chore: bump MarcoIeni/release-plz-action from 0.5.107 to 0.5.108 #6039
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| workflow_dispatch: | |
| pull_request: | |
| types: | |
| - opened | |
| - reopened | |
| - synchronize | |
| - labeled | |
| push: | |
| branches: | |
| - main | |
| schedule: | |
| - cron: "0 18 * * 1,4,6" # 1800 UTC every Monday, Thursday, Saturday | |
| jobs: | |
| get-features: | |
| name: Get features | |
| runs-on: ubuntu-latest | |
| outputs: | |
| rust-native-features: ${{ steps.get-features.outputs.rust-native-features }} | |
| openssl-features: ${{ steps.get-features.outputs.openssl-features }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Install Rust toolchain | |
| uses: dtolnay/rust-toolchain@master | |
| with: | |
| toolchain: stable | |
| - name: Get all features | |
| id: get-features | |
| run: | | |
| FEATURES=$(cargo metadata --format-version=1 | jq -r '[.packages[] | select(.name=="c2pa") | .features | keys | map(select(. != "default")) | .[]] | unique | join(" ")') | |
| RUST_NATIVE_FEATURES=$(echo $FEATURES | sed 's/openssl//g') | |
| OPENSSL_FEATURES=$(echo $FEATURES | sed 's/rust_native_crypto//g') | |
| echo "rust-native-features=$RUST_NATIVE_FEATURES" >> "$GITHUB_OUTPUT" | |
| echo "openssl-features=$OPENSSL_FEATURES" >> "$GITHUB_OUTPUT" | |
| tests: | |
| name: Unit tests | |
| needs: get-features | |
| if: | | |
| github.event_name != 'pull_request' || | |
| github.event.pull_request.author_association == 'COLLABORATOR' || | |
| github.event.pull_request.author_association == 'MEMBER' || | |
| github.event.pull_request.user.login == 'dependabot[bot]' || | |
| contains(github.event.pull_request.labels.*.name, 'safe to test') | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [windows-latest, macos-latest, ubuntu-latest] | |
| rust_version: [stable, 1.82.0] | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Install Rust toolchain | |
| uses: dtolnay/rust-toolchain@master | |
| with: | |
| toolchain: ${{ matrix.rust_version }} | |
| components: llvm-tools-preview | |
| - name: Cache Rust dependencies | |
| uses: Swatinem/rust-cache@v2 | |
| - name: Install cargo-llvm-cov | |
| uses: taiki-e/install-action@cargo-llvm-cov | |
| - name: Generate code coverage for rust_native_crypto | |
| env: | |
| RUST_BACKTRACE: "1" | |
| FEATURES: ${{needs.get-features.outputs.rust_native_crypto-features}} | |
| run: | | |
| cargo llvm-cov --lib --features "$FEATURES" --lcov --output-path lcov-rust_native_crypto.info | |
| - name: Generate code coverage for openssl | |
| env: | |
| RUST_BACKTRACE: "1" | |
| FEATURES: ${{needs.get-features.outputs.openssl-features}} | |
| run: | | |
| cargo llvm-cov --lib --features "$FEATURES" --lcov --output-path lcov-openssl.info | |
| # Tokens aren't available for PRs originating from forks, | |
| # so we don't attempt to upload code coverage in that case. | |
| - name: Upload code coverage results | |
| if: | | |
| github.event_name != 'pull_request' || | |
| github.event.pull_request.author_association == 'COLLABORATOR' || | |
| github.event.pull_request.author_association == 'MEMBER' || | |
| github.event.pull_request.user.login == 'dependabot[bot]' | |
| uses: codecov/codecov-action@v5 | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| fail_ci_if_error: true | |
| verbose: true | |
| files: ./lcov-openssl.info,./lcov-rust_native_crypto.info | |
| tests-cli: | |
| name: Unit tests (c2patool) | |
| needs: get-features | |
| if: | | |
| github.event_name != 'pull_request' || | |
| github.event.pull_request.author_association == 'COLLABORATOR' || | |
| github.event.pull_request.author_association == 'MEMBER' || | |
| github.event.pull_request.user.login == 'dependabot[bot]' || | |
| contains(github.event.pull_request.labels.*.name, 'safe to test') | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [windows-latest, macos-latest, ubuntu-latest] | |
| rust_version: [stable] | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Install Rust toolchain | |
| uses: dtolnay/rust-toolchain@master | |
| with: | |
| toolchain: ${{ matrix.rust_version }} | |
| components: llvm-tools-preview | |
| - name: Cache Rust dependencies | |
| uses: Swatinem/rust-cache@v2 | |
| - name: Install cargo-llvm-cov | |
| uses: taiki-e/install-action@cargo-llvm-cov | |
| - name: Generate code coverage | |
| env: | |
| RUST_BACKTRACE: "1" | |
| FEATURES: ${{needs.get-features.outputs.openssl-features}} | |
| run: | | |
| cargo llvm-cov --bins --features "$FEATURES" --lcov --output-path lcov.info | |
| # Tokens aren't available for PRs originating from forks, | |
| # so we don't attempt to upload code coverage in that case. | |
| - name: Upload code coverage results | |
| if: | | |
| github.event_name != 'pull_request' || | |
| github.event.pull_request.author_association == 'COLLABORATOR' || | |
| github.event.pull_request.author_association == 'MEMBER' || | |
| github.event.pull_request.user.login == 'dependabot[bot]' | |
| uses: codecov/codecov-action@v5 | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| fail_ci_if_error: true | |
| verbose: true | |
| files: ./lcov-openssl.info,./lcov-rust_native_crypto.info | |
| doc-tests: | |
| name: Doc tests (requires nightly Rust) | |
| needs: get-features | |
| # TODO: Remove this once cargo-llvm-cov can run doc tests and generate | |
| # coverage. (This requires a bug fix that is only available in nightly Rust.) | |
| # Watch https://github.com/taiki-e/cargo-llvm-cov/issues/2 | |
| # for progress. | |
| if: | | |
| github.event_name != 'pull_request' || | |
| github.event.pull_request.author_association == 'COLLABORATOR' || | |
| github.event.pull_request.author_association == 'MEMBER' || | |
| github.event.pull_request.user.login == 'dependabot[bot]' || | |
| contains(github.event.pull_request.labels.*.name, 'safe to test') | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [windows-latest, macos-latest, ubuntu-latest] | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Install Rust toolchain | |
| uses: dtolnay/rust-toolchain@stable | |
| # - name: Install Rust toolchain | |
| # uses: dtolnay/rust-toolchain@nightly | |
| # with: | |
| # components: llvm-tools-preview | |
| - name: Cache Rust dependencies | |
| uses: Swatinem/rust-cache@v2 | |
| - name: Install cargo-llvm-cov | |
| uses: taiki-e/install-action@cargo-llvm-cov | |
| # Disabling code coverage for doc tests due to a new bug in Rust nightly | |
| # as of 2025-01-08. Will investigate later to see if there's a repro case. | |
| # Meanwhile, simply run the tests so we know if there are any failing | |
| # doc tests. | |
| - name: Run doc tests (COVERAGE DISABLED) | |
| env: | |
| FEATURES: ${{needs.get-features.outputs.openssl-features}} | |
| run: | | |
| cargo test --workspace --features "$FEATURES" --doc | |
| # - name: Generate code coverage | |
| # env: | |
| # RUST_BACKTRACE: "1" | |
| # FEATURES: ${{needs.get-features.outputs.openssl-features}} | |
| # run: | | |
| # cargo llvm-cov --workspace --features "$FEATURES" --lcov --doctests --output-path lcov.info | |
| # Tokens aren't available for PRs originating from forks, | |
| # so we don't attempt to upload code coverage in that case. | |
| # - name: Upload code coverage results | |
| # if: | | |
| # github.event_name != 'pull_request' || | |
| # github.event.pull_request.author_association == 'COLLABORATOR' || | |
| # github.event.pull_request.author_association == 'MEMBER' || | |
| # github.event.pull_request.user.login == 'dependabot[bot]' | |
| # uses: codecov/codecov-action@v5 | |
| # with: | |
| # token: ${{ secrets.CODECOV_TOKEN }} | |
| # fail_ci_if_error: true | |
| # verbose: true | |
| cargo-check: | |
| name: Default features build | |
| if: | | |
| github.event_name != 'pull_request' || | |
| github.event.pull_request.author_association == 'COLLABORATOR' || | |
| github.event.pull_request.author_association == 'MEMBER' || | |
| github.event.pull_request.user.login == 'dependabot[bot]' || | |
| contains(github.event.pull_request.labels.*.name, 'safe to test') | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Install Rust toolchain | |
| uses: dtolnay/rust-toolchain@stable | |
| - name: Cache Rust dependencies | |
| uses: Swatinem/rust-cache@v2 | |
| - name: "`cargo check` with default features" | |
| run: cargo check | |
| tests-cross: | |
| name: Unit tests | |
| needs: get-features | |
| if: | | |
| github.event_name != 'pull_request' || | |
| github.event.pull_request.author_association == 'COLLABORATOR' || | |
| github.event.pull_request.author_association == 'MEMBER' || | |
| github.event.pull_request.user.login == 'dependabot[bot]' || | |
| contains(github.event.pull_request.labels.*.name, 'safe to test') | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| target: [aarch64-unknown-linux-gnu] | |
| rust_version: [stable, 1.82.0] | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Install Rust toolchain | |
| uses: dtolnay/rust-toolchain@master | |
| with: | |
| toolchain: ${{ matrix.rust_version }} | |
| targets: ${{ matrix.target }} | |
| - name: Install cross-compilation toolset | |
| run: cargo install cross | |
| - name: Cache Rust dependencies | |
| uses: Swatinem/rust-cache@v2 | |
| # Note that we do not run code coverage because | |
| # it isn't readily accessible from cross-compilation | |
| # environment. (A PR to fix this would be welcomed!) | |
| - name: Run unit tests (cross build) | |
| env: | |
| FEATURES: ${{needs.get-features.outputs.openssl-features}} | |
| run: | | |
| cross test --all-targets --features "$FEATURES" --target ${{ matrix.target }} | |
| tests-wasm: | |
| name: Unit tests (Wasm) | |
| needs: get-features | |
| if: | | |
| github.event_name != 'pull_request' || | |
| github.event.pull_request.author_association == 'COLLABORATOR' || | |
| github.event.pull_request.author_association == 'MEMBER' || | |
| github.event.pull_request.user.login == 'dependabot[bot]' || | |
| contains(github.event.pull_request.labels.*.name, 'safe to test') | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Install Rust toolchain | |
| uses: dtolnay/rust-toolchain@stable | |
| - name: Set up Chrome | |
| uses: browser-actions/setup-chrome@v1 | |
| with: | |
| chrome-version: stable | |
| install-chromedriver: true | |
| - name: Install wasm-pack | |
| run: curl https://rustwasm.github.io/wasm-pack/installer/init.sh -sSf | sh | |
| - name: Run Wasm tests | |
| run: wasm-pack test --chrome --headless --no-default-features --features rust_native_crypto | |
| working-directory: ./sdk | |
| tests-wasi: | |
| name: Unit tests (WASI) | |
| needs: get-features | |
| if: | | |
| github.event_name != 'pull_request' || | |
| github.event.pull_request.author_association == 'COLLABORATOR' || | |
| github.event.pull_request.author_association == 'MEMBER' || | |
| github.event.pull_request.user.login == 'dependabot[bot]' || | |
| contains(github.event.pull_request.labels.*.name, 'safe to test') | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| # nightly required for testing until this issue is resolved: | |
| # wasip2 target should not conditionally feature gate stdlib APIs rust-lang/rust#130323 https://github.com/rust-lang/rust/issues/130323 | |
| - name: Install Rust toolchain | |
| uses: dtolnay/rust-toolchain@master | |
| with: | |
| toolchain: nightly-2025-05-14 | |
| # Pinning to specific nightly build for now. More recent versions seem | |
| # be running doc tests that aren't intended for WASI. | |
| - name: Install wasmtime | |
| run: | | |
| curl https://wasmtime.dev/install.sh -sSf | bash | |
| echo "$HOME/.wasmtime/bin" >> $GITHUB_PATH | |
| - name: Install WASI SDK | |
| run: | | |
| if [ "${RUNNER_ARCH}" = "X64" ]; then | |
| ARCH="x86_64"; | |
| else | |
| ARCH="${RUNNER_ARCH}"; | |
| fi | |
| wget https://github.com/WebAssembly/wasi-sdk/releases/download/wasi-sdk-25/wasi-sdk-25.0-${ARCH}-${RUNNER_OS}.tar.gz | |
| tar xf wasi-sdk-25.0-${ARCH}-${RUNNER_OS}.tar.gz | |
| mv $(echo wasi-sdk-25.0-${ARCH}-${RUNNER_OS} | tr '[:upper:]' '[:lower:]') /opt/wasi-sdk | |
| - name: Add wasm32-wasip2 target | |
| run: rustup target add --toolchain nightly-2025-05-14 wasm32-wasip2 | |
| - name: Cache Rust dependencies | |
| uses: Swatinem/rust-cache@v2 | |
| - name: Run WASI tests (c2pa-rs) | |
| env: | |
| CARGO_TARGET_WASM32_WASIP2_RUNNER: "wasmtime -S cli -S http --dir ." | |
| CC: /opt/wasi-sdk/bin/clang | |
| WASI_SDK_PATH: /opt/wasi-sdk | |
| RUST_MIN_STACK: 16777216 | |
| FEATURES: ${{needs.get-features.outputs.rust-native-features}} | |
| run: | | |
| cargo +nightly-2025-05-14 test --target wasm32-wasip2 -p c2pa --features "$FEATURES" --no-default-features | |
| # - name: Run WASI tests (c2patool) | |
| # env: | |
| # CARGO_TARGET_WASM32_WASIP2_RUNNER: "wasmtime -S cli -S http --dir ." | |
| # CC: /opt/wasi-sdk/bin/clang | |
| # WASI_SDK_PATH: /opt/wasi-sdk | |
| # RUST_MIN_STACK: 16777216 | |
| # FEATURES: ${{needs.get-features.outputs.rust-native-features}} | |
| # run: | | |
| # cargo +nightly-2025-05-14 test --target wasm32-wasip2 -p c2patool --features "$FEATURES" --no-default-features | |
| test-direct-minimal-versions: | |
| name: Unit tests with minimum versions of direct dependencies | |
| needs: get-features | |
| if: | | |
| github.event_name != 'pull_request' || | |
| github.event.pull_request.author_association == 'COLLABORATOR' || | |
| github.event.pull_request.author_association == 'MEMBER' || | |
| github.event.pull_request.user.login == 'dependabot[bot]' || | |
| contains(github.event.pull_request.labels.*.name, 'safe to test') | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [windows-latest, macos-latest, ubuntu-latest] | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Install Rust toolchain | |
| uses: dtolnay/rust-toolchain@master | |
| with: | |
| toolchain: nightly-2025-01-24 | |
| # Pinning to specific nightly build for now. More recent versions | |
| # (not sure of start date) cause linker problems with OpenSSL native | |
| # code on Mac and Windows, but only when built with minimal dependencies. | |
| # Problem discovered on 2025-01-27. | |
| # TO DO: Investigate and file bugs if necessary against rust-lang. | |
| - name: Cache Rust dependencies | |
| uses: Swatinem/rust-cache@v2 | |
| - name: Run tests | |
| env: | |
| FEATURES: ${{needs.get-features.outputs.openssl-features}} | |
| run: | | |
| cargo +nightly-2025-01-24 test -Z direct-minimal-versions --all-targets --features "$FEATURES" | |
| clippy_check: | |
| name: Clippy | |
| needs: get-features | |
| if: | | |
| github.event_name != 'pull_request' || | |
| github.event.pull_request.author_association == 'COLLABORATOR' || | |
| github.event.pull_request.author_association == 'MEMBER' || | |
| github.event.pull_request.user.login == 'dependabot[bot]' || | |
| contains(github.event.pull_request.labels.*.name, 'safe to test') | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Install Rust toolchain | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| components: clippy | |
| - name: Cache Rust dependencies | |
| uses: Swatinem/rust-cache@v2 | |
| - name: Run Clippy | |
| env: | |
| FEATURES: ${{needs.get-features.outputs.openssl-features}} | |
| run: | | |
| cargo clippy --features "$FEATURES" --all-targets -- -Dwarnings | |
| cargo_fmt: | |
| name: Enforce Rust code format | |
| if: | | |
| github.event_name != 'pull_request' || | |
| github.event.pull_request.author_association == 'COLLABORATOR' || | |
| github.event.pull_request.author_association == 'MEMBER' || | |
| github.event.pull_request.user.login == 'dependabot[bot]' || | |
| contains(github.event.pull_request.labels.*.name, 'safe to test') | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Install nightly toolchain | |
| uses: dtolnay/rust-toolchain@master | |
| with: | |
| toolchain: nightly-2025-06-05 | |
| components: rustfmt | |
| # Pinning to specific nightly build for now. More recent versions | |
| # introduce a lifetime check that creates a whole slew of build | |
| # errors. | |
| - name: Check format | |
| run: cargo +nightly-2025-06-05 fmt --all -- --check | |
| docs_rs: | |
| name: Preflight docs.rs build | |
| needs: get-features | |
| if: | | |
| github.event_name != 'pull_request' || | |
| github.event.pull_request.author_association == 'COLLABORATOR' || | |
| github.event.pull_request.author_association == 'MEMBER' || | |
| github.event.pull_request.user.login == 'dependabot[bot]' || | |
| contains(github.event.pull_request.labels.*.name, 'safe to test') | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Install Rust toolchain | |
| uses: dtolnay/rust-toolchain@master | |
| with: | |
| toolchain: nightly-2025-06-05 | |
| # Nightly is used here because the docs.rs build | |
| # uses nightly and we use doc_cfg features that are | |
| # not in stable Rust as of this writing (Rust 1.87). | |
| # Pinning to specific nightly build for now. More recent versions | |
| # introduce a lifetime check that creates a whole slew of build | |
| # errors. | |
| - name: Run cargo docs | |
| # This is intended to mimic the docs.rs build | |
| # environment. The goal is to fail PR validation | |
| # if the subsequent release would result in a failed | |
| # documentation build on docs.rs. | |
| run: cargo +nightly-2025-06-05 doc --workspace --features "$FEATURES" --no-deps | |
| env: | |
| FEATURES: ${{needs.get-features.outputs.openssl-features}} | |
| RUSTDOCFLAGS: --cfg docsrs | |
| DOCS_RS: 1 | |
| cargo-deny: | |
| name: License / vulnerability audit | |
| if: | | |
| github.event_name != 'pull_request' || | |
| github.event.pull_request.author_association == 'COLLABORATOR' || | |
| github.event.pull_request.author_association == 'MEMBER' || | |
| github.event.pull_request.user.login == 'dependabot[bot]' || | |
| contains(github.event.pull_request.labels.*.name, 'safe to test') | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| checks: | |
| - advisories | |
| - bans licenses sources | |
| # Prevent sudden announcement of a new advisory from failing CI: | |
| continue-on-error: ${{ matrix.checks == 'advisories' }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Audit crate dependencies | |
| uses: EmbarkStudios/cargo-deny-action@v2 | |
| with: | |
| command: check ${{ matrix.checks }} | |
| unused_deps: | |
| name: Check for unused dependencies | |
| needs: get-features | |
| if: | | |
| github.event_name != 'pull_request' || | |
| github.event.pull_request.author_association == 'COLLABORATOR' || | |
| github.event.pull_request.author_association == 'MEMBER' || | |
| github.event.pull_request.user.login == 'dependabot[bot]' || | |
| contains(github.event.pull_request.labels.*.name, 'safe to test') | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Install Rust toolchain | |
| uses: dtolnay/rust-toolchain@master | |
| with: | |
| toolchain: nightly-2025-06-05 | |
| # Pinning to specific nightly build for now. More recent versions | |
| # introduce a lifetime check that creates a whole slew of build | |
| # errors. | |
| - name: Run cargo-udeps | |
| env: | |
| FEATURES: ${{needs.get-features.outputs.openssl-features}} | |
| run: | | |
| mv ./.github/temp-bin/cargo-udeps /home/runner/.cargo/bin/cargo-udeps | |
| cargo udeps --all-targets --features "$FEATURES" | |
| # NOTE: Using pre-built binary as a workaround for | |
| # https://github.com/aig787/cargo-udeps-action/issues/6. | |
| c-library-mobile-builds: | |
| name: C library mobile builds | |
| if: | | |
| github.event_name != 'pull_request' || | |
| github.event.pull_request.author_association == 'COLLABORATOR' || | |
| github.event.pull_request.author_association == 'MEMBER' || | |
| github.event.pull_request.user.login == 'dependabot[bot]' || | |
| contains(github.event.pull_request.labels.*.name, 'safe to test') | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - os: macos-latest | |
| target: aarch64-apple-ios | |
| - os: macos-latest | |
| target: x86_64-apple-ios | |
| - os: macos-latest | |
| target: aarch64-apple-ios-sim | |
| - os: ubuntu-latest | |
| target: aarch64-linux-android | |
| - os: ubuntu-latest | |
| target: armv7-linux-androideabi | |
| - os: ubuntu-latest | |
| target: i686-linux-android | |
| - os: ubuntu-latest | |
| target: x86_64-linux-android | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Set up Rust | |
| uses: actions-rust-lang/setup-rust-toolchain@v1 | |
| - name: Build C library for mobile target | |
| run: make release TARGET=${{ matrix.target }} | |
| working-directory: ./c2pa_c_ffi |