taiki-e · taiki-e · Dec 24, 2022 · Dec 24, 2022 · Dec 24, 2022
diff --git a/.github/.cspell/project-dictionary.txt b/.github/.cspell/project-dictionary.txt
@@ -1,8 +1,11 @@
 binstall
 bytecodealliance
+coreutils
 distro
 doas
 Dpkg
+enablerepo
+epel
 jfrimmel
 koalaman
 libc

diff --git a/.github/.cspell/rust-dependencies.txt b/.github/.cspell/rust-dependencies.txt
@@ -0,0 +1,8 @@
+// This file is @generated by tidy.sh.
+// It is not intended for manual editing.
+
+anyhow
+json
+semver
+serde
+ureq
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -19,7 +19,7 @@ defaults:
 
 jobs:
   tidy:
-    uses: taiki-e/workflows/.github/workflows/tidy-no-rust.yml@main
+    uses: taiki-e/workflows/.github/workflows/tidy-rust.yml@main
 
   test:
     strategy:
@@ -35,9 +35,10 @@ jobs:
           # Note: Specifying the version of valgrind and cargo-binstall is not supported.
           - os: ubuntu-20.04
             tool: cargo-hack@0.5.24,cargo-llvm-cov@0.5.3,cargo-minimal-versions@0.1.8,parse-changelog@0.5.2,cargo-udeps@0.1.35,cargo-valgrind@2.1.0,cargo-deny@0.13.5,cross@0.2.4,nextest@0.9.11,protoc@3.21.12,shellcheck@0.9.0,shfmt@3.6.0,wasm-pack@0.10.3,wasmtime@4.0.0,mdbook@0.4.25,mdbook-linkcheck@0.7.7,cargo-watch@8.1.1
-          # Nextest supports basic version ranges as well. For other tools, this will be supported by https://github.com/taiki-e/install-action/pull/27.
           - os: ubuntu-20.04
-            tool: nextest@0.9
+            tool: cargo-hack@0.5,cargo-llvm-cov@0.5,cargo-minimal-versions@0.1,parse-changelog@0.5,cargo-udeps@0.1,cargo-valgrind@2.1,cargo-deny@0.13,cross@0.2,nextest@0.9,protoc@3.21,shellcheck@0.9,shfmt@3.5,wasm-pack@0.10,wasmtime@4.0,mdbook@0.4,mdbook-linkcheck@0.7,cargo-watch@8.1
+          - os: ubuntu-20.04
+            tool: cargo-valgrind@2,protoc@3,shfmt@3,wasmtime@4,cargo-watch@8
           - os: macos-11
             tool: cargo-hack,cargo-llvm-cov,cargo-minimal-versions,parse-changelog,cargo-udeps,cargo-valgrind,cargo-deny,cross,nextest,protoc,shellcheck,shfmt,wasm-pack,wasmtime,mdbook,mdbook-linkcheck,cargo-watch
           - os: windows-2019
@@ -47,6 +48,8 @@ jobs:
       - uses: actions/checkout@v3
         with:
           persist-credentials: false
+      # cross attempts to install rust-src when Cargo.toml is available even if `cross --version`
+      - run: rm Cargo.toml
       - uses: ./
         with:
           tool: ${{ matrix.tool }}
@@ -113,6 +116,36 @@ jobs:
       - uses: actions/checkout@v3
         with:
           persist-credentials: false
+      # cross attempts to install rust-src when Cargo.toml is available even if `cross --version`
+      - run: rm Cargo.toml
       - uses: ./
         with:
           tool: ${{ matrix.tool }}
+
+  manifest:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write # TODO test
+      pull-requests: write
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          persist-credentials: false
+      - uses: dtolnay/rust-toolchain@nightly
+      - run: tools/manifest.sh
+      - run: git add -N . && git diff --exit-code
+        if: github.repository_owner != 'taiki-e' || github.event_name != 'schedule' && !(github.event_name == 'push' && github.ref == 'refs/heads/main')
+      - id: diff
+        run: ci/manifest.sh
+        if: github.repository_owner == 'taiki-e' && (github.event_name == 'schedule' || github.event_name == 'push' && github.ref == 'refs/heads/main')
+      - uses: taiki-e/create-pull-request@v4
+        with:
+          title: Update manifest
+          body: |
+            Auto-generated by [create-pull-request][1]
+            [Please close and immediately reopen this pull request to run CI.][2]
+
+            [1]: https://github.com/peter-evans/create-pull-request
+            [2]: https://github.com/peter-evans/create-pull-request/blob/HEAD/docs/concepts-guidelines.md#workarounds-to-trigger-further-workflow-runs
+          branch: update-manifest
+        if: github.repository_owner == 'taiki-e' && (github.event_name == 'schedule' || github.event_name == 'push' && github.ref == 'refs/heads/main') && steps.diff.outputs.success == 'false'
diff --git a/.gitignore b/.gitignore
@@ -1,5 +1,6 @@
 target
 Cargo.lock
+tmp
 
 # For platform and editor specific settings, it is recommended to add to
 # a global .gitignore file.

diff --git a/.rustfmt.toml b/.rustfmt.toml
@@ -0,0 +1 @@
+edition = "2021"
diff --git a/Cargo.toml b/Cargo.toml
@@ -0,0 +1,3 @@
+[workspace]
+resolver = "2"
+members = ["tools/codegen"]
diff --git a/DEVELOPMENT.md b/DEVELOPMENT.md
@@ -0,0 +1,19 @@
+# Development Guide
+
+## Add support for new tool
+
+1\. Add base manifest to [`tools/codegen/base`](tools/codegen/base) directory.
+
+See JSON files in `tools/codegen/base` directory for examples of the manifest.
+
+2\. Generate manifest with the following command (replace `<tool>` with the tool name).
+
+```sh
+./tools/manifest.sh <tool>
+```
+
+3\. Add tool name to table in "Supported tools" section in `README.md`.
+
+4\. Add tool name to `tools` variable in `tools/publish.sh`.
+
+5\. Add tool name to test matrix in `.github/workflows/ci.yml`.
diff --git a/README.md b/README.md
@@ -17,9 +17,10 @@ GitHub Action for installing development tools (mainly from GitHub Releases).
 
 ### Inputs
 
-| Name | Required | Description | Type | Default |
-| ---- |:--------:| ----------- | ---- | ------- |
-| tool | **true** | Tools to install (comma-separated list) | String | |
+| Name     | Required | Description                             | Type    | Default |
+| -------- |:--------:| --------------------------------------- | ------- | ------- |
+| tool     | **true** | Tools to install (comma-separated list) | String  |         |
+| checksum | false    | Whether to enable checksums             | Boolean | `true`  |
 
 ### Example workflow
 
@@ -100,7 +101,9 @@ If a tool not included in the list above is specified, this action uses [cargo-b
 
 When installing the tool from GitHub Releases, this action will download the tool or its installer from GitHub Releases using HTTPS with tlsv1.2+. This is basically considered to be the same level of security as [the recommended installation of rustup](https://www.rust-lang.org/tools/install).
 
-If you want a higher level of security, consider working on [#1](https://github.com/taiki-e/install-action/issues/1).
+Additionally, this action will also verify SHA256 checksums for downloaded files in all tools installed from GitHub Releases. This is enabled by default and can be disabled by setting the `checksum` input option to `false`.
+
+See the linked documentation for information on security when installed using [snap](https://snapcraft.io/docs) or [cargo-binstall](https://github.com/cargo-bins/cargo-binstall#faq).
 
 ## Compatibility
 

diff --git a/action.yml b/action.yml
@@ -6,6 +6,10 @@ inputs:
     description: Tools to install (comma-separated list)
     required: true
     # default: #publish:tool
+  checksum:
+    description: Whether to enable checksums
+    required: false
+    default: 'true'
 
 runs:
   using: node16

diff --git a/ci/manifest.sh b/ci/manifest.sh
@@ -0,0 +1,21 @@
+#!/bin/bash
+set -euxo pipefail
+IFS=$'\n\t'
+cd "$(dirname "$0")"/..
+
+git config user.name "Taiki Endo"
+git config user.email "te316e89@gmail.com"
+
+for manifest in manifests/*.json; do
+    git add -N "${manifest}"
+    if ! git diff --exit-code -- "${manifest}"; then
+        name="$(basename "${manifest%.*}")"
+        git add "${manifest}"
+        git commit -m "Update ${name}"
+        has_update=1
+    fi
+done
+
+if [[ -n "${has_update:-}" ]]; then
+    echo "success=false" >>"${GITHUB_OUTPUT}"
+fi