ci: fix dependabot, commit & check Cargo.toml (#5065)

Co-authored-by: Sam Clark <[email protected]>
aws · Feb 5, 2025 · 3fd1006 · 3fd1006
1 parent c6b41ef
commit 3fd1006
Show file tree

Hide file tree

Showing 5 changed files with 95 additions and 6 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -31,6 +31,7 @@ updates:
   # restricted-MSRV, so don't do batch updates
   - package-ecosystem: "cargo"
     directories:
-      - "/bindings/rust"
+      - "/bindings/rust/standard"
+      - "/bindings/rust/extended"
     schedule:
       interval: "daily"
diff --git a/.github/workflows/ci_rust.yml b/.github/workflows/ci_rust.yml
@@ -423,3 +423,35 @@ jobs:
         run: |
           cargo +${{env.RUST_NIGHTLY_TOOLCHAIN}} minimal-versions check --direct --ignore-private
           cargo +${{env.RUST_NIGHTLY_TOOLCHAIN}} minimal-versions check --direct --ignore-private --all-features
+
+  # compare generated s2n-tls-sys/Cargo.toml with the existing one to check if it's up-to-date
+  # unstable features might be updated in the future, new Cargo.toml should be committed in this case
+  check-generated-cargo-toml:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install Rust toolchain
+        id: toolchain
+        run: |
+          rustup toolchain install stable
+          rustup override set stable
+
+      - uses: camshaft/rust-cache@v1
+
+      - name: Generate
+        run: ${{env.ROOT_PATH}}/generate.sh --skip-tests
+
+      - name: Compare Cargo
+        working-directory: ${{env.ROOT_PATH}}/s2n-tls-sys
+        id: diff
+        run: git diff --exit-code Cargo.toml
+        continue-on-error: true
+
+      - name: Failure
+        if: steps.diff.outcome != 'success'
+        run: |
+          echo "A mismatch between the existing s2n-tls-sys/Cargo.toml and the Cargo.toml generated \
+          from s2n-tls-sys/templates/Cargo.template has been found. Please ensure that the committed \
+          Cargo.toml is up-to-date by regenerating it with ${{env.ROOT_PATH}}/generate.sh"
+          exit 1
diff --git a/bindings/rust/extended/.gitignore b/bindings/rust/extended/.gitignore
@@ -7,4 +7,3 @@ s2n-tls-sys/lib
 s2n-tls-sys/src/api.rs
 s2n-tls-sys/src/tests.rs
 s2n-tls-sys/src/features*
-s2n-tls-sys/Cargo.toml
diff --git a/bindings/rust/extended/generate/src/main.rs b/bindings/rust/extended/generate/src/main.rs
@@ -88,14 +88,14 @@ fn main() {
     }
 
     // generate a cargo.toml that defines the correct features
-    let features_definition_token = unstable_headers
+    let mut features_definition_token = unstable_headers
         .iter()
         .map(|(header_name, _header)| format!("unstable-{header_name} = []"))
-        .collect::<Vec<String>>()
-        .join("\n");
+        .collect::<Vec<String>>();
+    features_definition_token.sort();
     let cargo_template = out_dir.join("templates/Cargo.template");
     let cargo_template = read_to_string(cargo_template).expect("unable to read cargo template");
-    let cargo_toml = cargo_template.replace(FEATURE_TOKEN_PLACEHOLDER, &features_definition_token);
+    let cargo_toml = cargo_template.replace(FEATURE_TOKEN_PLACEHOLDER, &(features_definition_token.join("\n")));
     fs::write(out_dir.join("Cargo.toml"), cargo_toml).unwrap();
 
     // generate a features.rs that includes the correct modules

diff --git a/bindings/rust/extended/s2n-tls-sys/Cargo.toml b/bindings/rust/extended/s2n-tls-sys/Cargo.toml
@@ -0,0 +1,57 @@
+[package]
+name = "s2n-tls-sys"
+description = "A C99 implementation of the TLS/SSL protocols"
+version = "0.3.10"
+authors = ["AWS s2n"]
+edition = "2021"
+rust-version = "1.63.0"
+links = "s2n-tls"
+repository = "https://github.com/aws/s2n-tls"
+license = "Apache-2.0"
+include = [
+  "build.rs",
+  "Cargo.toml",
+  "files.rs",
+  "lib/**/*.c",
+  "lib/**/*.h",
+  "lib/**/*.S",
+  "lib/CMakeLists.txt",
+  "lib/**/*.cmake",
+  "lib/**/*.flags", # for feature probes
+  "src/**/*.rs",
+  "tests/**/*.rs",
+]
+
+[features]
+default = []
+# preserve the cmake feature in case any consumers had it enabled before
+cmake = []
+quic = []
+fips = ["aws-lc-rs/fips"]
+pq = []
+internal = []
+stacktrace = []
+unstable-cleanup = []
+unstable-crl = []
+unstable-fingerprint = []
+unstable-ktls = []
+unstable-npn = []
+unstable-renegotiate = []
+# e.g. something like
+# unstable-foo = []
+
+[dependencies]
+# aws-lc-rs 1.6.4 adds DEP_AWS_LC environment variables which are required to build s2n-tls-sys:
+# https://github.com/aws/aws-lc-rs/pull/335
+aws-lc-rs = { version = "1.6.4" }
+# aws-lc-rs 1.6.4 depends on aws-lc-sys 0.14.0, which requires libc 0.2.121:
+# https://github.com/aws/aws-lc-rs/blob/2298ca861234d4f43aecef2c7d7e822c60bc488a/aws-lc-sys/Cargo.toml#L65
+libc = "0.2.121"
+
+[build-dependencies]
+cc = { version = "1.0.100", features = ["parallel"] }
+
+[dev-dependencies]
+home = "=0.5.5" # newer versions require rust 1.70, see https://github.com/aws/s2n-tls/issues/4395
+regex = "=1.9.6" # newer versions require rust 1.65, see https://github.com/aws/s2n-tls/issues/4242
+zeroize = "=1.7.0" # newer versions require rust 1.72, see https://github.com/aws/s2n-tls/issues/4518