From ab5af4606e0af3fdf24ab1d6640ab0577cc6dffd Mon Sep 17 00:00:00 2001
From: Rutger Broekhoff <rutger@viasalix.nl>
Date: Mon, 4 Dec 2023 20:09:47 +0100
Subject: [PATCH] Fix CI

I am aware that changing these variables to be constants is not required
for the next Zig release, but thought it would be nice to already have
it done and clean in general.
---
 .github/workflows/main.yml |  2 +-
 build.zig.zon              |  2 +-
 src/main.zig               | 16 ++++++++--------
 tool/znk.zig               | 12 ++++++------
 4 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 544d23a..b752627 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Install the latest Zig version
-        run: sudo snap install zig --classic --edge
+        run: sudo snap install zig --classic
 
       - uses: actions/checkout@v2
 
diff --git a/build.zig.zon b/build.zig.zon
index 098744d..d922fdd 100644
--- a/build.zig.zon
+++ b/build.zig.zon
@@ -1,5 +1,5 @@
 .{
     .name = "zig-nkeys",
-    .version = "0.5.0",
+    .version = "0.5.1",
     .paths = .{"."},
 }
diff --git a/src/main.zig b/src/main.zig
index 18c86d1..a93c0ea 100644
--- a/src/main.zig
+++ b/src/main.zig
@@ -127,8 +127,8 @@ pub const SeedKeyPair = struct {
         var decoded = try decode(2, Ed25519.KeyPair.seed_length, text);
         defer decoded.wipe(); // gets copied
 
-        var key_ty_prefix = decoded.prefix[0] & 0b11111000;
-        var role_prefix = (decoded.prefix[0] << 5) | (decoded.prefix[1] >> 3);
+        const key_ty_prefix = decoded.prefix[0] & 0b11111000;
+        const role_prefix = (decoded.prefix[0] << 5) | (decoded.prefix[1] >> 3);
 
         if (key_ty_prefix != prefix_byte_seed)
             return error.InvalidSeed;
@@ -288,8 +288,8 @@ fn encode(
 
     mem.copy(u8, &buf, prefix[0..]);
     mem.copy(u8, buf[prefix_len..], data[0..]);
-    var off = prefix_len + data_len;
-    var checksum = crc16.make(buf[0..off]);
+    const off = prefix_len + data_len;
+    const checksum = crc16.make(buf[0..off]);
     mem.writeIntLittle(u16, buf[buf.len - 2 .. buf.len], checksum);
 
     var text: encoded_key(prefix_len, data_len) = undefined;
@@ -321,7 +321,7 @@ fn decode(
     defer wipeBytes(&raw);
     std.debug.assert((try base32.Decoder.decode(&raw, text[0..])).len == raw.len);
 
-    var checksum = mem.readIntLittle(u16, raw[raw.len - 2 .. raw.len]);
+    const checksum = mem.readIntLittle(u16, raw[raw.len - 2 .. raw.len]);
     try crc16.validate(raw[0 .. raw.len - 2], checksum);
 
     return DecodedNkey(prefix_len, data_len){
@@ -336,7 +336,7 @@ pub fn isValidEncoding(text: []const u8) bool {
     var dec = base32.Decoder.init(text);
     var crc_buf: [2]u8 = undefined;
     var crc_buf_len: u8 = 0;
-    var expect_len: usize = base32.Decoder.calcSize(text.len);
+    const expect_len: usize = base32.Decoder.calcSize(text.len);
     var wrote_n_total: usize = 0;
     while (dec.next() catch return false) |b| {
         wrote_n_total += 1;
@@ -347,7 +347,7 @@ pub fn isValidEncoding(text: []const u8) bool {
     }
     std.debug.assert(wrote_n_total == expect_len);
     if (crc_buf_len != 2) unreachable;
-    var got_crc = mem.readIntLittle(u16, &crc_buf);
+    const got_crc = mem.readIntLittle(u16, &crc_buf);
     return made_crc == got_crc;
 }
 
@@ -725,6 +725,6 @@ test "parse decorated seed and JWT" {
     got_kp = try parseDecoratedNkey(creds);
     try testing.expectEqualStrings(seed, &got_kp.seedText());
 
-    var got_jwt = parseDecoratedJwt(creds);
+    const got_jwt = parseDecoratedJwt(creds);
     try testing.expectEqualStrings(jwt, got_jwt);
 }
diff --git a/tool/znk.zig b/tool/znk.zig
index 554f191..fb2412f 100644
--- a/tool/znk.zig
+++ b/tool/znk.zig
@@ -166,7 +166,7 @@ pub fn cmdGen(arena: Allocator, args: []const []const u8) !void {
             fatal("failed to generate key", .{});
         };
     } else {
-        var gen_result = res: {
+        const gen_result = res: {
             if (entropy) |e| {
                 break :res nkeys.SeedKeyPair.generateWithCustomEntropy(role.?, e.reader());
             } else {
@@ -266,7 +266,7 @@ pub fn cmdSign(arena: Allocator, args: []const []const u8) !void {
     defer nkey.wipe();
 
     const sig = nkey.sign(content) catch fatal("could not generate signature", .{});
-    var encoded_sig = try arena.alloc(u8, std.base64.standard.Encoder.calcSize(std.crypto.sign.Ed25519.Signature.encoded_length));
+    const encoded_sig = try arena.alloc(u8, std.base64.standard.Encoder.calcSize(std.crypto.sign.Ed25519.Signature.encoded_length));
     _ = std.base64.standard.Encoder.encode(encoded_sig, &sig.toBytes());
     try stdout.writeAll(encoded_sig);
     try stdout.writeAll("\n");
@@ -439,7 +439,7 @@ fn PrefixKeyGenerator(comptime EntropyReaderType: type) type {
             var rr = RandomReader.init(&std.crypto.random);
             var brr = io.BufferedReader(1024 * 4096, @TypeOf(rr.reader())){ .unbuffered_reader = rr.reader() };
             while (!self.done.load(.SeqCst)) {
-                var gen_result = if (self.entropy) |entropy|
+                const gen_result = if (self.entropy) |entropy|
                     nkeys.SeedKeyPair.generateWithCustomEntropy(self.role, entropy)
                 else
                     nkeys.SeedKeyPair.generateWithCustomEntropy(self.role, brr.reader());
@@ -463,8 +463,8 @@ fn PrefixKeyGenerator(comptime EntropyReaderType: type) type {
             }
         } else struct {
             pub fn generate(self: *Self) !void {
-                var cpu_count = try std.Thread.getCpuCount();
-                var threads = try self.allocator.alloc(std.Thread, cpu_count * 4);
+                const cpu_count = try std.Thread.getCpuCount();
+                const threads = try self.allocator.alloc(std.Thread, cpu_count * 4);
                 defer self.allocator.free(threads);
                 for (threads) |*thread| thread.* = try std.Thread.spawn(.{}, Self.generatePrivate, .{self});
                 for (threads) |thread| thread.join();
@@ -540,7 +540,7 @@ pub const Nkey = union(enum) {
 };
 
 pub fn readKeyFile(allocator: Allocator, file: fs.File) ?Nkey {
-    var bytes = file.readToEndAlloc(allocator, std.math.maxInt(usize)) catch fatal("could not read key file", .{});
+    const bytes = file.readToEndAlloc(allocator, std.math.maxInt(usize)) catch fatal("could not read key file", .{});
     defer {
         for (bytes) |*b| b.* = 0;
         allocator.free(bytes);