hyperfinitism · hyperfinitism · Jul 20, 2025 · Jul 20, 2025
@@ -0,0 +1,27 @@
+name: Package Binaries
+description: "Collect release binaries + docs into a tar.gz/zip."
+inputs:
+  pack:   { required: true, description: "Package name e.g. repository-name" }
+  tag:    { required: true, description: "Tag e.g. v.1.2.3" }
+  label:  { required: true, description: "Environment label e.g. linux-x86_64" }
+  target: { required: true, description: "Target of cargo build, e.g. x86_64-unknown-linux-gnu" }
+
+runs:
+  using: "composite"
+  steps:
+    - if: runner.os != 'Windows'
+      shell: bash
+      run: |
+        . "${{ github.action_path }}/package.sh" \
+          "${{ inputs.pack }}" \
+          "${{ inputs.tag }}" \
+          "${{ inputs.label }}" \
+          "${{ inputs.target }}"
+    - if: runner.os == 'Windows'
+      shell: pwsh
+      run: |
+        & "${{ github.action_path }}/package.ps1" `
+          "${{ inputs.pack }}" `
+          "${{ inputs.tag }}" `
+          "${{ inputs.label }}" `
+          "${{ inputs.target }}"
@@ -0,0 +1,30 @@
+param(
+  [string]$PACK,
+  [string]$TAG,
+  [string]$LABEL,
+  [string]$TARGET
+)
+
+$OUT = "$PACK-$TAG-$LABEL.zip"
+New-Item -ItemType Directory -Path pkg\temp\bin -Force | Out-Null
+
+$BIN_NAMES = (
+  cargo metadata --format-version 1 --no-deps |
+  ConvertFrom-Json
+).packages |
+  ForEach-Object {
+      $_.targets |
+      Where-Object { $_.kind -contains 'bin' } |
+      ForEach-Object { $_.name }
+  } | Sort-Object -Unique
+
+foreach ($BIN in $BIN_NAMES) {
+    $SRC = "target\$TARGET\release\$BIN.exe"
+    Copy-Item $SRC -Destination pkg\temp\bin
+}
+
+Copy-Item README.md -Destination pkg\temp -ErrorAction SilentlyContinue
+Copy-Item LICENSE   -Destination pkg\temp -ErrorAction SilentlyContinue
+
+Compress-Archive -Path pkg\temp\* -DestinationPath "pkg\$OUT" -Force
+Remove-Item -Path pkg\temp -Recurse -Force -ErrorAction SilentlyContinue
@@ -0,0 +1,22 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+PACK=$1
+TAG=$2
+LABEL=$3
+TARGET=$4
+
+OUT=${PACK}-${TAG}-${LABEL}
+mkdir -p pkg/temp/bin
+
+BIN_NAMES=$(cargo metadata --format-version 1 --no-deps \
+  | jq -r '.packages[] | select(.source == null) | .targets[]  | select(.kind[]=="bin") | .name' | sort -u)
+
+for BIN in $BIN_NAMES; do
+  SRC="target/${TARGET}/release/${BIN}"
+  cp ${SRC}* pkg/temp/bin/
+done
+cp LICENSE README.md pkg/temp/ 2>/dev/null || true
+
+tar -C pkg/temp -czf pkg/${OUT}.tar.gz .
+rm -rf pkg/temp 2>/dev/null || true
@@ -0,0 +1,60 @@
+name: Audit
+on:
+  schedule:
+    - cron: '0 3 * * 1'
+  pull_request:
+    branches: [main]
+  push:
+    branches: [main]
+    tags: ['v*']
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+concurrency:
+  group: audit-${{ github.ref }}
+  cancel-in-progress: true
+
+env:
+  TOOLCHAIN_VER: 1.88.0
+  AUDIT_VER: 0.21.2
+
+jobs:
+  rustsec:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions-rust-lang/setup-rust-toolchain@v1
+        with:
+          toolchain: ${{ env.TOOLCHAIN_VER }}
+          cache: true
+
+      - uses: Swatinem/rust-cache@v2
+        with:
+          key: main-${{ hashFiles('**/Cargo.lock') }}
+          lookup-only: ${{ github.event_name == 'pull_request' }}
+          save-if: ${{ github.event_name != 'pull_request' }}
+
+      - uses: Swatinem/rust-cache@v2
+        if: github.event_name == 'pull_request'
+        with:
+          key: pr-${{ github.event.pull_request.number }}-${{ hashFiles('**/Cargo.lock') }}
+          save-if: true
+
+      - run: cargo install cargo-audit --locked --version ${{ env.AUDIT_VER }}
+
+      - name: Run cargo audit
+        id: audit
+        shell: bash
+        run: |
+          cargo audit --json > audit.json || echo "AUDIT_FAILED=1" >> $GITHUB_ENV
+
+      - name: Upload audit report
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: cargo-audit-${{ github.run_number }}
+          path: audit.json
@@ -0,0 +1,57 @@
+name: Lint
+
+on:
+  pull_request:
+    branches: [main]
+  push:
+    branches: [main]
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+env:
+  TOOLCHAIN_VER: 1.88.0
+
+jobs:
+  fmt:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions-rust-lang/setup-rust-toolchain@v1
+        with:
+          toolchain: ${{ env.TOOLCHAIN_VER }}
+          components: rustfmt
+          cache: true
+
+      - name: Run cargo fmt
+        run: cargo fmt --all -- --check
+
+  clippy:
+    needs: fmt
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions-rust-lang/setup-rust-toolchain@v1
+        with:
+          toolchain: ${{ env.TOOLCHAIN_VER }}
+          components: clippy
+          cache: true
+
+      - uses: Swatinem/rust-cache@v2
+        with:
+          key: main-${{ hashFiles('**/Cargo.lock') }}
+          lookup-only: ${{ github.event_name == 'pull_request' }}
+          save-if: ${{ github.event_name != 'pull_request' }}
+
+      - uses: Swatinem/rust-cache@v2
+        if: github.event_name == 'pull_request'
+        with:
+          key: pr-${{ github.event.pull_request.number }}-${{ hashFiles('**/Cargo.lock') }}
+          save-if: true
+
+
+      - name: Run cargo clippy
+        run: cargo clippy --workspace --all-targets --all-features -- -D warnings