diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index cc7291e..9ba18ad 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -281,7 +281,7 @@ jobs: run: cargo install wasm-pack || true - name: Setup NodeJS - uses: actions/setup-node@v3 + uses: actions/setup-node@v4 with: node-version: 20 registry-url: 'https://registry.npmjs.org' diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 22bdd44..bc63d96 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -47,6 +47,10 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 + - name: Set up Python + uses: actions/setup-python@v5 + with: + python-version: 3.12 - run: | rustup update venv .venv @@ -70,6 +74,7 @@ jobs: fail_ci_if_error: true token: ${{secrets.CODECOV_TOKEN}} + # https://github.com/actions/starter-workflows/blob/main/pages/mdbook.yml docs: name: 📖 Update docs runs-on: ubuntu-latest @@ -87,15 +92,10 @@ jobs: steps: - uses: actions/checkout@v4 - run: bash ./scripts/docs-install.sh - - # - name: Setup mdBook - # uses: peaceiris/actions-mdbook@v1 - # with: - # mdbook-version: 'latest' - - run: bash ./scripts/docs-build.sh - name: Setup Pages + id: pages uses: actions/configure-pages@v4 - name: Upload artifact diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 0526f43..36d237b 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -16,6 +16,12 @@ repos: name: 🪚 Fix end of files - id: trailing-whitespace name: ✂️ Trim trailing whitespaces +- repo: https://github.com/crate-ci/typos + rev: v1.19.0 + hooks: + - id: typos + name: ✒️ Check typos + # exclude: ^CHANGELOG.md$ - repo: local hooks: - id: rustfmt @@ -24,6 +30,11 @@ repos: entry: cargo fmt language: system pass_filenames: false + - id: deny + name: ❌ Check licenses + entry: cargo deny check licenses + language: system + pass_filenames: false ci: autofix_commit_msg: 🎨 [pre-commit.ci] Auto format from pre-commit.com hooks autoupdate_commit_msg: ⬆ [pre-commit.ci] pre-commit autoupdate diff --git a/Makefile.toml b/Makefile.toml index a7455b9..7601175 100644 --- a/Makefile.toml +++ b/Makefile.toml @@ -10,7 +10,7 @@ default_to_workspace = false script=""" rustup update rustup component add rustfmt clippy -cargo install wasm-pack cargo-tarpaulin mdbook mdbook-admonish mdbook-pagetoc +cargo install wasm-pack cargo-tarpaulin cargo-deny mdbook mdbook-admonish mdbook-pagetoc pipx install "maturin[patchelf]" pipx install pre-commit pre-commit install diff --git a/deny.toml b/deny.toml new file mode 100644 index 0000000..f3ae426 --- /dev/null +++ b/deny.toml @@ -0,0 +1,109 @@ +# https://embarkstudios.github.io/cargo-deny + +targets = [] +#exclude = [] +all-features = false +no-default-features = false +#features = [] +feature-depth = 1 + +# https://embarkstudios.github.io/cargo-deny/checks/advisories/cfg.html +[advisories] +db-path = "~/.cargo/advisory-db" +db-urls = ["https://github.com/rustsec/advisory-db"] +vulnerability = "deny" +unmaintained = "warn" +yanked = "warn" +notice = "warn" +ignore = [ + #"RUSTSEC-0000-0000", +] +# Threshold for security vulnerabilities: +# * None - CVSS Score 0.0 +# * Low - CVSS Score 0.1 - 3.9 +# * Medium - CVSS Score 4.0 - 6.9 +# * High - CVSS Score 7.0 - 8.9 +# * Critical - CVSS Score 9.0 - 10.0 +#severity-threshold = + +# https://embarkstudios.github.io/cargo-deny/checks/licenses/cfg.html +[licenses] +unlicensed = "deny" +# See https://spdx.org/licenses/ for list of possible licenses +allow = [ + #"MIT", + #"Apache-2.0 WITH LLVM-exception", +] +deny = [ + #"Nokia", +] +copyleft = "warn" +# Blanket approval or denial for OSI-approved or FSF Free/Libre licenses +# * both - The license will be approved if it is both OSI-approved *AND* FSF +# * either - The license will be approved if it is either OSI-approved *OR* FSF +allow-osi-fsf-free = "either" +# Lint level used when no other predicates are matched +# 1. License isn't in the allow or deny lists +# 2. License isn't copyleft +# 3. License isn't OSI/FSF, or allow-osi-fsf-free = "neither" +default = "deny" +# The confidence threshold for detecting a license from license text. +# [possible values: any between 0.0 and 1.0]. +confidence-threshold = 0.6 +exceptions = [ + { allow = ["OpenSSL"], name = "ring", version = "*" }, + # Each entry is the crate and version constraint, and its specific allow list +] + +[licenses.private] +# If true, ignores workspace crates that aren't published https://doc.rust-lang.org/cargo/reference/manifest.html#the-publish-field. +ignore = false +registries = [ + #"https://sekretz.com/registry +] + +# https://embarkstudios.github.io/cargo-deny/checks/bans/cfg.html +[bans] +multiple-versions = "warn" +wildcards = "allow" +# The graph highlighting used when creating dotgraphs for crates with multiple versions +# * lowest-version - The path to the lowest versioned duplicate is highlighted +# * simplest-path - The path to the version with the fewest edges is highlighted +# * all - Both lowest-version and simplest-path are used +highlight = "all" +workspace-default-features = "allow" +external-default-features = "allow" +allow = [ + #{ name = "ansi_term", version = "=0.11.0" }, +] +deny = [ + # Each entry the name of a crate and a version range. If version is + # not specified, all versions will be matched. + #{ name = "ansi_term", version = "=0.11.0" }, +] + +# Certain crates/versions that will be skipped when doing duplicate detection. +skip = [ + #{ name = "ansi_term", version = "=0.11.0" }, +] +# Similarly to `skip` allows you to skip certain crates during duplicate +# detection. Also includes the entire tree of transitive dependencies +skip-tree = [ + #{ name = "ansi_term", version = "=0.11.0", depth = 20 }, +] + +# https://embarkstudios.github.io/cargo-deny/checks/sources/cfg.html +[sources] +unknown-registry = "warn" +unknown-git = "warn" +allow-registry = ["https://github.com/rust-lang/crates.io-index"] +# List of URLs for allowed Git repositories +allow-git = [] + +# [sources.allow-org] +# # 1 or more github.com organizations to allow git sources for +# github = [""] +# # 1 or more gitlab.com organizations to allow git sources for +# gitlab = [""] +# # 1 or more bitbucket.org organizations to allow git sources for +# bitbucket = [""] diff --git a/lib/docs/contributing.md b/lib/docs/contributing.md index 31c8e7b..30827b3 100644 --- a/lib/docs/contributing.md +++ b/lib/docs/contributing.md @@ -61,17 +61,20 @@ nanopub-rs/ Install development dependencies: ```bash -# Activate python virtual env +# Create and activate python virtual env python3 -m venv .venv source .venv/bin/activate + # Install python dependencies pip install maturin pre-commit + # Install pre-commit hooks pre-commit install + # Install rust dev tools rustup update rustup component add rustfmt clippy -cargo install wasm-pack cargo-tarpaulin mdbook mdbook-admonish cargo-make +cargo install wasm-pack cargo-tarpaulin cargo-deny mdbook mdbook-admonish cargo-make ``` ### 📥️ Clone the repository @@ -127,11 +130,12 @@ Build the pip package and run `pytest` tests: ./scripts/test-python.sh ``` -Or just run the script: +Or just run the tests: ```bash source .venv/bin/activate -python python/try.py +cd python +pytest ``` ### 🟨 Test JavaScript package @@ -202,6 +206,14 @@ cargo build --all cargo run --all-features ``` +### ️⛓️ Check supply chain + +Check the dependency supply chain, only accept dependencies with OSI or FSF approved licenses. + +```bash +cargo deny check +``` + ### 🏷️ New release Publishing artifacts will be done by the `build.yml` workflow, make sure you have set the following tokens as secrets for this repository: `PYPI_TOKEN`, `NPM_TOKEN`, `CRATES_IO_TOKEN`, `CODECOV_TOKEN` diff --git a/python/README.md b/python/README.md index 2a5ff63..41e54b8 100644 --- a/python/README.md +++ b/python/README.md @@ -18,10 +18,10 @@ Start in dev: maturin develop ``` -Try the python lib: +Test the python lib: ```bash -python try.py +pytest ``` ## Build diff --git a/python/try.py b/python/try.py deleted file mode 100644 index 91677d0..0000000 --- a/python/try.py +++ /dev/null @@ -1,63 +0,0 @@ -from nanopub_sign import Nanopub, NpProfile, get_np_server - -rdf_str = """@prefix : . -@prefix xsd: . -@prefix dc: . -@prefix pav: . -@prefix prov: . -@prefix np: . -@prefix npx: . -@prefix ex: . - -:Head { - : np:hasAssertion :assertion ; - np:hasProvenance :provenance ; - np:hasPublicationInfo :pubinfo ; - a np:Nanopublication . -} - -:assertion { - ex:mosquito ex:transmits ex:malaria . -} - -:provenance { - :assertion prov:hadPrimarySource . -} - -:pubinfo { - : dc:created "2014-07-24T18:05:11+01:00"^^xsd:dateTime ; - pav:createdBy ; - a npx:ExampleNanopub . -}""" - -private_key = """MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCjY1gsFxmak6SOCouJPuEzHNForkqFhgfHE3aAIAx+Y5q6UDEDM9Q0EksheNffJB4iPqsAfiFpY0ARQY92K5r8P4+a78eu9reYrb2WxZb1qPJmvR7XZ6sN1oHD7dd/EyQoJmQsmOKdrqaLRbzR7tZrf52yvKkwNWXcIVhW8uxe7iUgxiojZpW9srKoK/qFRpaUZSKn7Z/zgtDH9FJkYbBsGPDMqp78Kzt+sJb+U2W+wCSSy34jIUxx6QRbzvn6uexc/emFw/1DU5y7zBudhgC7mVk8vX1gUNKyjZBzlOmRcretrANgffqs5fx/TMHN1xtkA/H1u1IKBfKoyk/xThMLAgMBAAECggEAECuG0GZA3HF8OaqFgMG+W+agOvH04h4Pqv4cHjYNxnxpFcNV9nEssTKWSOvCwYy7hrwZBGV3PQzbjFmmrxVFs20+8yCD7KbyKKQZPVC0zf84bj6NTNgvr6DpGtDxINxuGaMjCt7enqhoRyRRuZ0fj2gD3Wqae/Ds8cpDCefkyMg0TvauHSUj244vGq5nt93txUv1Sa+/8tWZ77Dm0s5a3wUYB2IeAMl5WrO2GMvgzwH+zT+4kvNWg5S0Ze4KE+dG3lSIYZjo99h14LcQS9eALC/VBcAJ6pRXaCTT/TULtcLNeOpoc9Fu25f0yTsDt6Ga5ApliYkb7rDhV+OFrw1sYQKBgQDCE9so+dPg7qbp0cV+lbb7rrV43m5s9Klq0riS7u8m71oTwhmvm6gSLfjzqb8GLrmflCK4lKPDSTdwyvd+2SSmOXySw94zr1Pvc7sHdmMRyA7mH3m+zSOOgyCTTKyhDRCNcRIkysoL+DecDhNo4Fumf71tsqDYogfxpAQhn0re8wKBgQDXhMmmT2oXiMnYHhi2k7CJe3HUqkZgmW4W44SWqKHp0V6sjcHm0N0RT5Hz1BFFUd5Y0ZB3JLcah19myD1kKYCj7xz6oVLb8O7LeAZNlb0FsrtD7NU+Hciywo8qESiA7UYDkU6+hsmxaI01DsttMIdG4lSBbEjA7t4IQC5lyr7xiQKBgQCN87YGJ40Y5ZXCSgOZDepz9hqX2KGOIfnUv2HvXsIfiUwqTXs6HbD18xg3KL4myIBOvywSM+4ABYp+foY+Cpcq2btLIeZhiWjsKIrw71+Q/vIe0YDb1PGf6DsoYhmWBpdHzR9HN+hGjvwlsYny2L9Qbfhgxxmsuf7zeFLpQLijjwKBgH7TD28k8IOk5VKec2CNjKd600OYaA3UfCpP/OhDl/RmVtYoHWDcrBrRvkvEEd2/DZ8qw165Zl7gJs3vK+FTYvYVcfIzGPWA1KU7nkntwewmf3i7V8lT8ZTwVRsmObWU60ySJ8qKuwoBQodki2VX12NpMN1wgWe3qUUlr6gLJU4xAoGAet6nD3QKwk6TTmcGVfSWOzvpaDEzGkXjCLaxLKh9GreM/OE+h5aN2gUoFeQapG5rUwI/7Qq0xiLbRXw+OmfAoV2XKv7iI8DjdIh0F06mlEAwQ/B0CpbqkuuxphIbchtdcz/5ra233r3BMNIqBl3VDDVoJlgHPg9msOTRy13lFqc=""" - -# Instantiate nanopub profile -profile = NpProfile( - private_key=private_key, - orcid_id="https://orcid.org/0000-0000-0000-0000", - name="", - introduction_nanopub_uri="" -) - -# Check -np = Nanopub.check(rdf_str) -print("Checked", np.info()) - -# Sign -np = Nanopub.sign( - rdf=rdf_str, - profile=profile, -) -print("Signed", np.info()["uri"]) - -# Publish -np = Nanopub.publish( - rdf=rdf_str, - profile=profile, - server_url=None, -) -print("Published", np.info()) -print(np.get_rdf()) - -print(f"Random server: {get_np_server()}") diff --git a/scripts/docs-build.sh b/scripts/docs-build.sh index 2ad8101..41840a2 100755 --- a/scripts/docs-build.sh +++ b/scripts/docs-build.sh @@ -5,9 +5,9 @@ rm -rf target/doc mdbook build -cargo doc --workspace --no-deps --exclude nanopub-cli --exclude nanopub-js --exclude nanopub-sign --target-dir target/doc +# NOTE: we can also add the docstrings to the generated docs under /doc/nanopub, but it is already available at https://docs.rs/nanopub +# cargo doc --workspace --no-deps --exclude nanopub-cli --exclude nanopub-js --exclude nanopub-sign --target-dir target/doc -# cp js/index.html target/doc/demo.html echo "Docs generated in the target/doc folder" diff --git a/scripts/install-dev.sh b/scripts/install-dev.sh index a130e36..a22e74c 100755 --- a/scripts/install-dev.sh +++ b/scripts/install-dev.sh @@ -10,7 +10,7 @@ pip install maturin pre-commit rustup update rustup component add rustfmt clippy -cargo install wasm-pack cargo-tarpaulin cargo-make +cargo install wasm-pack cargo-tarpaulin cargo-deny cargo-make source scripts/docs-install.sh