Merge branch 'develop' into fix/create-tcp-inlet-docs

build-trust · Sep 9, 2024 · 5459c0f · 5459c0f
2 parents b65de7f + 63f2251
commit 5459c0f
Show file tree

Hide file tree

Showing 295 changed files with 11,773 additions and 6,728 deletions.
diff --git a/.github/CONTRIBUTORS.csv b/.github/CONTRIBUTORS.csv
@@ -359,3 +359,4 @@ yes,Wryhder,Jemimah Omodior,<[email protected]>
 yes,andor0,Andrei Orlov,<[email protected]>
 yes,smga3000,Shawn Gordon,<[email protected]> <[email protected]>
 yes,PsychoPunkSage,Abhinav Prakash,<[email protected]> <[email protected]>
+yes,Nathy-bajo, Nathaniel Bajo,<[email protected]>
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -2,6 +2,12 @@
 version: 2
 updates:
 
+  # Maintain dependencies of docker images
+  - package-ecosystem: "docker"
+    directory: "/"
+    schedule:
+      interval: "daily"
+
   # Maintain dependencies of GitHub Actions
   - package-ecosystem: "github-actions"
     directory: "/"

diff --git a/.github/workflows/all.yml b/.github/workflows/all.yml
@@ -97,3 +97,186 @@ jobs:
             git diff;
             exit 1; \
           }
+
+  check_crates:
+    runs-on: ubuntu-latest
+    name: All - check_crates
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+
+      - name: Install dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y jq
+
+      - name: Install Rust
+        uses: actions-rs/toolchain@88dc2356392166efad76775c878094f4e83ff746
+        with:
+          toolchain: stable
+          profile: minimal
+          override: true
+
+      - name: Install tomlq
+        run: cargo install --locked tomlq --version 0.1.0
+
+      - name: Check for CHANGELOG.md
+        run: |
+          for crate in $(find implementations/rust/ockam -name Cargo.toml); do
+
+            dir=$(dirname $crate)
+            if [ ! -f "$dir/CHANGELOG.md" ]; then
+              echo "Error: $dir/CHANGELOG.md is missing"
+              exit 1
+            fi
+          done
+
+      - name: Check for README.md
+        run: |
+          for crate in $(find implementations/rust/ockam -name Cargo.toml); do
+
+            dir=$(dirname $crate)
+            if [ ! -f "$dir/README.md" ]; then
+              echo "Error: $dir/README.md is missing"
+              exit 1
+            fi
+          done
+
+      - name: Validate Cargo.toml categories
+        run: |
+          allowed_categories="
+          accessibility
+          aerospace
+          drones
+          protocols
+          simulation
+          space-protocols
+          unmanned-aerial-vehicles
+          algorithms
+          api-bindings
+          asynchronous
+          authentication
+          caching
+          command-line-interface
+          command-line-utilities
+          compilers
+          compression
+          computer-vision
+          concurrency
+          config
+          cryptography
+          cryptocurrencies
+          data-structures
+          database
+          database-implementations
+          date-and-time
+          development-tools
+          build-utils
+          cargo-plugins
+          debugging
+          ffi
+          procedural-macro-helpers
+          profiling
+          testing
+          email
+          embedded
+          emulators
+          encoding
+          external-ffi-bindings
+          filesystem
+          finance
+          game-development
+          game-engines
+          games
+          graphics
+          gui
+          hardware-support
+          internationalization
+          localization
+          mathematics
+          memory-management
+          multimedia
+          audio
+          encoding
+          images
+          video
+          network-programming
+          no-std
+          no-std::no-alloc
+          os
+          android-apis
+          freebsd-apis
+          linux-apis
+          macos-apis
+          unix-apis
+          windows-apis
+          parser-implementations
+          parsing
+          rendering
+          rendering::data-formats
+          rendering::engine
+          rendering::graphics-api
+          rust-patterns
+          science
+          bioinformatics
+          genomics
+          proteomics
+          sequence-analysis
+          geo
+          neuroscience
+          robotics
+          simulation
+          template-engine
+          text-editors
+          text-processing
+          value-formatting
+          virtualization
+          visualization
+          wasm
+          web-programming
+          http-client
+          http-server
+          websocket
+          "
+
+          for crate in $(find implementations/rust/ockam -name Cargo.toml); do
+
+            categories=$(tomlq package.categories -f "$crate" | jq -r '.[]')
+            for category in $categories; do
+              if ! echo "$allowed_categories" | grep -q "$category"; then
+                echo "Error: $crate contains invalid category $category"
+                exit 1
+              fi
+            done
+          done
+
+      - name: Check Cargo.toml To Ensure That All 3rd Party Crates Have Specified Versions
+        run: |
+          set -ex
+          cargo install [email protected]
+
+          regex="^[\^|=]*[0-9]+(\.[0-9]+)*(\.[0-9]+)*"
+
+          for crate in $(find implementations/rust/ockam -name Cargo.toml); do
+
+            deps=$(toml2json <<< cat "$crate" | jq -r '.dependencies')
+            dev_deps=$(toml2json <<< cat "$crate" | jq -r ".\"dev-dependencies\"")
+            dependencies=$(echo "$deps $dev_deps" | jq -s add)
+
+            dependencies=$(toml2json <<< cat "$crate" | jq -r '.dependencies')
+            dependencies_keys=$(echo $dependencies | jq -r 'keys')
+            dependencies_keys_len=$(echo $dependencies | jq -r 'keys | length')
+
+            for ((i=0; i<$dependencies_keys_len; i++)); do
+              crate_name=$(jq -r ".[$i]" <<< $dependencies_keys)
+              version=$(jq -r ".\"$crate_name\".version" <<< $dependencies || jq -r ".\"$crate_name\"" <<< $dependencies)
+
+              if [[ $version =~ $regex ]]; then
+                echo "crate_name: $crate_name"
+                echo "version: $version"
+              else
+                echo "No version found for $crate_name $version in crate $crate"
+                exit 1
+              fi
+            done
+          done
diff --git a/.github/workflows/distroless.yml b/.github/workflows/distroless.yml
@@ -45,7 +45,7 @@ jobs:
       - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf
 
       - id: buildx
-        uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4
+        uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db
         # TODO: change after new buildkit version gets fixed
         # https://github.com/moby/buildkit/issues/3347
         # https://github.com/docker/build-push-action/issues/761

diff --git a/.github/workflows/ockam-artifact.yml b/.github/workflows/ockam-artifact.yml
@@ -28,7 +28,7 @@ jobs:
         username: $ORGANIZATION
         password: ${{ secrets.GITHUB_TOKEN }}
     - id: buildx
-      uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4
+      uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db
       with:
         driver-opts: |
           image=moby/buildkit:v0.10.6

diff --git a/.github/workflows/ockam-healthcheck.yml b/.github/workflows/ockam-healthcheck.yml
@@ -47,7 +47,7 @@ jobs:
       - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf
 
       - id: buildx
-        uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4
+        uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db
         # TODO: change after new buildkit version gets fixed
         # https://github.com/moby/buildkit/issues/3347
         # https://github.com/docker/build-push-action/issues/761

diff --git a/.github/workflows/osv-scanner.yml b/.github/workflows/osv-scanner.yml
@@ -12,4 +12,4 @@ permissions: read-all
 
 jobs:
   scan-pr:
-    uses: "google/osv-scanner/.github/workflows/osv-scanner-reusable-pr.yml@1ea785e56de9f7817c57266025f0a56279141053"
+    uses: "google/osv-scanner/.github/workflows/osv-scanner-reusable-pr.yml@4a318af4a84899723625da2927c30fcfb7247126"
diff --git a/.github/workflows/release-draft-binaries.yml b/.github/workflows/release-draft-binaries.yml
@@ -301,7 +301,7 @@ jobs:
         ls $GITHUB_WORKSPACE
 
     - name: Install Cosign
-      uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20
+      uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382
       with:
         cosign-release: 'v2.0.0'
 
@@ -486,7 +486,7 @@ jobs:
           echo "FILE_NAME=${final_name}.tar.gz" >> $GITHUB_ENV
 
       - name: Install Cosign
-        uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20
+        uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382
         with:
           cosign-release: 'v2.0.0'
 
@@ -573,7 +573,7 @@ jobs:
         run: shasum -a 256 *ockam* > sha256sums.txt
 
       - name: Install Cosign
-        uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20
+        uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382
         with:
           cosign-release: 'v2.0.0'
 

diff --git a/.github/workflows/release-ockam-package.yml b/.github/workflows/release-ockam-package.yml
@@ -92,7 +92,7 @@ jobs:
       - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf
 
       - id: buildx
-        uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4
+        uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db
         # TODO: change after new buildkit version gets fixed
         # https://github.com/moby/buildkit/issues/3347
         # https://github.com/docker/build-push-action/issues/761

diff --git a/.github/workflows/release-test-draft-binaries.yml b/.github/workflows/release-test-draft-binaries.yml
@@ -52,7 +52,7 @@ jobs:
         GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
     - name: Install Cosign
-      uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20
+      uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382
 
     - name: Verify Signature
       run: |

diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
@@ -29,14 +29,14 @@ jobs:
           persist-credentials: false
 
       - name: Analyze
-        uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534
+        uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46
         with:
           results_file: results.sarif
           results_format: sarif
           repo_token: ${{ secrets.SCORECARD_READ_TOKEN }}
           publish_results: true
 
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@4fa2a7953630fd2f3fb380f21be14ede0169dd4f
+        uses: github/codeql-action/upload-sarif@4dd16135b69a43b6c8efb853346f8437d92d3c93
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/typos.yml b/.github/workflows/typos.yml
@@ -13,6 +13,6 @@ jobs:
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
 
       - name: Check spelling
-        uses: crate-ci/typos@320b5781474d4470a36b7f0626b131e99850e9d2
+        uses: crate-ci/typos@945d407a5fc9097f020969446a16f581612ab4df
         with:
           config: tools/typos/typos.toml