Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci: enforce Pinned-Dependencies check in CI for PRs #1994

Open
wants to merge 48 commits into
base: main
Choose a base branch
from
Open

ci: enforce Pinned-Dependencies check in CI for PRs #1994

wants to merge 48 commits into from

Conversation

Aditya-PS-05
Copy link
Contributor

closes #1579

joshlf and others added 30 commits October 12, 2024 14:06
@joshlf
[ci] Don't run on push (google#1882)
5b5d5a6 
We already have the merge queue; running on push is redundant.
@joshlf
Release 0.9.0-alpha.0 (google#1881)
e7217b5 
Upgrade our MSRV to 1.65 and remove version detection logic prior to
that version.
@joshlf
Enable clippy::missing_const_for_fn (google#1883)
2b56c07 
* Release 0.9.0-alpha.0

Upgrade our MSRV to 1.65 and remove version detection logic prior to
that version.

* Enable clippy::missing_const_for_fn

While we're here, remove defensive programming against bug in
`Layout::from_size_align` which is no longer needed on our new MSRV.
@joshlf
Upgrade some code for MSRV 1.65 (google#1885)
1788f44 
Now that our MSRV is 1.65, we can clean up some code.

Makes progress on google#67
@joshlf
Clean up some code for new MSRV (google#1888)
7349fe0 
Also clean up some code for 0.9.
@joshlf
Upgrade versions of some dependencies (google#1886)
19ab41c 
* Upgrade some code for MSRV 1.65

Now that our MSRV is 1.65, we can clean up some code.

Makes progress on google#67

* Upgrade versions of some dependencies

Now that our MSRV is 1.65, it unlocks upgrading some dependencies'
versions.
@joshlf
Roll pinned toolchains on v0.8.x branch (google#1887)
5452c3d
@google-pr-creation-bot
[ci] Roll pinned nightly toolchain (google#1900)
2e819ac
@google-pr-creation-bot
[ci] Roll pinned nightly toolchain (google#1902)
ccf477d
@dependabot
[CI] Bump github/codeql-action from 3.26.12 to 3.26.13 (google#1903)
c128ed2 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.12 to 3.26.13.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@c36620d...f779452)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
[CI] Bump Swatinem/rust-cache from 2.7.3 to 2.7.5 (google#1904)
1c8cbc7 
Bumps [Swatinem/rust-cache](https://github.com/swatinem/rust-cache) from 2.7.3 to 2.7.5.
- [Release notes](https://github.com/swatinem/rust-cache/releases)
- [Changelog](https://github.com/Swatinem/rust-cache/blob/master/CHANGELOG.md)
- [Commits](Swatinem/rust-cache@23bce25...82a92a6)

---
updated-dependencies:
- dependency-name: Swatinem/rust-cache
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@joshlf
[pointer] Clarify semantics of aliasing invariants (google#1889)
d9e48e3 
Previously, we supported the `AtLeast` bound, which was used to describe
a subset relationship in which `I: AtLeast<J>` implied that `I` as at
least as restrictive as `J`. However, as described in google#1866, this
incorrectly models invariants as monotonic. In reality, invariants both
provide guarantees but also *require* guarantees.

This commit takes a step in the direction of resolving google#1866 by removing
`AtLeast`. Uses of `AtLeast<Shared>` are replaced by a new `Reference`
trait, which is implemented for `Shared` and `Exclusive`. This serves
two purposes: First, it makes it explicit what this bound means.
Previously, `AtLeast<Shared>` had an ambiguous meaning, while
`Reference` means precisely that an invariant is either `Shared` or
`Exclusive` and nothing else. Second, it paves the way for google#1183, in
which we may add new aliasing invariants which convey ownership. In that
case, it will be important for existing methods to add `Reference`
bounds when those methods would not be sound in the face of ownership
semantics.

We also inline the items in the `invariant` module, which were
previously generated by macro. The addition of the `Reference` trait did
not play nicely with that macro, and we will likely need to go further
from the macro in order to fix google#1839 – this fix will likely require
making aliasing invariants meaningfully different than other invariants,
for example by adding an associated type.

Makes progress on google#1866
@joshlf
[derive] Document trivial_is_bit_valid (google#1905)
967b3a0 
Explain why we only support concrete types so that future authors won't
spuriously add support for them.
@joshlf
[pointer] Add separate PtrInner (google#1891)
b43c510 
`PtrInner` carries all invariants which are not controlled by type
parameters. Since `PtrInner` does not promise to uphold aliasing,
alignment, or validity, we can move some utility methods to `PtrInner`
which previously were responsible for maintaining invariants orthogonal
to their purpose.

Makes progress on google#1892 (still needs to be fixed on v0.8.x)
Closes google#1890
@joshlf
[pointer][invariant] Move to separate file (google#1906)
ca9243f 
This prepares us for future changes which will significantly increase
the amount of code in the `invariant` module.

Also merge `aliasing_safety` into this new file.
@joshlf
[pointer] Match variance of references (google#1894)
51475bd 
When the aliasing mode is `Any`, `Ptr<'a, T>` is invariant in `'a` and
`T`. When the aliasing mode is `Shared` or `Exclusive`, `Ptr` has the
same variance as `&'a T` and `&'a mut T` respectively.

Makes progress on google#1839
@joshlf
[pointer] Make invariants opaque, more ergonomic (google#1895)
f80a65d 
Closes google#1876
@joshlf
[pointer] Simplify AliasingSafe, rename to Read (google#1908)
85a12e2 
`AliasingSafe` is really about whether a pointer permits unsynchronized
reads - either because the referent contains no `UnsafeCell`s or because
the aliasing mode is `Exclusive`. Previously, `AliasingSafe` was not
named consistent with this meaning, and was a function of a *pair* of
types rather than of a single type. This commit fixes both oversights.

While we're here, we also add `Read` bounds in some places, allowing us
to simplify many safety comments.
@joshlf
[pointer] Rename Any -> Unknown/Inaccessible (google#1909)
ae43fce 
For aliasing, use `Inaccessible`. For alignment and validity, use
`Unknown`.
@joshlf
[pointer] Support generic invariant mapping (google#1896)
0665b90 
This commit adds a framework which supports encoding in the type system
any `I -> I` mapping where `I` is any `Invariant` type. This permits us
to make `cast_unsized`'s return value smarter, and as a result, allows
us to remove a lot of `unsafe` code.

Makes progress on google#1122
@google-pr-creation-bot
[ci] Roll pinned nightly toolchain (google#1915)
77a5f56
@joshlf
Remove items deprecated in 0.8 (google#1916)
49749b7 
gherrit-pr-id: I003d5360d1b7f7882a71490813eca50b39025f14
@jswrenn
Fix flaky TryFromBytes tests (google#1917)
f04c344 
These tests depend on `src` being aligned to multiples of 2. With
this commit, that dependency is explicitly enforced.
@joshlf
Use #[marker] on nightly in CI (google#1925)
70e5ef4 
We eventually hope to make use of `#[marker]` traits once they're
stable. This permits us to test to make sure the feature is as we expect
and that our intended usage works.

gherrit-pr-id: I3a111bf5647fdcc9805cbadf36f729ac69b28509
@google-pr-creation-bot
[ci] Roll pinned nightly toolchain (google#1928)
d3e44e2 
And allow `non_local_definitions`.
@joshlf
Use #[marker] on nightly in CI (google#1926)
af67d9a 
We eventually hope to make use of `#[marker]` traits once they're
stable. This permits us to test to make sure the feature is as we expect
and that our intended usage works.

gherrit-pr-id: I3a111bf5647fdcc9805cbadf36f729ac69b28509
@google-pr-creation-bot
[ci] Roll pinned stable toolchain (google#1938)
5bd167f
@google-pr-creation-bot @joshlf
[ci] Roll pinned nightly toolchain (google#1935)
706dccf 
Co-authored-by: Joshua Liebow-Feeser <[email protected]>
@google-pr-creation-bot
[ci] Roll pinned nightly toolchain (google#1947)
65e60ae
@google-pr-creation-bot
[ci] Roll pinned nightly toolchain (google#1950)
35d9d4f
google-pr-creation-bot and others added 17 commits October 21, 2024 13:13
@google-pr-creation-bot
[ci] Roll pinned nightly toolchain (google#1955)
300ddc2
@joshlf
[unsafe-fields] Initial commit (google#1929)
986e3c5 
Makes progress on google#1931

gherrit-pr-id: If0e198c377137dd941ebd5dc68787766a593e1eb
@joshlf
[unsafe-fields] Add Cargo.toml description (google#1959)
f51d666 
Makes progress on google#1931

gherrit-pr-id: Ib2708e8f233f624bcd1f2ec80b5dae91c7e1db46
@joshlf
[unsafe-fields] Add as_ref_checked (google#1960)
34f4e6e 
Release 0.2.0.

Makes progress on google#1931

gherrit-pr-id: I7ce0c981ed1f1bc1f4ff85dffef2a74114c6e76d
@google-pr-creation-bot
[ci] Roll pinned nightly toolchain (google#1963)
19c211e
@dependabot
[CI] Bump actions/dependency-review-action from 4.3.4 to 4.3.5 (googl…
60a7497 
…e#1964)

Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 4.3.4 to 4.3.5.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](actions/dependency-review-action@5a2ce3f...a6993e2)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@joshlf
[unsafe-fields] Add README.md (google#1961)
0fae530 
Release 0.2.1.

Makes progress on google#1931

gherrit-pr-id: Icc9b6841e66c961989862ff6fb3b4f5140c54513
@google-pr-creation-bot
[ci] Roll pinned nightly toolchain (google#1972)
ef83307
@dependabot
[CI] Bump github/codeql-action from 3.26.13 to 3.27.0 (google#1973)
5577927 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.13 to 3.27.0.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@f779452...6624720)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@google-pr-creation-bot
[ci] Roll pinned nightly toolchain (google#1975)
6e10d00
@dependabot
[CI] Bump actions/checkout from 4.2.1 to 4.2.2 (google#1977)
a407be2 
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.2.1 to 4.2.2.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@eef6144...11bd719)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@google-pr-creation-bot
[ci] Roll pinned nightly toolchain (google#1981)
a927e1e
@dacozai
[CI] skip installation step when cache hit (google#1978)
31c90a3 
* [ci] fix, showing cache hit, re-install dependencies

* [ci] fix ci workflow to check the cache-hit output and add restore-key for wider cache range
@google-pr-creation-bot
[ci] Roll pinned nightly toolchain (google#1986)
0560918
@google-pr-creation-bot
[ci] Roll pinned nightly toolchain (google#1989)
609e98d
@dependabot
[CI] Bump actions/dependency-review-action from 4.3.5 to 4.4.0 (googl…
a6ce954 
…e#1990)

Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 4.3.5 to 4.4.0.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](actions/dependency-review-action@a6993e2...4081bf9)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@google-pr-creation-bot
[ci] Roll pinned nightly toolchain (google#1992)
a80c2d4
@codecov-commenter
Copy link

codecov-commenter commented Oct 31, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 89.46%. Comparing base (a80c2d4) to head (510c8fb).
Report is 1 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #1994   +/-   ##
=======================================
  Coverage   89.46%   89.46%           
=======================================
  Files          16       16           
  Lines        5838     5838           
=======================================
  Hits         5223     5223           
  Misses        615      615

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

joshlf
joshlf requested changes Oct 31, 2024
View reviewed changes
Copy link
Member

@joshlf joshlf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See this CI failure; you'll also need to add a dependency on this job to all-jobs-succeeded.

@joshlf
Copy link
Member

joshlf commented Oct 31, 2024

Thanks for doing this! Just a few small changes, but otherwise this looks good!

@Aditya-PS-05 Aditya-PS-05 force-pushed the add/pinned-dependencies-check-ci branch from 743da92 to 510c8fb Compare November 1, 2024 05:53
@Aditya-PS-05 Aditya-PS-05 requested a review from joshlf November 2, 2024 11:27
@Aditya-PS-05
Copy link
Contributor Author

@jswrenn , I request you to review this pr.

@Aditya-PS-05
Copy link
Contributor Author

@joshlf , please review the pr.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@joshlf joshlf Awaiting requested review from joshlf

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Configure OpenSSF Scorecard's Pinned-Dependencies check to block CI
6 participants
@Aditya-PS-05 @codecov-commenter @joshlf @google-pr-creation-bot @jswrenn @dacozai