canic-host 0.41.4

Host-side build, install, fleet, and release-set library for Canic workspaces
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73

//! Passive deployment-truth model types for host-side planning and safety checks.

use sha2::{Digest, Sha256};
use std::{
    fmt::Write as _,
    fs,
    io::Read,
    path::{Path, PathBuf},
};

mod model;
mod observe;
mod plan;
mod receipt;
mod report;
#[cfg(test)]
mod tests;

pub use model::{
    ArtifactDigestSourceV1, ArtifactSourceV1, AuthorityProfileV1, CanisterControlClassV1,
    DeploymentAssumptionV1, DeploymentCheckV1, DeploymentCommandResultV1, DeploymentDiffV1,
    DeploymentIdentityV1, DeploymentInventoryV1, DeploymentObservationGapV1, DeploymentPlanV1,
    DeploymentReceiptV1, DiffItemV1, ExpectedCanisterV1, ExpectedPoolCanisterV1,
    LocalDeploymentConfigV1, ObservationStatusV1, ObservedArtifactV1, ObservedCanisterV1,
    ObservedPoolCanisterV1, PhaseReceiptV1, ResumeSafetyV1, RoleArtifactManifestV1, RoleArtifactV1,
    RoleEpochExpectationV1, RoleEpochObservationV1, SafetyFindingV1, SafetyReportV1,
    SafetySeverityV1, SafetyStatusV1, TrustDomainV1, VerifiedPostconditionV1,
    VerifierReadinessExpectationV1, VerifierReadinessObservationV1,
};
pub use observe::{
    DeploymentTruthError, LocalArtifactManifestRequest, LocalInventoryRequest,
    collect_local_deployment_inventory, collect_local_role_artifact_manifest,
};
pub use plan::{LocalDeploymentPlanRequest, build_local_deployment_plan};
pub use receipt::{artifact_gate_phase_receipt, deployment_receipt_from_check, phase_receipt};
pub use report::{
    LocalDeploymentCheckRequest, check_local_deployment, compare_plan_to_inventory,
    safety_report_from_diff,
};

pub const DEPLOYMENT_TRUTH_SCHEMA_VERSION: u32 = 1;

fn deployment_config_path(workspace_root: &Path, config_path: Option<&Path>) -> PathBuf {
    config_path.map_or_else(
        || crate::release_set::config_path(workspace_root),
        |path| {
            if path.is_absolute() {
                path.to_path_buf()
            } else {
                workspace_root.join(path)
            }
        },
    )
}

fn file_sha256_hex(path: &Path) -> std::io::Result<String> {
    let mut file = fs::File::open(path)?;
    let mut hasher = Sha256::new();
    let mut buffer = [0_u8; 16 * 1024];
    loop {
        let read = file.read(&mut buffer)?;
        if read == 0 {
            break;
        }
        hasher.update(&buffer[..read]);
    }
    let digest = hasher.finalize();
    let mut hex = String::with_capacity(digest.len() * 2);
    for byte in digest {
        write!(&mut hex, "{byte:02x}").expect("writing to a String cannot fail");
    }
    Ok(hex)
}