actions/install-action
1
0
Fork 0
mirror of https://github.com/taiki-e/install-action.git synced 2026-04-21 15:10:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

Use [lints] in Cargo.toml and apply more lints

Browse Source
This commit is contained in:
Taiki Endo
2023-10-31 03:08:57 +09:00
parent 88c52281ad
commit 3ba41e50ff
5 changed files with 121 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
.clippy.toml
View File

@@ -3,3 +3,11 @@
avoid-breaking-exported-api = false avoid-breaking-exported-api = false
disallowed-names = [] disallowed-names = []
disallowed-macros = [
{ path = "std::dbg", reason = "it is okay to use during development, but please do not include it in main branch" },
]
disallowed-methods = [
{ path = "std::env::remove_var", reason = "this is not thread-safe and inherently unsafe; see <https://github.com/rust-lang/rust/issues/27970> for more" },
{ path = "std::env::set_var", reason = "this is not thread-safe and inherently unsafe; see <https://github.com/rust-lang/rust/issues/27970> for more" },
]
disallowed-types = []

35
Cargo.toml
View File

@@ -1,3 +1,38 @@
[workspace] [workspace]
resolver = "2" resolver = "2"
members = ["tools/codegen"] members = ["tools/codegen"]
# This table is shared by projects under https://github.com/taiki-e.
# It is not intended for manual editing.
[workspace.lints.rust]
improper_ctypes = "warn"
improper_ctypes_definitions = "warn"
non_ascii_idents = "warn"
rust_2018_idioms = "warn"
single_use_lifetimes = "warn"
unreachable_pub = "warn"
unsafe_op_in_unsafe_fn = "warn"
[workspace.lints.clippy]
all = "warn" # Downgrade deny-by-default lints
pedantic = "warn"
as_ptr_cast_mut = "warn"
default_union_representation = "warn"
inline_asm_x86_att_syntax = "warn"
trailing_empty_array = "warn"
transmute_undefined_repr = "warn"
undocumented_unsafe_blocks = "warn"
# Suppress buggy or noisy clippy lints
borrow_as_ptr = { level = "allow", priority = 1 } # https://github.com/rust-lang/rust-clippy/issues/8286
doc_markdown = { level = "allow", priority = 1 }
float_cmp = { level = "allow", priority = 1 } # https://github.com/rust-lang/rust-clippy/issues/7725
manual_assert = { level = "allow", priority = 1 }
manual_range_contains = { level = "allow", priority = 1 } # https://github.com/rust-lang/rust-clippy/issues/6455#issuecomment-1225966395
missing_errors_doc = { level = "allow", priority = 1 }
module_name_repetitions = { level = "allow", priority = 1 }
similar_names = { level = "allow", priority = 1 }
single_match = { level = "allow", priority = 1 }
single_match_else = { level = "allow", priority = 1 }
struct_excessive_bools = { level = "allow", priority = 1 }
too_many_arguments = { level = "allow", priority = 1 }
too_many_lines = { level = "allow", priority = 1 }
type_complexity = { level = "allow", priority = 1 }

3
tools/codegen/Cargo.toml
View File

@@ -15,3 +15,6 @@ sha2 = "0.10"
tar = "0.4" tar = "0.4"
toml_edit = { version = "0.20", features = ["serde"] } toml_edit = { version = "0.20", features = ["serde"] }
ureq = { version = "2", features = ["json"] } ureq = { version = "2", features = ["json"] }
[lints]
workspace = true

68
tools/codegen/src/main.rs
View File

@@ -1,7 +1,5 @@
// SPDX-License-Identifier: Apache-2.0 OR MIT // SPDX-License-Identifier: Apache-2.0 OR MIT
#![allow(clippy::single_match)]
use std::{ use std::{
cmp::Reverse, cmp::Reverse,
collections::{BTreeMap, BTreeSet}, collections::{BTreeMap, BTreeSet},
@@ -517,8 +515,8 @@ impl Version {
major: Some(major), major: Some(major),
minor, minor,
patch: None, patch: None,
pre: Default::default(), pre: semver::Prerelease::default(),
build: Default::default(), build: semver::BuildMetadata::default(),
} }
} }
fn latest() -> Self { fn latest() -> Self {
@@ -526,8 +524,8 @@ impl Version {
major: None, major: None,
minor: None, minor: None,
patch: None, patch: None,
pre: Default::default(), pre: semver::Prerelease::default(),
build: Default::default(), build: semver::BuildMetadata::default(),
} }
} }
fn to_semver(&self) -> Option<semver::Version> { fn to_semver(&self) -> Option<semver::Version> {
@@ -611,8 +609,8 @@ impl FromStr for Version {
major: Some(v.major), major: Some(v.major),
minor: v.minor, minor: v.minor,
patch: v.patch, patch: v.patch,
pre: Default::default(), pre: semver::Prerelease::default(),
build: Default::default(), build: semver::BuildMetadata::default(),
}), }),
Err(_e) => Err(e), Err(_e) => Err(e),
}, },
@@ -806,21 +804,21 @@ mod github {
use serde_derive::Deserialize; use serde_derive::Deserialize;
// https://api.github.com/repos/<repo>/releases // https://api.github.com/repos/<repo>/releases
pub type Releases = Vec<Release>; pub(crate) type Releases = Vec<Release>;
// https://api.github.com/repos/<repo>/releases/<tag> // https://api.github.com/repos/<repo>/releases/<tag>
#[derive(Debug, Deserialize)] #[derive(Debug, Deserialize)]
pub struct Release { pub(crate) struct Release {
pub tag_name: String, pub(crate) tag_name: String,
pub prerelease: bool, pub(crate) prerelease: bool,
pub assets: Vec<ReleaseAsset>, pub(crate) assets: Vec<ReleaseAsset>,
} }
#[derive(Debug, Deserialize)] #[derive(Debug, Deserialize)]
pub struct ReleaseAsset { pub(crate) struct ReleaseAsset {
pub name: String, pub(crate) name: String,
pub content_type: String, // pub(crate) content_type: String,
pub browser_download_url: String, pub(crate) browser_download_url: String,
} }
} }
@@ -829,16 +827,16 @@ mod crates_io {
// https://crates.io/api/v1/crates/<crate> // https://crates.io/api/v1/crates/<crate>
#[derive(Debug, Deserialize)] #[derive(Debug, Deserialize)]
pub struct Crate { pub(crate) struct Crate {
pub versions: Vec<Version>, pub(crate) versions: Vec<Version>,
} }
#[derive(Debug, Deserialize)] #[derive(Debug, Deserialize)]
pub struct Version { pub(crate) struct Version {
pub checksum: String, pub(crate) checksum: String,
pub dl_path: String, pub(crate) dl_path: String,
pub num: semver::Version, pub(crate) num: semver::Version,
pub yanked: bool, pub(crate) yanked: bool,
} }
} }
@@ -846,28 +844,28 @@ mod cargo_manifest {
use serde_derive::Deserialize; use serde_derive::Deserialize;
#[derive(Debug, Deserialize)] #[derive(Debug, Deserialize)]
pub struct Manifest { pub(crate) struct Manifest {
pub package: Package, pub(crate) package: Package,
} }
#[derive(Debug, Deserialize)] #[derive(Debug, Deserialize)]
pub struct Package { pub(crate) struct Package {
pub metadata: Metadata, pub(crate) metadata: Metadata,
} }
#[derive(Debug, Deserialize)] #[derive(Debug, Deserialize)]
pub struct Metadata { pub(crate) struct Metadata {
pub binstall: Binstall, pub(crate) binstall: Binstall,
} }
#[derive(Debug, Deserialize)] #[derive(Debug, Deserialize)]
pub struct Binstall { pub(crate) struct Binstall {
pub signing: BinstallSigning, pub(crate) signing: BinstallSigning,
} }
#[derive(Debug, Deserialize)] #[derive(Debug, Deserialize)]
pub struct BinstallSigning { pub(crate) struct BinstallSigning {
pub algorithm: String, pub(crate) algorithm: String,
pub pubkey: String, pub(crate) pubkey: String,
} }
} }

57
tools/tidy.sh
View File

@@ -65,6 +65,9 @@ fi
# Rust (if exists) # Rust (if exists)
if [[ -n "$(git ls-files '*.rs')" ]]; then if [[ -n "$(git ls-files '*.rs')" ]]; then
info "checking Rust code style" info "checking Rust code style"
if [[ ! -e .rustfmt.toml ]]; then
warn "could not found .rustfmt.toml in the repository root"
fi
if type -P rustup &>/dev/null; then if type -P rustup &>/dev/null; then
# `cargo fmt` cannot recognize files not included in the current workspace and modules # `cargo fmt` cannot recognize files not included in the current workspace and modules
# defined inside macros, so run rustfmt directly. # defined inside macros, so run rustfmt directly.
@@ -119,6 +122,10 @@ if [[ -n "$(git ls-files '*.rs')" ]]; then
for id in $(jq <<<"${metadata}" '.workspace_members[]'); do for id in $(jq <<<"${metadata}" '.workspace_members[]'); do
pkg=$(jq <<<"${metadata}" ".packages[] | select(.id == ${id})") pkg=$(jq <<<"${metadata}" ".packages[] | select(.id == ${id})")
publish=$(jq <<<"${pkg}" -r '.publish') publish=$(jq <<<"${pkg}" -r '.publish')
manifest_path=$(jq <<<"${pkg}" -r '.manifest_path')
if ! grep -q '^\[lints\]' "${manifest_path}"; then
warn "no [lints] table in ${manifest_path} please add '[lints]' with 'workspace = true'"
fi
# Publishing is unrestricted if null, and forbidden if an empty array. # Publishing is unrestricted if null, and forbidden if an empty array.
if [[ "${publish}" == "[]" ]]; then if [[ "${publish}" == "[]" ]]; then
continue continue
@@ -127,11 +134,19 @@ if [[ -n "$(git ls-files '*.rs')" ]]; then
done done
if [[ -n "${has_public_crate}" ]]; then if [[ -n "${has_public_crate}" ]]; then
info "checking file permissions" info "checking file permissions"
if [[ -f Cargo.toml ]] && grep -Eq '^\[package\]' Cargo.toml && ! grep -Eq '^publish = false' Cargo.toml; then if [[ -f Cargo.toml ]]; then
if ! grep -Eq '^exclude = \[.*\.\*.*\]' Cargo.toml; then root_manifest=$(cargo locate-project --message-format=plain --manifest-path Cargo.toml)
error "top-level Cargo.toml of real manifest should have exclude field with \"/.*\" and \"/tools\"" root_pkg=$(jq <<<"${metadata}" ".packages[] | select(.manifest_path == \"${root_manifest}\")")
elif ! grep -Eq '^exclude = \[.*/tools.*\]' Cargo.toml; then if [[ -n "${root_pkg}" ]]; then
error "top-level Cargo.toml of real manifest should have exclude field with \"/.*\" and \"/tools\"" publish=$(jq <<<"${root_pkg}" -r '.publish')
# Publishing is unrestricted if null, and forbidden if an empty array.
if [[ "${publish}" != "[]" ]]; then
if ! grep -Eq '^exclude = \[.*\.\*.*\]' Cargo.toml; then
error "top-level Cargo.toml of real manifest should have exclude field with \"/.*\" and \"/tools\""
elif ! grep -Eq '^exclude = \[.*/tools.*\]' Cargo.toml; then
error "top-level Cargo.toml of real manifest should have exclude field with \"/.*\" and \"/tools\""
fi
fi
fi fi
fi fi
for p in $(git ls-files); do for p in $(git ls-files); do
@@ -158,27 +173,30 @@ if [[ -n "$(git ls-files '*.rs')" ]]; then
fi fi
# C/C++ (if exists) # C/C++ (if exists)
if [[ -n "$(git ls-files '*.c')$(git ls-files '*.cpp')" ]]; then if [[ -n "$(git ls-files '*.c' '*.h' '*.cpp' '*.hpp')" ]]; then
info "checking C/C++ code style" info "checking C/C++ code style"
if [[ ! -e .clang-format ]]; then if [[ ! -e .clang-format ]]; then
warn "could not fount .clang-format in the repository root" warn "could not found .clang-format in the repository root"
fi fi
if type -P clang-format &>/dev/null; then if type -P clang-format &>/dev/null; then
echo "+ clang-format -i \$(git ls-files '*.c') \$(git ls-files '*.cpp')" echo "+ clang-format -i \$(git ls-files '*.c' '*.h' '*.cpp' '*.hpp')"
clang-format -i $(git ls-files '*.c') $(git ls-files '*.cpp') clang-format -i $(git ls-files '*.c' '*.h' '*.cpp' '*.hpp')
check_diff $(git ls-files '*.c') $(git ls-files '*.cpp') check_diff $(git ls-files '*.c' '*.h' '*.cpp' '*.hpp')
else else
warn "'clang-format' is not installed; skipped C/C++ code style check" warn "'clang-format' is not installed; skipped C/C++ code style check"
fi fi
fi fi
# YAML/JavaScript/JSON (if exists) # YAML/JavaScript/JSON (if exists)
if [[ -n "$(git ls-files '*.yml')$(git ls-files '*.js')$(git ls-files '*.json')" ]]; then if [[ -n "$(git ls-files '*.yml' '*.js' '*.json')" ]]; then
info "checking YAML/JavaScript/JSON code style" info "checking YAML/JavaScript/JSON code style"
if [[ ! -e .editorconfig ]]; then
warn "could not found .editorconfig in the repository root"
fi
if type -P npm &>/dev/null; then if type -P npm &>/dev/null; then
echo "+ npx -y prettier -l -w \$(git ls-files '*.yml') \$(git ls-files '*.js') \$(git ls-files '*.json')" echo "+ npx -y prettier -l -w \$(git ls-files '*.yml' '*.js' '*.json')"
npx -y prettier -l -w $(git ls-files '*.yml') $(git ls-files '*.js') $(git ls-files '*.json') npx -y prettier -l -w $(git ls-files '*.yml' '*.js' '*.json')
check_diff $(git ls-files '*.yml') $(git ls-files '*.js') $(git ls-files '*.json') check_diff $(git ls-files '*.yml' '*.js' '*.json')
else else
warn "'npm' is not installed; skipped YAML/JavaScript/JSON code style check" warn "'npm' is not installed; skipped YAML/JavaScript/JSON code style check"
fi fi
@@ -188,7 +206,7 @@ if [[ -n "$(git ls-files '*.yml')$(git ls-files '*.js')$(git ls-files '*.json')"
if type -P jq &>/dev/null && type -P yq &>/dev/null; then if type -P jq &>/dev/null && type -P yq &>/dev/null; then
for workflow in .github/workflows/*.yml; do for workflow in .github/workflows/*.yml; do
# The top-level permissions must be weak as they are referenced by all jobs. # The top-level permissions must be weak as they are referenced by all jobs.
permissions=$(yq '.permissions' "${workflow}" | jq -c) permissions=$(yq -c '.permissions' "${workflow}")
case "${permissions}" in case "${permissions}" in
'{"contents":"read"}' | '{"contents":"none"}') ;; '{"contents":"read"}' | '{"contents":"none"}') ;;
null) error "${workflow}: top level permissions not found; it must be 'contents: read' or weaker permissions" ;; null) error "${workflow}: top level permissions not found; it must be 'contents: read' or weaker permissions" ;;
@@ -222,6 +240,9 @@ fi
# Markdown (if exists) # Markdown (if exists)
if [[ -n "$(git ls-files '*.md')" ]]; then if [[ -n "$(git ls-files '*.md')" ]]; then
info "checking Markdown style" info "checking Markdown style"
if [[ ! -e .markdownlint.yml ]]; then
warn "could not found .markdownlint.yml in the repository root"
fi
if type -P npm &>/dev/null; then if type -P npm &>/dev/null; then
echo "+ npx -y markdownlint-cli2 \$(git ls-files '*.md')" echo "+ npx -y markdownlint-cli2 \$(git ls-files '*.md')"
npx -y markdownlint-cli2 $(git ls-files '*.md') npx -y markdownlint-cli2 $(git ls-files '*.md')
@@ -237,6 +258,9 @@ fi
# Shell scripts # Shell scripts
info "checking Shell scripts" info "checking Shell scripts"
if type -P shfmt &>/dev/null; then if type -P shfmt &>/dev/null; then
if [[ ! -e .editorconfig ]]; then
warn "could not found .editorconfig in the repository root"
fi
echo "+ shfmt -l -w \$(git ls-files '*.sh')" echo "+ shfmt -l -w \$(git ls-files '*.sh')"
shfmt -l -w $(git ls-files '*.sh') shfmt -l -w $(git ls-files '*.sh')
check_diff $(git ls-files '*.sh') check_diff $(git ls-files '*.sh')
@@ -244,6 +268,9 @@ else
warn "'shfmt' is not installed; skipped Shell scripts style check" warn "'shfmt' is not installed; skipped Shell scripts style check"
fi fi
if type -P shellcheck &>/dev/null; then if type -P shellcheck &>/dev/null; then
if [[ ! -e .shellcheckrc ]]; then
warn "could not found .shellcheckrc in the repository root"
fi
echo "+ shellcheck \$(git ls-files '*.sh')" echo "+ shellcheck \$(git ls-files '*.sh')"
if ! shellcheck $(git ls-files '*.sh'); then if ! shellcheck $(git ls-files '*.sh'); then
should_fail=1 should_fail=1