cursus 0.6.0

Library crate for the cursus release management CLI
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267

use super::*;
use std::sync::Arc;

use crate::command::CommandRunner;
use crate::command::test_support::RecordingCommandRunner;
use crate::filesystem::LocalFilesystem;

fn setup_publish_project(dir: &std::path::Path) -> ProjectInfo {
	write_cargo_toml(
		dir,
		"[package]\nname = \"my-crate\"\nversion = \"1.0.0\"\nedition = \"2024\"\n",
	);
	ProjectInfo::for_test("my-crate", AbsolutePath::new(dir.to_path_buf()).unwrap())
}

fn recording_adapter_with_env(dir: &std::path::Path, env: crate::Env) -> CargoAdapter {
	CargoAdapter::new(
		CargoConfig::default(),
		crate::path::AbsolutePath::new(dir).unwrap(),
		env,
	)
}

fn env_with_auth_flags(
	runner: &Arc<RecordingCommandRunner>,
	token: bool,
	oidc: bool,
) -> crate::Env {
	crate::Env::new(
		Arc::clone(runner) as Arc<dyn CommandRunner>,
		Arc::new(LocalFilesystem),
		Arc::new(crate::git::GitWorkdir::new(
			Arc::clone(runner) as Arc<dyn CommandRunner>,
			crate::path::AbsolutePath::new("/tmp").unwrap(),
		)),
	)
	.with_cargo_registry_token_present(token)
	.with_oidc_environment(oidc)
}

#[tokio::test]
async fn publish_success_returns_published() {
	let dir = temp_dir();
	let info = setup_publish_project(dir.path());
	let runner = Arc::new(RecordingCommandRunner::new(0));
	let adapter =
		recording_adapter_inspectable(CargoConfig::default(), dir.path(), Arc::clone(&runner));
	let result = adapter.publish(&info).await.unwrap();
	assert_eq!(result, PublishOutcome::Published);
	let invocations = runner.invocations();
	assert_eq!(invocations.len(), 1);
	assert_eq!(invocations[0].program, "cargo");
	assert_eq!(invocations[0].args[0], "publish");
}

#[tokio::test]
async fn publish_already_uploaded_returns_already_published() {
	let dir = temp_dir();
	let info = setup_publish_project(dir.path());
	let runner = Arc::new(
		RecordingCommandRunner::new(1)
			.with_stderr(b"error: crate version is already uploaded".to_vec()),
	);
	let adapter =
		recording_adapter_inspectable(CargoConfig::default(), dir.path(), Arc::clone(&runner));
	let result = adapter.publish(&info).await.unwrap();
	assert_eq!(result, PublishOutcome::AlreadyPublished);
}

#[tokio::test]
async fn publish_already_exists_returns_already_published() {
	let dir = temp_dir();
	let info = setup_publish_project(dir.path());
	let runner = Arc::new(
		RecordingCommandRunner::new(1)
			.with_stderr(b"error: package already exists on crates.io".to_vec()),
	);
	let adapter =
		recording_adapter_inspectable(CargoConfig::default(), dir.path(), Arc::clone(&runner));
	let result = adapter.publish(&info).await.unwrap();
	assert_eq!(result, PublishOutcome::AlreadyPublished);
}

#[tokio::test]
async fn publish_other_failure_returns_error() {
	let dir = temp_dir();
	let info = setup_publish_project(dir.path());
	let runner = Arc::new(
		RecordingCommandRunner::new(1)
			.with_stderr(b"error: network error connecting to crates.io".to_vec()),
	);
	let adapter =
		recording_adapter_inspectable(CargoConfig::default(), dir.path(), Arc::clone(&runner));
	let result = adapter.publish(&info).await;
	assert!(result.is_err());
	let msg = result.unwrap_err().to_string();
	assert!(
		msg.contains("cargo publish failed"),
		"Expected 'cargo publish failed', got: {msg}"
	);
}

#[tokio::test]
async fn publish_passes_manifest_path_arg() {
	let dir = temp_dir();
	let info = setup_publish_project(dir.path());
	let runner = Arc::new(RecordingCommandRunner::new(0));
	let adapter =
		recording_adapter_inspectable(CargoConfig::default(), dir.path(), Arc::clone(&runner));
	adapter.publish(&info).await.unwrap();
	let invocations = runner.invocations();
	assert_eq!(invocations.len(), 1);
	assert!(
		invocations[0].args.contains(&"--manifest-path".to_string()),
		"Should pass --manifest-path, got: {:?}",
		invocations[0].args
	);
}

#[tokio::test]
async fn publish_without_cargo_token_still_executes_publish() {
	let dir = temp_dir();
	let info = setup_publish_project(dir.path());
	let runner = Arc::new(RecordingCommandRunner::new(0));
	let adapter =
		recording_adapter_with_env(dir.path(), env_with_auth_flags(&runner, false, false));
	let result = adapter.publish(&info).await.unwrap();
	assert_eq!(result, PublishOutcome::Published);
	// Command must still be dispatched despite missing token
	assert_eq!(runner.invocations()[0].program, "cargo");
	assert_eq!(runner.invocations()[0].args[0], "publish");
}

#[tokio::test]
async fn publish_without_cargo_token_no_oidc_emits_credential_warning() {
	crate::test_logging::init_test_logger();
	let dir = temp_dir();
	let info = setup_publish_project(dir.path());
	let runner = Arc::new(RecordingCommandRunner::new(0));
	let adapter =
		recording_adapter_with_env(dir.path(), env_with_auth_flags(&runner, false, false));
	adapter.publish(&info).await.unwrap();
	let logs = crate::test_logging::take_logs();
	let warn_msgs: Vec<_> = logs
		.iter()
		.filter(|(lvl, _)| *lvl == log::Level::Warn)
		.collect();
	assert!(
		warn_msgs.iter().any(|(_, msg)| msg.contains("cargo login")),
		"Expected credential warning with cargo login hint, got: {warn_msgs:?}"
	);
	assert!(
		!warn_msgs
			.iter()
			.any(|(_, msg)| msg.contains("crates-io-auth-action")),
		"Should NOT emit trusted publishing hint in non-OIDC environment, got: {warn_msgs:?}"
	);
}

#[tokio::test]
async fn publish_without_cargo_token_with_oidc_emits_trusted_publishing_hint() {
	crate::test_logging::init_test_logger();
	let dir = temp_dir();
	let info = setup_publish_project(dir.path());
	let runner = Arc::new(RecordingCommandRunner::new(0));
	let adapter = recording_adapter_with_env(dir.path(), env_with_auth_flags(&runner, false, true));
	adapter.publish(&info).await.unwrap();
	let logs = crate::test_logging::take_logs();
	let warn_msgs: Vec<_> = logs
		.iter()
		.filter(|(lvl, _)| *lvl == log::Level::Warn)
		.collect();
	assert!(
		warn_msgs
			.iter()
			.any(|(_, msg)| msg.contains("crates-io-auth-action")),
		"Expected trusted publishing hint with exchange action, got: {warn_msgs:?}"
	);
	assert!(
		!warn_msgs.iter().any(|(_, msg)| msg.contains("cargo login")),
		"Should NOT emit cargo login hint in OIDC environment, got: {warn_msgs:?}"
	);
}

#[tokio::test]
async fn publish_with_cargo_token_no_oidc_no_warning() {
	crate::test_logging::init_test_logger();
	let dir = temp_dir();
	let info = setup_publish_project(dir.path());
	let runner = Arc::new(RecordingCommandRunner::new(0));
	let adapter = recording_adapter_with_env(dir.path(), env_with_auth_flags(&runner, true, false));
	adapter.publish(&info).await.unwrap();
	let logs = crate::test_logging::take_logs();
	assert!(
		!logs.iter().any(|(lvl, _)| *lvl == log::Level::Warn),
		"Should NOT emit any warning for token+no-OIDC (traditional flow)"
	);
}

#[tokio::test]
async fn publish_with_cargo_token_with_oidc_no_warning() {
	crate::test_logging::init_test_logger();
	let dir = temp_dir();
	let info = setup_publish_project(dir.path());
	let runner = Arc::new(RecordingCommandRunner::new(0));
	let adapter = recording_adapter_with_env(dir.path(), env_with_auth_flags(&runner, true, true));
	adapter.publish(&info).await.unwrap();
	let logs = crate::test_logging::take_logs();
	assert!(
		!logs.iter().any(|(lvl, _)| *lvl == log::Level::Warn),
		"Should NOT emit any warning for token+OIDC (trusted publishing happy path)"
	);
}

#[tokio::test]
async fn publish_with_cargo_token_executes_publish() {
	let dir = temp_dir();
	let info = setup_publish_project(dir.path());
	let runner = Arc::new(RecordingCommandRunner::new(0));
	let env = crate::Env::new(
		Arc::clone(&runner) as Arc<dyn CommandRunner>,
		Arc::new(LocalFilesystem),
		Arc::new(crate::git::GitWorkdir::new(
			Arc::clone(&runner) as Arc<dyn CommandRunner>,
			crate::path::AbsolutePath::new("/tmp").unwrap(),
		)),
	)
	.with_cargo_registry_token_present(true);
	let adapter = recording_adapter_with_env(dir.path(), env);
	let result = adapter.publish(&info).await.unwrap();
	assert_eq!(result, PublishOutcome::Published);
	assert_eq!(runner.invocations()[0].program, "cargo");
}

#[tokio::test]
async fn publish_failure_redacts_credentials_from_stderr() {
	let dir = temp_dir();
	let info = setup_publish_project(dir.path());
	let runner = Arc::new(
		RecordingCommandRunner::new(1).with_stderr(
			b"error: failed to get https://user:SECRET_TOKEN@private.registry.example.com/: 403"
				.to_vec(),
		),
	);
	let adapter =
		recording_adapter_inspectable(CargoConfig::default(), dir.path(), Arc::clone(&runner));
	let err = adapter.publish(&info).await.unwrap_err().to_string();
	assert!(
		!err.contains("SECRET_TOKEN"),
		"token must not appear in error: {err}"
	);
	assert!(err.contains("[REDACTED]"), "expected [REDACTED] in: {err}");
}

#[tokio::test]
async fn registry_name_is_crates_io() {
	let dir = temp_dir();
	let adapter = recording_adapter(CargoConfig::default(), dir.path(), 0);
	assert_eq!(adapter.registry_name().await, "crates.io");
}

#[tokio::test]
async fn manifest_filename_is_cargo_toml() {
	let dir = temp_dir();
	let adapter = recording_adapter(CargoConfig::default(), dir.path(), 0);
	assert_eq!(adapter.manifest_filename().await, "Cargo.toml");
}