From 2b6abb5b50c544fe652585f8d82a99e3ee967224 Mon Sep 17 00:00:00 2001 From: 0xaatif <169152398+0xaatif@users.noreply.github.com> Date: Thu, 31 Oct 2024 00:02:30 +0000 Subject: [PATCH] ci: warn on outdated top level dependencies (#757) * mark: 0xaatif/outdated * run: cargo init scripts * feat: cargo xtask outdated * ci: lint outdated * chore: update description * fix(ci): pin kurtosis version --- .cargo/config.toml | 3 ++ .github/workflows/jerigon-native.yml | 2 +- .github/workflows/jerigon-zero.yml | 2 +- .github/workflows/lint.yml | 10 ++++ Cargo.lock | 10 ++++ Cargo.toml | 1 + scripts/Cargo.toml | 23 ++++++++++ scripts/xtask.rs | 69 ++++++++++++++++++++++++++++ 8 files changed, 118 insertions(+), 2 deletions(-) create mode 100644 scripts/Cargo.toml create mode 100644 scripts/xtask.rs diff --git a/.cargo/config.toml b/.cargo/config.toml index 6340ce34a..ace541bb4 100644 --- a/.cargo/config.toml +++ b/.cargo/config.toml @@ -2,3 +2,6 @@ # https://github.com/rust-lang/rust/pull/124129 # https://github.com/dtolnay/linkme/pull/88 rustflags = ["-Z", "linker-features=-lld"] + +[alias] +xtask = ["run", "--package=xtask", "--"] diff --git a/.github/workflows/jerigon-native.yml b/.github/workflows/jerigon-native.yml index 1ef443d9d..dbb7cdecd 100644 --- a/.github/workflows/jerigon-native.yml +++ b/.github/workflows/jerigon-native.yml @@ -52,7 +52,7 @@ jobs: run: | echo "deb [trusted=yes] https://apt.fury.io/kurtosis-tech/ /" | sudo tee /etc/apt/sources.list.d/kurtosis.list sudo apt update - sudo apt install kurtosis-cli + sudo apt install kurtosis-cli=1.3.1 #It is much easier to use cast tool in scripts so install foundry - name: Install Foundry diff --git a/.github/workflows/jerigon-zero.yml b/.github/workflows/jerigon-zero.yml index e0dc4c40f..034c6b0cd 100644 --- a/.github/workflows/jerigon-zero.yml +++ b/.github/workflows/jerigon-zero.yml @@ -52,7 +52,7 @@ jobs: run: | echo "deb [trusted=yes] https://apt.fury.io/kurtosis-tech/ /" | sudo tee /etc/apt/sources.list.d/kurtosis.list sudo apt update - sudo apt install kurtosis-cli + sudo apt install kurtosis-cli=1.3.1 #It is much easier to use cast tool in scripts so install foundry - name: Install Foundry diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 13089b3d0..9999d76f8 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -66,3 +66,13 @@ jobs: with: tool: taplo-cli - run: taplo fmt --check + outdated: + runs-on: ubuntu-latest + timeout-minutes: 5 + steps: + - uses: actions/checkout@v3 + - uses: ./.github/actions/rust + - uses: taiki-e/install-action@v2 + with: + tool: cargo-outdated + - run: cargo xtask outdated diff --git a/Cargo.lock b/Cargo.lock index 0dc5ace4d..bc83b02b7 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -5856,6 +5856,16 @@ dependencies = [ "time", ] +[[package]] +name = "xtask" +version = "0.0.0" +dependencies = [ + "anyhow", + "clap", + "serde", + "serde_json", +] + [[package]] name = "yansi" version = "1.0.1" diff --git a/Cargo.toml b/Cargo.toml index 3b038ff26..117f124b1 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -5,6 +5,7 @@ members = [ "evm_arithmetization", "mpt_trie", "proc_macro", + "scripts", "smt_trie", "trace_decoder", "zero", diff --git a/scripts/Cargo.toml b/scripts/Cargo.toml new file mode 100644 index 000000000..d4328f96c --- /dev/null +++ b/scripts/Cargo.toml @@ -0,0 +1,23 @@ +[package] +name = "xtask" +version = "0.0.0" +edition.workspace = true +license.workspace = true +repository.workspace = true +homepage.workspace = true +keywords.workspace = true +categories.workspace = true +publish = false + +[dependencies] +anyhow.workspace = true +clap = { workspace = true, features = ["derive"] } +serde = { workspace = true, features = ["derive"] } +serde_json.workspace = true + +[lints] +workspace = true + +[[bin]] +name = "xtask" +path = "xtask.rs" diff --git a/scripts/xtask.rs b/scripts/xtask.rs new file mode 100644 index 000000000..c60770e28 --- /dev/null +++ b/scripts/xtask.rs @@ -0,0 +1,69 @@ +//! General purpose scripts for development + +use std::process::{Command, Stdio}; + +use anyhow::{ensure, Context as _}; +use clap::Parser; +use serde::Deserialize; + +#[derive(Parser)] +enum Args { + /// Run `cargo-outdated`, printing warnings compatible with GitHub's CI. + /// + /// If a direct dependency listed in our Cargo.lock is behind the latest + /// available on crates-io, a warning will be emitted. + /// + /// Note that we only warn on our _direct_ dependencies, + /// not the entire supply chain. + Outdated, +} + +#[derive(Deserialize)] +struct Outdated<'a> { + crate_name: &'a str, + dependencies: Vec>, +} + +#[derive(Deserialize)] +struct Dependency<'a> { + name: &'a str, + project: &'a str, + latest: &'a str, +} + +fn main() -> anyhow::Result<()> { + match Args::parse() { + Args::Outdated => { + let output = Command::new("cargo") + .args(["outdated", "--root-deps-only", "--format=json"]) + .stderr(Stdio::inherit()) + .stdout(Stdio::piped()) + .output() + .context("couldn't exec `cargo`")?; + ensure!( + output.status.success(), + "command failed with {}", + output.status + ); + for Outdated { + crate_name, + dependencies, + } in serde_json::Deserializer::from_slice(&output.stdout) + .into_iter::>() + .collect::, _>>() + .context("failed to parse output from `cargo outdated`")? + { + for Dependency { + name, + project, + latest, + } in dependencies + { + // https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/workflow-commands-for-github-actions#setting-a-warning-message + println!("::warning title=outdated-dependency::dependency {name} of crate {crate_name} is at version {project}, but the latest is {latest}") + } + } + } + } + Ok(()) +}