@ jobs: runs-on: ubuntu-latest needs: build steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 with: fetch-depth: 0 - - uses: actions/setup-java@v4 + - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 with: java-version: 8 distribution: "corretto" server-id: ossrh server-username: MAVEN_USERNAME server-password: MAVEN_PASSWORD - - uses: actions/download-artifact@v4 + - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 with: pattern: native-libraries-* merge-multiple: true path: ./bindings/java/native/ - run: mvn package working-directory: ./bindings/java - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: built-jars path: ./bindings/java/target/regorus-java-*.jar diff --git a/.github/workflows/publish-python.yml b/.github/workflows/publish-python.yml index 3fe575f6..aa1fc5da 100644 --- a/.github/workflows/publish-python.yml +++ b/.github/workflows/publish-python.yml @@ -18,10 +18,11 @@ jobs: matrix: target: [x86_64, x86, aarch64, armv7, s390x, ppc64le] steps: - - uses: actions/checkout@v3 - - uses: actions/setup-python@v4 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 + - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 with: python-version: '3.10' + - uses: ./.github/actions/toolchains/rust - name: Build Python extension run: | @@ -38,9 +39,9 @@ jobs: sccache: 'true' manylinux: auto - name: Upload wheels - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: - name: wheels + name: wheels-linux-${{ matrix.target }} path: dist windows: @@ -49,11 +50,12 @@ jobs: matrix: target: [x64, x86] steps: - - uses: actions/checkout@v3 - - uses: actions/setup-python@v4 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 + - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 with: python-version: '3.10' architecture: ${{ matrix.target }} + - uses: ./.github/actions/toolchains/rust - name: Build Python extension run: | @@ -69,9 +71,9 @@ jobs: args: --release --out dist --manifest-path bindings/python/Cargo.toml --frozen --strip sccache: 'true' - name: Upload wheels - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: - name: wheels + name: wheels-windows-${{ matrix.target }} path: dist macos: @@ -80,10 +82,11 @@ jobs: matrix: target: [x86_64, aarch64, universal2-apple-darwin] steps: - - uses: actions/checkout@v3 - - uses: actions/setup-python@v4 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 + - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 with: python-version: '3.10' + - uses: ./.github/actions/toolchains/rust - name: Build Python extension run: | @@ -99,9 +102,9 @@ jobs: args: --release --out dist --manifest-path bindings/python/Cargo.toml --offline --strip sccache: 'true' - name: Upload wheels - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: - name: wheels + name: wheels-macos-${{ matrix.host.target }} path: dist release: @@ -111,9 +114,11 @@ jobs: # if: "startsWith(github.ref, 'refs/tags/')" needs: [linux, windows, macos] steps: - - uses: actions/download-artifact@v3 + - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 with: - name: wheels + pattern: wheels-* + merge-multiple: true + path: wheels - name: Publish to PyPI uses: PyO3/maturin-action@63b75c597b83e247fbf4fb7719801cc4220ae9f3 # v1.43.0 env: diff --git a/.github/workflows/publish-wasm.yml b/.github/workflows/publish-wasm.yml index 31b295d6..682319c0 100644 --- a/.github/workflows/publish-wasm.yml +++ b/.github/workflows/publish-wasm.yml @@ -12,11 +12,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 with: fetch-depth: 0 # Setup .npmrc file to publish to npm - - uses: actions/setup-node@v4 + - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 with: node-version: '20.x' registry-url: 'https://registry.npmjs.org' diff --git a/.github/workflows/release-plz.yml b/.github/workflows/release-plz.yml index 307412ec..ebd190ca 100644 --- a/.github/workflows/release-plz.yml +++ b/.github/workflows/release-plz.yml @@ -14,11 +14,11 @@ jobs: contents: write steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 with: fetch-depth: 0 - name: Install Rust toolchain - uses: dtolnay/rust-toolchain@stable + uses: ./.github/actions/toolchains/rust - name: Run release-plz uses: MarcoIeni/release-plz-action@8724d33cd97b8295051102e2e19ca592962238f5 #v0.5.108 env: diff --git a/.github/workflows/rust-clippy.yml b/.github/workflows/rust-clippy.yml index ada0972a..c2772fa8 100644 --- a/.github/workflows/rust-clippy.yml +++ b/.github/workflows/rust-clippy.yml @@ -30,15 +30,10 @@ jobs: actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status steps: - name: Checkout code - uses: actions/checkout@v2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 - - name: Install Rust toolchain - uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af #@v1 - with: - profile: minimal - toolchain: stable - components: clippy - override: true + - name: Setup Rust toolchain + uses: ./.github/actions/toolchains/rust - name: Install required cargo run: cargo install clippy-sarif sarif-fmt @@ -55,7 +50,7 @@ jobs: continue-on-error: true - name: Upload analysis results to GitHub - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@c298edae2d512d807fe4bdc57c0ac5a036f61501 # v3.29.11 with: sarif_file: rust-clippy-results.sarif wait-for-processing: true diff --git a/.github/workflows/test-c-cpp.yml b/.github/workflows/test-c-cpp.yml index c24cdedc..5389ab31 100644 --- a/.github/workflows/test-c-cpp.yml +++ b/.github/workflows/test-c-cpp.yml @@ -14,10 +14,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 with: fetch-depth: 0 + - uses: ./.github/actions/toolchains/rust + - name: Setup gcc, g++, cmake, ninja run: sudo apt update && sudo apt install -y gcc g++ cmake ninja-build diff --git a/.github/workflows/test-csharp.yml b/.github/workflows/test-csharp.yml index ea385ace..d0e2d433 100644 --- a/.github/workflows/test-csharp.yml +++ b/.github/workflows/test-csharp.yml @@ -38,9 +38,10 @@ jobs: # **/release/libregorus_ffi.dylib steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 with: fetch-depth: 0 + - uses: ./.github/actions/toolchains/rust - name: Fetch crates run: cargo fetch @@ -59,7 +60,7 @@ jobs: working-directory: ./bindings/ffi - name: Upload regorus ffi shared library - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: regorus-ffi-artifacts-${{ matrix.runtime.target }} # Note: The full path of each artifact relative to . is preserved. @@ -73,17 +74,17 @@ jobs: needs: build-ffi steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 with: fetch-depth: 0 - - uses: actions/setup-dotnet@v4 + - uses: actions/setup-dotnet@3e891b0cb619bf60e2c25674b222b8940e2c1c25 # v4.1.0 with: global-json-file: ./bindings/csharp/global.json - run: echo '${{ steps.stepid.outputs.dotnet-version }}' - name: Download regorus ffi shared libraries - uses: actions/download-artifact@v4 + uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 with: pattern: regorus-ffi-artifacts-* merge-multiple: true @@ -102,7 +103,7 @@ jobs: working-directory: ./bindings/csharp/Regorus - name: Upload Regorus nuget - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: regorus-nuget path: bindings/csharp/Regorus/bin/Release/Regorus*.nupkg @@ -126,18 +127,18 @@ jobs: # target: aarch64-apple-darwin steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 with: fetch-depth: 0 - - uses: actions/setup-dotnet@v4 + - uses: actions/setup-dotnet@3e891b0cb619bf60e2c25674b222b8940e2c1c25 # v4.1.0 with: global-json-file: ./bindings/csharp/global.json - run: echo '${{ steps.stepid.outputs.dotnet-version }}' - name: Download regorus nuget - uses: actions/download-artifact@v4 + uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 with: name: regorus-nuget path: ./bindings/csharp/regorus-nuget/ diff --git a/.github/workflows/test-ffi.yml b/.github/workflows/test-ffi.yml index a182a739..b32eaeab 100644 --- a/.github/workflows/test-ffi.yml +++ b/.github/workflows/test-ffi.yml @@ -14,9 +14,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 with: fetch-depth: 0 + - uses: ./.github/actions/toolchains/rust - name: Test FFI run: | diff --git a/.github/workflows/test-go.yml b/.github/workflows/test-go.yml index 73a85b00..98f19dda 100644 --- a/.github/workflows/test-go.yml +++ b/.github/workflows/test-go.yml @@ -14,12 +14,13 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 with: fetch-depth: 0 + - uses: ./.github/actions/toolchains/rust - - uses: actions/setup-go@v5 + - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 with: architecture: x64 diff --git a/.github/workflows/test-java.yml b/.github/workflows/test-java.yml index c710c0c7..84111ec1 100644 --- a/.github/workflows/test-java.yml +++ b/.github/workflows/test-java.yml @@ -14,15 +14,15 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 with: fetch-depth: 0 - - uses: actions/setup-java@v4 + - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 with: java-version: 8 distribution: "corretto" - - uses: dtolnay/rust-toolchain@stable + - uses: ./.github/actions/toolchains/rust - name: Building binding run: | diff --git a/.github/workflows/test-musl.yml b/.github/workflows/test-musl.yml index 30f355f1..1e30d104 100644 --- a/.github/workflows/test-musl.yml +++ b/.github/workflows/test-musl.yml @@ -18,9 +18,10 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - name: Add musl target - run: rustup target add x86_64-unknown-linux-musl + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 + - uses: ./.github/actions/toolchains/rust + with: + targets: x86_64-unknown-linux-musl - name: Install musl-gcc run: sudo apt update && sudo apt install -y musl-tools - name: Fetch diff --git a/.github/workflows/test-no-std.yml b/.github/workflows/test-no-std.yml index f33458ca..8e35b63d 100644 --- a/.github/workflows/test-no-std.yml +++ b/.github/workflows/test-no-std.yml @@ -18,9 +18,10 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - name: Add no_std target - run: rustup target add thumbv7m-none-eabi + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 + - uses: ./.github/actions/toolchains/rust + with: + targets: thumbv7m-none-eabi - name: Fetch run: cargo fetch - name: Build diff --git a/.github/workflows/test-python.yml b/.github/workflows/test-python.yml index 544a6e07..d459fe72 100644 --- a/.github/workflows/test-python.yml +++ b/.github/workflows/test-python.yml @@ -24,11 +24,12 @@ jobs: runs-on: ${{ matrix.host.name }} steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 with: fetch-depth: 0 + - uses: ./.github/actions/toolchains/rust - - uses: actions/setup-python@v4 + - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 with: python-version: ${{ env.PYTHON_VERSION }} architecture: x64 @@ -48,7 +49,7 @@ jobs: sccache: 'true' - name: Upload Wheel - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: regorus-wheel-${{ matrix.host.name }} path: dist/regorus-*.whl @@ -69,18 +70,18 @@ jobs: runs-on: ${{ matrix.host.name }} steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 with: fetch-depth: 0 - name: Download Regorus wheel - uses: actions/download-artifact@v4 + uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 with: path: wheels pattern: regorus-wheel-* merge-multiple: true - - uses: actions/setup-python@v4 + - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 with: python-version: ${{ matrix.python-version }} architecture: x64 diff --git a/.github/workflows/test-ruby.yml b/.github/workflows/test-ruby.yml index e4c329a1..eef7c494 100644 --- a/.github/workflows/test-ruby.yml +++ b/.github/workflows/test-ruby.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 with: fetch-depth: 0 diff --git a/.github/workflows/test-wasm.yml b/.github/workflows/test-wasm.yml index b91ca27d..f26a684b 100644 --- a/.github/workflows/test-wasm.yml +++ b/.github/workflows/test-wasm.yml @@ -14,12 +14,15 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 with: fetch-depth: 0 + - name: Setup Rust toolchain + uses: ./.github/actions/toolchains/rust + - name: Setup Node - uses: actions/setup-node@v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 with: node-version: 18 diff --git a/.github/workflows/tests-debug.yml b/.github/workflows/tests-debug.yml index 1dadccad..21f5e9b1 100644 --- a/.github/workflows/tests-debug.yml +++ b/.github/workflows/tests-debug.yml @@ -18,7 +18,9 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 + - name: Setup Rust toolchain + uses: ./.github/actions/toolchains/rust - name: Fetch run: cargo fetch - name: Build (all features)