From c56740f9fa4fbbd860a508b4839fe68c61cb67cc Mon Sep 17 00:00:00 2001
From: Abdulrahim Al Methiab <aalmethiab@gmail.com>
Date: Thu, 30 Nov 2023 16:27:35 +0100
Subject: [PATCH] Action build and test + audit

---
 .../actions/publish/publish-rust/action.yml   | 31 +++++++++++
 .github/workflows/audit.yml                   | 28 ++++++++++
 .github/workflows/build-and-test.yml          | 53 +++++++++++++++++++
 .github/workflows/build-windows.yml           | 45 ++++++++++++++++
 .github/workflows/format.yml                  | 43 +++++++++++++++
 .../workflows/rust-publish-to-crates-io.yml   | 31 +++++++++++
 .license_template                             |  2 +
 Cargo.toml                                    |  4 +-
 8 files changed, 236 insertions(+), 1 deletion(-)
 create mode 100644 .github/actions/publish/publish-rust/action.yml
 create mode 100644 .github/workflows/audit.yml
 create mode 100644 .github/workflows/build-and-test.yml
 create mode 100644 .github/workflows/build-windows.yml
 create mode 100644 .github/workflows/format.yml
 create mode 100644 .github/workflows/rust-publish-to-crates-io.yml
 create mode 100644 .license_template

diff --git a/.github/actions/publish/publish-rust/action.yml b/.github/actions/publish/publish-rust/action.yml
new file mode 100644
index 0000000..4e02fd6
--- /dev/null
+++ b/.github/actions/publish/publish-rust/action.yml
@@ -0,0 +1,31 @@
+name: 'publish-rust'
+description: 'Publishes Rust library to crates.io'
+inputs:
+  crates-token:
+    description: 'used for authenticating towards crates.io'
+    required: true
+  version:
+    description: 'the version to release under (e.g. `1.2.3-dev.1`)'
+    required: true
+  dry-run:
+    description: "'true' = only log potential result; 'false' = publish'"
+    required: true
+runs:
+  using: "composite"
+  steps:
+    - name: Setup Rust
+      uses: './.github/actions/rust/rust-setup'
+      with:
+        os: ${{ runner.os }}
+        job: ${{ github.job }}
+
+    - name: Install cargo-release
+      shell: bash
+      run: cargo install cargo-release
+
+    - name: Publish library to crates.io
+      shell: bash
+      run: |
+        echo "dry-run: '${{ inputs.dry-run }}'"
+        echo "version: '${{ inputs.version }}'"
+        cargo release --workspace --token ${{ inputs.crates-token }} --isolated --no-dev-version --no-push --no-tag --dependent-version error --verbose $(if [ "${{ inputs.dry-run }}" = "false" ]; then echo --execute --no-confirm; fi) ${{ inputs.version }}
diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml
new file mode 100644
index 0000000..ba2412e
--- /dev/null
+++ b/.github/workflows/audit.yml
@@ -0,0 +1,28 @@
+name: Audit
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - "**/Cargo.lock"
+      - "**/Cargo.toml"
+      - ".github/workflows/audit.yml"
+      - ".cargo/audit.toml"
+  pull_request:
+    branches:
+      - main
+    paths:
+      - "**/Cargo.lock"
+      - "**/Cargo.toml"
+      - ".github/workflows/audit.yml"
+      - ".cargo/audit.toml"
+
+jobs:
+  audit:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions-rs/audit-check@v1
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml
new file mode 100644
index 0000000..45d94e8
--- /dev/null
+++ b/.github/workflows/build-and-test.yml
@@ -0,0 +1,53 @@
+name: Build and run tests Ubuntu
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    types: [ opened, synchronize, reopened, ready_for_review ]
+    branches:
+      - main
+      - 'epic/**'
+      - 'support/**'
+    paths:
+      - '.github/workflows/build-and-test.yml'
+      - '.github/actions/**'
+      - '**.rs'
+      - '**.toml'
+
+env:
+  RUST_BACKTRACE: full
+
+jobs:
+  check-for-run-condition:
+    runs-on: ubuntu-latest
+    outputs:
+      should-run: ${{ !github.event.pull_request || github.event.pull_request.draft == false }}
+    steps:
+      - run: |
+          # this run step does nothing, but is needed to get the job output
+
+  build-and-test:
+    runs-on: ubuntu-latest
+    needs: [ check-for-run-condition ]
+    if: ${{ needs.check-for-run-condition.outputs.should-run == 'true' }}
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ ubuntu-latest]
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Setup Rust 
+        uses: './.github/actions/rust/rust-setup'
+
+      - name: Build
+        run: cargo build --workspace --tests --examples --all-features --release
+
+      - name: Run tests
+        run: cargo test --workspace --all-features --release
+
+      - name: Run Rust example
+        run: cargo run --example sd_jwt
diff --git a/.github/workflows/build-windows.yml b/.github/workflows/build-windows.yml
new file mode 100644
index 0000000..9a4fc85
--- /dev/null
+++ b/.github/workflows/build-windows.yml
@@ -0,0 +1,45 @@
+name: Build on Windows
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    types: [ opened, synchronize, reopened, ready_for_review ]
+    branches:
+      - main
+      - 'epic/**'
+      - 'support/**'
+    paths:
+      - '.github/workflows/build-and-test.yml'
+      - '.github/actions/**'
+      - '**.rs'
+      - '**.toml'
+
+env:
+  RUST_BACKTRACE: full
+
+jobs:
+  check-for-run-condition:
+    runs-on: ubuntu-latest
+    outputs:
+      should-run: ${{ !github.event.pull_request || github.event.pull_request.draft == false }}
+    steps:
+      - run: |
+          # this run step does nothing, but is needed to get the job output
+
+  build-and-test:
+    runs-on: windows-latest
+    needs: [ check-for-run-condition ]
+    if: ${{ needs.check-for-run-condition.outputs.should-run == 'true' }}
+    strategy:
+      fail-fast: false
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Setup Rust 
+        uses: './.github/actions/rust/rust-setup'
+
+      - name: Build
+        run: cargo build --workspace --all-features --release
diff --git a/.github/workflows/format.yml b/.github/workflows/format.yml
new file mode 100644
index 0000000..d3ddb49
--- /dev/null
+++ b/.github/workflows/format.yml
@@ -0,0 +1,43 @@
+name: Format
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+      - 'epic/**'
+      - 'support/**'
+    paths:
+      - '.github/workflows/format.yml'
+      - '**.rs'
+      - '**.toml'
+      - '**.ts'
+      - '**.js'
+      - '**.json'
+
+jobs:
+  format:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+
+    steps:
+      - uses: actions/checkout@v3
+
+      # we use nightly to get access to advanced format capabilities
+      - name: Setup Rust
+        uses: './.github/actions/rust/rust-setup'
+        with:
+          toolchain: nightly
+          components: rustfmt
+
+      - name: Install cargo-license-template
+        run: cargo install cargo-license-template
+
+      - name: core fmt check
+        run: cargo +nightly fmt --all -- --check
+
+      - name: cargo-license-template check
+        run: cargo +nightly license-template --template .license_template --ignore .license_template_ignore --verbose
diff --git a/.github/workflows/rust-publish-to-crates-io.yml b/.github/workflows/rust-publish-to-crates-io.yml
new file mode 100644
index 0000000..3523cff
--- /dev/null
+++ b/.github/workflows/rust-publish-to-crates-io.yml
@@ -0,0 +1,31 @@
+name: Rust publish to crates.io
+
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'Version to publish Rust under (e.g. `1.2.3-dev.1`)'
+        required: true
+      branch:
+        description: 'Branch to run publish from'
+        required: true
+      dry-run:
+        description: 'Run in dry-run mode'
+        type: boolean
+        required: false
+        default: true
+
+jobs:
+  publish-rust:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          ref: ${{ github.event.inputs.branch }}
+      - name: Publish to crates.io
+        uses: './.github/actions/publish/publish-rust'
+        with:
+          version: ${{ github.event.inputs.version }}
+          crates-token: ${{ secrets.CRATES_IO_TOKEN }}
+          dry-run: ${{ github.event.inputs.dry-run }}
diff --git a/.license_template b/.license_template
new file mode 100644
index 0000000..30334dd
--- /dev/null
+++ b/.license_template
@@ -0,0 +1,2 @@
+// Copyright {20\d{2}(-20\d{2})?} IOTA Stiftung
+// SPDX-License-Identifier: Apache-2.0
diff --git a/Cargo.toml b/Cargo.toml
index d84fa84..30bcfac 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -5,6 +5,8 @@ edition = "2021"
 authors = ["IOTA Stiftung"]
 homepage = "https://www.iota.org"
 license = "Apache-2.0"
+repository = "https://github.com/iotaledger/sd-jwt"
+rust-version = "1.65"
 
 [dependencies]
 multibase = { version = "0.9", default-features = false, features = ["std"] }
@@ -12,7 +14,7 @@ serde_json = { version = "1.0", default-features = false, features = ["std" ] }
 rand = { version = "0.8.5", default-features = false, features = ["std", "std_rng"] }
 thiserror = { version = "1.0", default-features = false }
 strum = { version = "0.25", default-features = false, features = ["std", "derive"] }
-itertools = { version = "0.11", default-features = false, features = ["use_std"]  }
+itertools = { version = "0.12", default-features = false, features = ["use_std"]  }
 iota-crypto = { version = "0.23", default-features = false, features = ["std", "sha"] }
 serde = { version = "1.0", default-features = false, features = ["derive"] }