diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..8f411f9 --- /dev/null +++ b/.editorconfig @@ -0,0 +1,68 @@ +# https://editorconfig.org/ + +root = true + +[*] +indent_style = space +indent_size = 2 +insert_final_newline = true +trim_trailing_whitespace = true +end_of_line = lf +charset = utf-8 + +[*.conf] +indent_size = 2 + +[*.md] +#inside code block, indentation could be anything +indent_size = unset + +[*.py] +indent_size = 4 +# 88 is the default for black formatter +# 79 is PEP8's recommendation +# 119 is django's recommendation +max_line_length = 88 + +[*.rs] +# https://github.com/rust-dev-tools/fmt-rfcs/blob/master/guide/guide.md +indent_size = 4 +# officially the limit is 100, but we have long url (unsplittable) in comment +max_line_length = 200 + +[{*.bazel,*.bzl,BUILD,WORKSPACE}] +indent_size = 4 + +[*.java] +# try to align with https://github.com/diffplug/spotless (https://github.com/google/google-java-format) +indent_size = 4 +max_line_length = 100 + +# The JSON files contain newlines inconsistently +[*.json] +insert_final_newline = unset + +[**/vendor/**] +indent_style = unset +indent_size = unset +insert_final_newline = unset + +# Minified JavaScript files shouldn't be changed +[**.min.js] +indent_style = unset +indent_size = unset +insert_final_newline = unset + +# Makefiles always use tabs for indentation +[Makefile] +indent_style = tab +indent_size = 4 + +[justfile] +indent_style = space +indent_size = 4 + +# Batch files use tabs for indentation +[*.bat] +indent_style = tab +indent_size = 4 diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..62a183b --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,12 @@ +version: 2 +updates: + - package-ecosystem: "cargo" + directory: "/" + schedule: + interval: "weekly" + - package-ecosystem: "github-actions" + # Workflow files stored in the + # default location of `.github/workflows` + directory: "/" + schedule: + interval: "weekly" diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..aed8e1b --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,36 @@ +--- +name: ci + +on: + push: + workflow_dispatch: + +permissions: + contents: read + +jobs: + tests: + runs-on: ${{ matrix.os }} + strategy: + fail-fast: false + matrix: + os: [ubuntu-latest] + env: + CARGO_TERM_COLOR: always + RUST_BACKTRACE: full + steps: + - uses: actions/checkout@v4 + - uses: jdx/rtx-action@v1 + - name: Cache cargo registry + uses: actions/cache@v3 + continue-on-error: false + with: + path: | + ~/.cargo/registry + ~/.cargo/git + key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} + restore-keys: | + ${{ runner.os }}-cargo- + - run: just check + - run: just lint_rust # megalinter is running via an other workflow + - run: just test diff --git a/.github/workflows/mega-linter.yml b/.github/workflows/mega-linter.yml new file mode 100644 index 0000000..190c18b --- /dev/null +++ b/.github/workflows/mega-linter.yml @@ -0,0 +1,173 @@ +# MegaLinter GitHub Action configuration file +# More info at https://megalinter.io +--- +name: MegaLinter + +# Trigger mega-linter at every push. Action will also be visible from Pull +# Requests to main +on: + # Comment this line to trigger action only on pull-requests + # (not recommended if you don't pay for GH Actions) + push: + + # pull_request: + # branches: + # - main + # - master + +# Comment env block if you do not want to apply fixes +env: + # Apply linter fixes configuration + # + # When active, APPLY_FIXES must also be defined as environment variable + # (in github/workflows/mega-linter.yml or other CI tool) + APPLY_FIXES: all + + # Decide which event triggers application of fixes in a commit or a PR + # (pull_request, push, all) + APPLY_FIXES_EVENT: pull_request + + # If APPLY_FIXES is used, defines if the fixes are directly committed (commit) + # or posted in a PR (pull_request) + APPLY_FIXES_MODE: commit + +concurrency: + group: ${{ github.ref }}-${{ github.workflow }} + cancel-in-progress: true + +# Give the default GITHUB_TOKEN write permission to commit and push, comment +# issues & post new PR; remove the ones you do not need +permissions: + contents: write + issues: write + pull-requests: write + +jobs: + megalinter: + name: MegaLinter + runs-on: ubuntu-latest + + steps: + # Git Checkout + - name: Checkout Code + uses: actions/checkout@v4 + with: + token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} + + # If you use VALIDATE_ALL_CODEBASE = true, you can remove this line to + # improve performance + fetch-depth: 0 + + # MegaLinter + - name: MegaLinter + + # You can override MegaLinter flavor used to have faster performances + # More info at https://megalinter.io/flavors/ + uses: oxsecurity/megalinter@v7 + + id: ml + + # All available variables are described in documentation + # https://megalinter.io/configuration/ + env: + # Validates all source when push on main, else just the git diff with + # main. Override with true if you always want to lint all sources + # + # To validate the entire codebase, set to: + # VALIDATE_ALL_CODEBASE: true + # + # To validate only diff with main, set to: + # VALIDATE_ALL_CODEBASE: >- + # ${{ + # github.event_name == 'push' && + # contains(fromJSON('["refs/heads/main", "refs/heads/master"]'), github.ref) + # }} + VALIDATE_ALL_CODEBASE: >- + ${{ + github.event_name == 'push' && + contains(fromJSON('["refs/heads/main", "refs/heads/master"]'), github.ref) + }} + + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + # ADD YOUR CUSTOM ENV VARIABLES HERE OR DEFINE THEM IN A FILE + # .mega-linter.yml AT THE ROOT OF YOUR REPOSITORY + + # Uncomment to disable copy-paste and spell checks + # DISABLE: COPYPASTE,SPELL + + # Upload MegaLinter artifacts + - name: Archive production artifacts + uses: actions/upload-artifact@v4 + if: success() || failure() + with: + name: MegaLinter reports + path: | + megalinter-reports + mega-linter.log + + # Set APPLY_FIXES_IF var for use in future steps + - name: Set APPLY_FIXES_IF var + run: | + printf 'APPLY_FIXES_IF=%s\n' "${{ + steps.ml.outputs.has_updated_sources == 1 && + ( + env.APPLY_FIXES_EVENT == 'all' || + env.APPLY_FIXES_EVENT == github.event_name + ) && + ( + github.event_name == 'push' || + github.event.pull_request.head.repo.full_name == github.repository + ) + }}" >> "${GITHUB_ENV}" + + # Set APPLY_FIXES_IF_* vars for use in future steps + - name: Set APPLY_FIXES_IF_* vars + run: | + printf 'APPLY_FIXES_IF_PR=%s\n' "${{ + env.APPLY_FIXES_IF == 'true' && + env.APPLY_FIXES_MODE == 'pull_request' + }}" >> "${GITHUB_ENV}" + printf 'APPLY_FIXES_IF_COMMIT=%s\n' "${{ + env.APPLY_FIXES_IF == 'true' && + env.APPLY_FIXES_MODE == 'commit' && + (!contains(fromJSON('["refs/heads/main", "refs/heads/master"]'), github.ref)) + }}" >> "${GITHUB_ENV}" + + # Create pull request if applicable + # (for now works only on PR from same repository, not from forks) + - name: Create Pull Request with applied fixes + uses: peter-evans/create-pull-request@v5 + id: cpr + if: env.APPLY_FIXES_IF_PR == 'true' + with: + token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} + commit-message: "[MegaLinter] Apply linters automatic fixes" + title: "[MegaLinter] Apply linters automatic fixes" + labels: bot + + - name: Create PR output + if: env.APPLY_FIXES_IF_PR == 'true' + run: | + echo "PR Number - ${{ steps.cpr.outputs.pull-request-number }}" + echo "PR URL - ${{ steps.cpr.outputs.pull-request-url }}" + + # Push new commit if applicable + # (for now works only on PR from same repository, not from forks) + - name: Prepare commit + if: env.APPLY_FIXES_IF_COMMIT == 'true' + run: sudo chown -Rc $UID .git/ + + - name: Commit and push applied linter fixes + uses: stefanzweifel/git-auto-commit-action@v5 + if: env.APPLY_FIXES_IF_COMMIT == 'true' + with: + branch: >- + ${{ + github.event.pull_request.head.ref || + github.head_ref || + github.ref + }} + commit_message: "[MegaLinter] Apply linters fixes" + commit_user_name: megalinter-bot + commit_user_email: nicolas.vuillamy@ox.security diff --git a/.gitignore b/.gitignore index 6985cf1..35a3f8c 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,161 @@ +# Created by https://www.toptal.com/developers/gitignore/api/git,vim,rust,emacs,jetbrains+all,visualstudiocode +# Edit at https://www.toptal.com/developers/gitignore?templates=git,vim,rust,emacs,jetbrains+all,visualstudiocode + +### Emacs ### +# -*- mode: gitignore; -*- +*~ +\#*\# +/.emacs.desktop +/.emacs.desktop.lock +*.elc +auto-save-list +tramp +.\#* + +# Org-mode +.org-id-locations +*_archive + +# flymake-mode +*_flymake.* + +# eshell files +/eshell/history +/eshell/lastdir + +# elpa packages +/elpa/ + +# reftex files +*.rel + +# AUCTeX auto folder +/auto/ + +# cask packages +.cask/ +dist/ + +# Flycheck +flycheck_*.el + +# server auth directory +/server/ + +# projectiles files +.projectile + +# directory configuration +.dir-locals.el + +# network security +/network-security.data + + +### Git ### +# Created by git for backups. To disable backups in Git: +# $ git config --global mergetool.keepBackup false +*.orig + +# Created by git when using merge tools for conflicts +*.BACKUP.* +*.BASE.* +*.LOCAL.* +*.REMOTE.* +*_BACKUP_*.txt +*_BASE_*.txt +*_LOCAL_*.txt +*_REMOTE_*.txt + +### JetBrains+all ### +# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio, WebStorm and Rider +# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839 + +# User-specific stuff +.idea/**/workspace.xml +.idea/**/tasks.xml +.idea/**/usage.statistics.xml +.idea/**/dictionaries +.idea/**/shelf + +# AWS User-specific +.idea/**/aws.xml + +# Generated files +.idea/**/contentModel.xml + +# Sensitive or high-churn files +.idea/**/dataSources/ +.idea/**/dataSources.ids +.idea/**/dataSources.local.xml +.idea/**/sqlDataSources.xml +.idea/**/dynamic.xml +.idea/**/uiDesigner.xml +.idea/**/dbnavigator.xml + +# Gradle +.idea/**/gradle.xml +.idea/**/libraries + +# Gradle and Maven with auto-import +# When using Gradle or Maven with auto-import, you should exclude module files, +# since they will be recreated, and may cause churn. Uncomment if using +# auto-import. +# .idea/artifacts +# .idea/compiler.xml +# .idea/jarRepositories.xml +# .idea/modules.xml +# .idea/*.iml +# .idea/modules +# *.iml +# *.ipr + +# CMake +cmake-build-*/ + +# Mongo Explorer plugin +.idea/**/mongoSettings.xml + +# File-based project format +*.iws + +# IntelliJ +out/ + +# mpeltonen/sbt-idea plugin +.idea_modules/ + +# JIRA plugin +atlassian-ide-plugin.xml + +# Cursive Clojure plugin +.idea/replstate.xml + +# SonarLint plugin +.idea/sonarlint/ + +# Crashlytics plugin (for Android Studio and IntelliJ) +com_crashlytics_export_strings.xml +crashlytics.properties +crashlytics-build.properties +fabric.properties + +# Editor-based Rest Client +.idea/httpRequests + +# Android studio 3.1+ serialized cache file +.idea/caches/build_file_checksums.ser + +### JetBrains+all Patch ### +# Ignore everything but code style settings and run configurations +# that are supposed to be shared within teams. + +.idea/* + +!.idea/codeStyles +!.idea/runConfigurations + +### Rust ### # Generated by Cargo # will have compiled files and executables debug/ @@ -12,3 +170,46 @@ Cargo.lock # MSVC Windows builds of rustc generate these, which store debugging information *.pdb + +### Vim ### +# Swap +[._]*.s[a-v][a-z] +!*.svg # comment out if you don't need vector files +[._]*.sw[a-p] +[._]s[a-rt-v][a-z] +[._]ss[a-gi-z] +[._]sw[a-p] + +# Session +Session.vim +Sessionx.vim + +# Temporary +.netrwhist +# Auto-generated tag files +tags +# Persistent undo +[._]*.un~ + +### VisualStudioCode ### +.vscode/* +!.vscode/settings.json +!.vscode/tasks.json +!.vscode/launch.json +!.vscode/extensions.json +!.vscode/*.code-snippets + +# Local History for Visual Studio Code +.history/ + +# Built Visual Studio Code Extensions +*.vsix + +### VisualStudioCode Patch ### +# Ignore all local history of files +.history +.ionide + +# End of https://www.toptal.com/developers/gitignore/api/git,vim,rust,emacs,jetbrains+all,visualstudiocode + +megalinter-reports diff --git a/.mega-linter.yml b/.mega-linter.yml new file mode 100644 index 0000000..bbfe908 --- /dev/null +++ b/.mega-linter.yml @@ -0,0 +1,40 @@ +# Configuration file for MegaLinter +# See all available variables at https://megalinter.github.io/configuration/ and in linters documentation + +APPLY_FIXES: none # all, none, or list of linter keys +# ENABLE: # If you use ENABLE variable, all other languages/formats/tooling-formats will be disabled by default +# ENABLE_LINTERS: # If you use ENABLE_LINTERS variable, all other linters will be disabled by default +DISABLE: + - COPYPASTE # Comment to enable checks of excessive copy-pastes + - SPELL # Comment to enable checks of spelling mistakes +DISABLE_LINTERS: + - DOCKERFILE_DOCKERFILELINT + - MARKDOWN_MARKDOWN_LINK_CHECK + - REPOSITORY_CHECKOV # unstable randomly failed (false negative) on generated k8s manifest + - REPOSITORY_DEVSKIM # issue with "git config --global --add safe.directory ..." + - REPOSITORY_GIT_DIFF + - REPOSITORY_GRYPE + - REPOSITORY_KICS + - REPOSITORY_SYFT + - REPOSITORY_TRUFFLEHOG # too long to search for secret + - RUST_CLIPPY # run via an other way, and current version doesn't support `--deny ... --allow ...` + - SQL_TSQLLINT # "You must install or update .NET to run this application." +SHOW_ELAPSED_TIME: true +FILEIO_REPORTER: false +# DISABLE_ERRORS: true # Uncomment if you want MegaLinter to detect errors but not block CI to pass +FILTER_REGEX_EXCLUDE: "(generated)|(megalinter-reports)|(cdevents-spec.*)|(.gitmodules)|(.sqlx)|(\\.lock)|(\\.ndjson)|(\\.pdf)|(\\.csv)|(\\.zip)|(\\.tar)|(\\.ipynb)|(license.*)|(LICENSE.*)" +SPELL_FILTER_REGEX_INCLUDE: '\\.md$' +PRINT_ALPACA: false +REPOSITORY_SECRETLINT_ARGUMENTS: + - --secretlintignore + - .gitignore +REPOSITORY_TRIVY_ARGUMENTS: + - --skip-dirs + - "cdevents-spec" +RUST_CLIPPY_ARGUMENTS: + - --workspace + - --all-features + - --all-targets + # - --deny warnings + # - --allow deprecated + # - --allow unknown-lints diff --git a/.rtx.toml b/.rtx.toml new file mode 100644 index 0000000..4b21953 --- /dev/null +++ b/.rtx.toml @@ -0,0 +1,8 @@ +[env] +# RUSTC_WRAPPER = "sccache" +RUST_WITHOUT = "rust-docs" +# ASDF_RUST_PROFILE = "minimal" + +[tools] +rust = '1.75' +just = '1' diff --git a/cdevents-sdk/.rustfmt.toml b/cdevents-sdk/.rustfmt.toml new file mode 100644 index 0000000..9dc8a31 --- /dev/null +++ b/cdevents-sdk/.rustfmt.toml @@ -0,0 +1,9 @@ +# see https://rust-lang.github.io/rustfmt/ + +# - disable all formatting until support of `ignore` or `generated` +# - the marker `#![rustfmt::skip]` generates an `error: custom inner attributes are unstable` on clippy,... +disable_all_formatting = true + +# unstable_features = true # nightly only +# ignore = ["generated"] # unstable +# format_generated_files = false # unstable diff --git a/justfile b/justfile new file mode 100644 index 0000000..3ade1e9 --- /dev/null +++ b/justfile @@ -0,0 +1,76 @@ +default: + @just --list --unsorted + +_install_cargo-binstall: + cargo install cargo-binstall + +_install_cargo-nextest: _install_cargo-binstall + cargo binstall cargo-nextest -y + +_install_cargo-insta: _install_cargo-binstall + cargo binstall cargo-insta -y + +_install_cargo-release: _install_cargo-binstall + cargo binstall cargo-release -y + +_install_cargo-hack: _install_cargo-binstall + cargo binstall cargo-hack -y + +_install_cargo-deny: _install_cargo-binstall + cargo binstall cargo-deny -y + +_install_git-cliff: _install_cargo-binstall + cargo binstall git-cliff -y + +check: _install_cargo-hack + cargo hack check --each-feature --no-dev-deps + +generate: + # cd generator; cargo run + cargo run -p generator -- --templates-dir "generator/templates" --jsonschema-dir "cdevents-spec/schemas" --dest "cdevents-sdk/src/generated" + +build: + cargo build + +alias fmt := format + +# Format the code and sort dependencies +format: + cargo fmt + # cargo sort --workspace --grouped + just --unstable --fmt + +deny: _install_cargo-deny + cargo deny check advisories + cargo deny check bans licenses sources + +# Lint all the code (megalinter + lint_rust) +lint: lint_rust megalinter + +# Lint the rust code +lint_rust: + just --unstable --fmt --check + cargo fmt --all -- --check # generated code is not formatted + # cargo sort --workspace --grouped --check + cargo clippy --workspace --all-features --all-targets -- --deny warnings --allow deprecated --allow unknown-lints + +# Lint with megalinter (locally via docker) +megalinter: + # rm -rf megalinter-reports + docker run --rm --name megalinter -it --env "DEFAULT_WORKSPACE=/tmp/lint" -v "${DOCKER_HOST:-/var/run/docker.sock}:/var/run/docker.sock:rw" -v "$PWD:/tmp/lint:rw" "oxsecurity/megalinter:v7" + +# Launch tests +test: _install_cargo-nextest + cargo nextest run + # cargo test --doc + # cargo hack nextest --each-feature -- --test-threads=1 + +changelog: _install_git-cliff + git-cliff -o "CHANGELOG.md" + git add CHANGELOG.md && git commit -m "📝 update CHANGELOG" + +release *arguments: _install_cargo-release _install_git-cliff + cargo release --workspace --execute {{ arguments }} + # git-cliff could not be used as `pre-release-hook` of cargo-release because it uses tag + git-cliff -o "CHANGELOG.md" + git add CHANGELOG.md && git commit -m "📝 update CHANGELOG" && git push