Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

project CI refresh #50

Merged
merged 17 commits into from
Apr 20, 2024
Merged

project CI refresh #50

merged 17 commits into from
Apr 20, 2024

Conversation

cpu
Copy link
Contributor

@cpu cpu commented Apr 12, 2024
edited
Loading

Continuing the CI standardization and refresh started in rusticata/rusticata-macros#8

cpu added 17 commits April 11, 2024 21:19
@cpu
proj: add .idea to .gitignore
8710816
@cpu
ci: workflow name before triggers
e205847
@cpu
ci: more 'on' triggers
ec8137c 
* Reformats to better support parameters.
* Adds merge_group trigger for supporting queued merges.
* Adds cron scheduled build.
@cpu
ci: actions/checkout@v2/v1 -> v4
9b8d855
@cpu
ci: replace actions-rs with dtolnay/rust-toolchain
c37e519
@cpu
ci: actions-rs/audit-check -> rustsec/audit-check
aa5a444
@cpu
ci: remove clippy-check
44b5451 
The `actions-rs/clippy-check` action is archived and there isn't a clear
alternative. Since clippy is already being run in `rust.yml` the right
fix seems to be removing this extra workflow.
@cpu
proj: fix unused_imports findings
29c729e 
Of the form:
```
warning: the item `AsRef` is imported redundantly
 --> src/tls.rs:5:21
  |
5 | use core::convert::{AsRef, TryInto};
  |                     ^^^^^
 --> /rustc/a165f1f65015b1bd4afd2ec50700aaacf2e0c485/library/core/src/prelude/mod.rs:28:13
  |
  = note: the item `AsRef` is already defined here
  |
  = note: `#[warn(unused_imports)]` on by default
```
@cpu
build: add unused_qualification allow to codegen
adbc84d 
Fixes warning of the form:
```
error: unnecessary qualification
   --> /home/daniel/Code/Rust/tls-parser/target/debug/build/tls-parser-f3ef275828190684/out/codegen.rs:2:53
    |
2   | pub static CIPHERS: phf::Map<u16, TlsCipherSuite> = ::phf::Map {
    |                                                     ^^^^^^^^^^
    |
note: the lint level is defined here
   --> src/lib.rs:132:35
    |
132 |         /*unused_import_braces,*/ unused_qualifications)]
    |                                   ^^^^^^^^^^^^^^^^^^^^^
help: remove the unnecessary path segments
    |
2   - pub static CIPHERS: phf::Map<u16, TlsCipherSuite> = ::phf::Map {
2   + pub static CIPHERS: phf::Map<u16, TlsCipherSuite> = phf::Map {
    |

error: could not compile `tls-parser` (lib) due to 1 previous error
```

Unfortunately the `::phf` prefix is coming from a dependency,
`phf_codegen`, and so isn't easily fixed:

https://github.com/rust-phf/rust-phf/blob/999e6a260f03d82aa9d159465113294e7ed019e7/phf_codegen/src/lib.rs#L182
@cpu
ci: deny warnings from cargo check
9af2540
@cpu
ci: use nightly for clippy
4a7d673
@cpu
ci: add github-actions ecosystem to dependabot
33427b3
@cpu
ci: add cargo-semver-checks-action
4b0a76c
@cpu
ci: add cargo test feature matrix
8f9fdf2 
Adopts a similar feature matrix approach as the asn1-rs CI.
@cpu
ci: add cargo-check-external-types
f94a9b2
@cpu
Cargo: remove stale travis refs
0fe3da1
@cpu
proj: update MSRV to 1.63, commit lockfile
11eecc8 
This matches the other Rusticata crates and fixes a build error with
1.60 from `memchr` requiring 1.61+

Note: we have two transitive dependencies that have bumped their MSRV
within otherwise semver compatible versions:

* `winnow` 0.4.2+ requires an MSRV of 1.64.0[0]
* `toml_edit` 0.19.9+ requires an MSRV of 1.64.0[1]

Recently the Rust project guidance on commiting lockfiles for library
projects[2] was changed. They say:

"A lockfile is an appropriate way to pin versions for your project so
you can validate your MSRV"

As a result I've opted to commit a lockfile and use `--locked` in CI to
maintain MSRV. I think this is a better approach than manually working
around the issue with `cargo update --precise` and in line with current
best practices.

[0]: https://github.com/winnow-rs/winnow/blob/v0.6.6/CHANGELOG.md#042---2023-04-28
[1]: https://github.com/toml-rs/toml/blob/main/crates/toml_edit/CHANGELOG.md#0199---2023-05-18
[2]: https://blog.rust-lang.org/2023/08/29/committing-lockfiles.html
@cpu
Copy link
Contributor Author

cpu commented Apr 16, 2024

@chifflier I think this one is ready for review now. Adding CI coverage for the MSRV of 1.63 required some care. This crate has two transitive dependencies that have bumped their MSRV within otherwise semver compatible versions:

  • winnow 0.4.2+ requires an MSRV of 1.64.0
  • toml_edit 0.19.9+ requires an MSRV of 1.64.0

Recently the Rust project guidance on commiting lockfiles for library projects was changed and they now leave it up to individual projects, saying: "A lockfile is an appropriate way to pin versions for your project so you can validate your MSRV"

I generally like that approach and it works well in some other repos I contribute to. As a result I've opted to commit a lockfile and use --locked in CI to maintain MSRV here. I think this is a better approach than manually working around the issue with cargo update --precise and is in-line with current best practices, but I also know it's a deviation from how you've otherwise done things. What do you think? Should I drop the lockfile and fix this another way?

@cpu cpu marked this pull request as ready for review April 16, 2024 22:28
@chifflier
Copy link
Member

Hi,
Thank you for the PR and the information. I am still wondering what is best, given that previously, the rust documentation stated that Cargo.lock should not be committed for libraries.

If I understand correctly, this changed last year, mostly for reasons similar to the problems we are encountering.
I think it's interesting to build with locked dependencies, but it is also interesting to build without --locked, to detect when an dependencies breaks build (like in https://doc.rust-lang.org/cargo/guide/continuous-integration.html#verifying-latest-dependencies).

Maybe the best solution would be add yet another test in CI (something like weekly or daily?) to test build with latest dependencies, in addition to the --locked builds.

@cpu
Copy link
Contributor Author

cpu commented Apr 19, 2024

Maybe the best solution would be add yet another test in CI (something like weekly or daily?) to test build with latest dependencies, in addition to the --locked builds.

I'm open to that, but I think it will immediately error for this crate based on the situation being avoided with the lockfile. Should I go ahead and add that task?

@cpu
Copy link
Contributor Author

cpu commented Apr 19, 2024

Maybe the best solution would be add yet another test in CI (something like weekly or daily?) to test build with latest dependencies, in addition to the --locked builds.

I'm open to that, but I think it will immediately error for this crate based on the situation being avoided with the lockfile.

I think I confused myself here and it would be fine. We just wouldn't use the MSRV rust version for this test, using stable instead (?)

@chifflier
Copy link
Member

Maybe the best solution would be add yet another test in CI (something like weekly or daily?) to test build with latest dependencies, in addition to the --locked builds.

I'm open to that, but I think it will immediately error for this crate based on the situation being avoided with the lockfile.

I think I confused myself here and it would be fine. We just wouldn't use the MSRV rust version for this test, using stable instead (?)

The non-locked version should probably be on stable.
That said, I'm also confused for Cargo.lock: which version should we commit? The one that can build MSRV (but will be old), or the one for stable? or both?

@cpu
Copy link
Contributor Author

cpu commented Apr 20, 2024

The one that can build MSRV (but will be old)

Correct, it would be this one, but not all the deps will be pinned to old versions. Just the deps that can't be updated past a specific version without changing the MSRV. In this case, just winnow and toml_edit

@chifflier
Copy link
Member

The one that can build MSRV (but will be old)

Correct, it would be this one, but not all the deps will be pinned to old versions. Just the deps that can't be updated past a specific version without changing the MSRV. In this case, just winnow and toml_edit

Ok, fair enough, thank you for the explanation.
Let's merge this!

@chifflier chifflier merged commit 94c1e2d into rusticata:master Apr 20, 2024
13 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@cpu @chifflier