Skip to content
CI

docs(deps): triage report for held bincode/rand/hkdf bumps #797

Sign in to view logs

docs(deps): triage report for held bincode/rand/hkdf bumps

docs(deps): triage report for held bincode/rand/hkdf bumps #797

Workflow file for this run

.github/workflows/ci.yml at 89972cf
name: CI
on:
push:
branches: [main]
pull_request:
branches: [main]
workflow_dispatch:
workflow_call:
env:
CARGO_TERM_COLOR: always
RUSTFLAGS: -D warnings
permissions:
contents: read
jobs:
fmt:
name: Format
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable
with:
components: rustfmt
- run: cargo fmt --check
lint:
name: ESLint (e2e/)
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
with:
node-version: '20'
- run: npm ci
- run: npm run lint
clippy:
name: Clippy
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable
with:
components: clippy
- uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
with:
path: |
~/.cargo/registry
~/.cargo/git
target
key: clippy-${{ hashFiles('**/Cargo.lock') }}
restore-keys: clippy-
- id: clippy
# Steps with `id:` end up with `bash -e {0}` (no pipefail) on this runner,
# so `... | tee` would silently mask failures. Force pipefail on.
shell: bash --noprofile --norc -eo pipefail {0}
run: cargo clippy --workspace --all-targets -- -D warnings 2>&1 | tee /tmp/clippy.log
- name: Surface clippy failure
if: failure() && steps.clippy.conclusion == 'failure'
run: |
{
echo "## Clippy failed"
echo
echo '<details><summary>last 200 lines</summary>'
echo
echo '```'
tail -n 200 /tmp/clippy.log || echo "(no log captured)"
echo '```'
echo
echo '</details>'
} >> "$GITHUB_STEP_SUMMARY"
test:
name: Test
runs-on: ubuntu-latest
timeout-minutes: 20
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable
- uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
with:
path: |
~/.cargo/registry
~/.cargo/git
target
key: test-${{ hashFiles('**/Cargo.lock') }}
restore-keys: test-
- id: test
shell: bash --noprofile --norc -eo pipefail {0}
run: cargo test --workspace 2>&1 | tee /tmp/test.log
- name: Surface test failure
if: failure() && steps.test.conclusion == 'failure'
run: |
{
echo "## Tests failed"
echo
echo '<details><summary>last 300 lines</summary>'
echo
echo '```'
tail -n 300 /tmp/test.log || echo "(no log captured)"
echo '```'
echo
echo '</details>'
} >> "$GITHUB_STEP_SUMMARY"
wasm:
name: WASM Check
runs-on: ubuntu-latest
timeout-minutes: 20
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable
with:
targets: wasm32-unknown-unknown
components: clippy
- uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
with:
path: |
~/.cargo/registry
~/.cargo/git
target
key: wasm-${{ hashFiles('**/Cargo.lock') }}
restore-keys: wasm-
- run: cargo check --target wasm32-unknown-unknown --workspace --exclude willow-relay --exclude willow-worker --exclude willow-replay --exclude willow-storage --exclude willow-agent
- name: Clippy (wasm32, willow-web)
run: cargo clippy --target wasm32-unknown-unknown -p willow-web --all-targets -- -D warnings
browser:
name: Browser tests (wasm-pack + Firefox)
runs-on: ubuntu-latest
timeout-minutes: 20
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable
with:
targets: wasm32-unknown-unknown
- uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
with:
path: |
~/.cargo/registry
~/.cargo/git
target
key: browser-${{ hashFiles('**/Cargo.lock') }}
restore-keys: browser-
- name: Install wasm-pack
uses: taiki-e/install-action@50b4a718b59c718df4ef27a3b445f86cd57b9f00 # v2.80.0
with:
tool: wasm-pack
- id: browser
# `bash -e {0}` (default) does NOT enable pipefail, so `wasm-pack ... | tee`
# would silently mask failures (tee always exits 0). Use an explicit shell
# invocation that turns pipefail on so the link/test exit code surfaces.
shell: bash --noprofile --norc -eo pipefail {0}
run: wasm-pack test --headless --firefox crates/web 2>&1 | tee /tmp/browser.log
- name: Surface browser-test failure
if: failure() && steps.browser.conclusion == 'failure'
run: |
{
echo "## Browser tests failed"
echo
echo '<details><summary>last 300 lines</summary>'
echo
echo '```'
tail -n 300 /tmp/browser.log || echo "(no log captured)"
echo '```'
echo
echo '</details>'
} >> "$GITHUB_STEP_SUMMARY"
audit:
name: cargo-audit
runs-on: ubuntu-latest
timeout-minutes: 20
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable
- name: Install cargo-audit
run: cargo install --locked --version 0.22.1 cargo-audit
# Known advisories are tracked in dedicated issues; fail only on new ones.
# When each issue is resolved, remove the matching --ignore entry.
- name: Run cargo audit
run: |
cargo audit \
--ignore RUSTSEC-2026-0097 `# rand unsoundness (#246)` \
--ignore RUSTSEC-2025-0141 `# bincode 1.x unmaintained (#247)` \
--ignore RUSTSEC-2024-0436 `# paste unmaintained, via leptos+iroh (#316)` \
--ignore RUSTSEC-2024-0370 `# proc-macro-error unmaintained, via iroh-blobs->genawaiter (#317)` \
--ignore RUSTSEC-2023-0089 `# atomic-polyfill unmaintained, via iroh->postcard->heapless (#318)` \
--ignore RUSTSEC-2026-0119 `# hickory-proto O(n^2) name compression, via iroh-relay (#508)` \
--ignore RUSTSEC-2026-0120 `# hickory-net NSEC3 unbounded loop, via iroh-relay (#509)`