forjar 1.3.0

Rust-native Infrastructure as Code — bare-metal first, BLAKE3 state, provenance tracing
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130

# Lint and clippy checks across platforms
# Ensures code quality on ubuntu, windows, and macos

name: Lint

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]

concurrency:
  group: lint-${{ github.event.pull_request.number || github.sha }}
  cancel-in-progress: true

jobs:
  clippy:
    strategy:
      matrix:
        os: [ubuntu-latest, macos-latest]
        features: ["", encryption]
        # Windows excluded: openssl-sys vendored build requires Perl/NASM
        # which is unreliable on GH runners. Sovereign-ci handles lint on Linux.
    runs-on: ${{ matrix.os }}
    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683  # v4.2.2

      - name: Checkout provable-contracts (path dep)
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683  # v4.2.2
        with:
          repository: paiml/provable-contracts
          path: provable-contracts

      - name: Symlink provable-contracts for Cargo path deps
        if: runner.os != 'Windows'
        run: ln -sf "$GITHUB_WORKSPACE/provable-contracts" "$GITHUB_WORKSPACE/../provable-contracts"

      - name: Symlink provable-contracts (Windows)
        if: runner.os == 'Windows'
        shell: pwsh
        run: New-Item -ItemType Junction -Path "$env:GITHUB_WORKSPACE\..\provable-contracts" -Target "$env:GITHUB_WORKSPACE\provable-contracts" -Force

      - name: Install Rust toolchain
        run: rustup show

      - name: Cache cargo
        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684  # v4.2.3
        with:
          path: |
            ~/.cargo/registry
            ~/.cargo/git
            target
          key: lint-${{ runner.os }}-${{ matrix.features }}-${{ hashFiles('**/Cargo.lock') }}

      - name: Generate contract assertions — pv codegen (unix)
        if: runner.os != 'Windows'
        run: |
          if ! command -v pv >/dev/null 2>&1; then
            cargo install provable-contracts-cli --locked || true
          fi
          PV=$(command -v pv 2>/dev/null || true)
          if [ -z "$PV" ]; then
            echo "::warning::pv not found — skipping contract generation"
          else
            PC_CONTRACTS="$GITHUB_WORKSPACE/../provable-contracts/contracts"
            if [ -f src/lib.rs ] && grep -q 'mod generated_contracts' src/lib.rs && [ ! -f src/generated_contracts.rs ]; then
              if [ -d "$PC_CONTRACTS" ]; then
                "$PV" codegen "$PC_CONTRACTS" -o src/generated_contracts.rs || true
              elif [ -d contracts ]; then
                "$PV" codegen contracts/ -o src/generated_contracts.rs || true
              fi
            fi
            for src_dir in crates/*/src */src; do
              if [ -d "$src_dir" ] && [ -f "$src_dir/lib.rs" ] && grep -q 'mod generated_contracts' "$src_dir/lib.rs" && [ ! -f "$src_dir/generated_contracts.rs" ]; then
                member_dir=$(dirname "$src_dir")
                if [ -d "$PC_CONTRACTS" ]; then
                  "$PV" codegen "$PC_CONTRACTS" -o "$src_dir/generated_contracts.rs" || true
                elif [ -d "$member_dir/contracts" ]; then
                  "$PV" codegen "$member_dir/contracts" -o "$src_dir/generated_contracts.rs" || true
                fi
              fi
            done
          fi

      - name: Generate contract assertions — pv codegen (windows)
        if: runner.os == 'Windows'
        shell: pwsh
        run: |
          $pvPath = (Get-Command pv -ErrorAction SilentlyContinue)?.Source
          if (-not $pvPath) {
            cargo install provable-contracts-cli --locked 2>$null
            $pvPath = (Get-Command pv -ErrorAction SilentlyContinue)?.Source
          }
          if (-not $pvPath) {
            Write-Warning "pv not found — skipping contract generation"
          } else {
            $pcContracts = Join-Path $env:GITHUB_WORKSPACE "..\provable-contracts\contracts"
            if ((Test-Path "src\lib.rs") -and (Select-String -Quiet -Pattern 'mod generated_contracts' "src\lib.rs") -and (-not (Test-Path "src\generated_contracts.rs"))) {
              if (Test-Path $pcContracts) {
                & $pvPath codegen $pcContracts -o src\generated_contracts.rs
              } elseif (Test-Path "contracts") {
                & $pvPath codegen contracts\ -o src\generated_contracts.rs
              }
            }
            foreach ($srcDir in (Get-ChildItem -Path "crates\*\src","*\src" -Directory -ErrorAction SilentlyContinue)) {
              $libRs = Join-Path $srcDir "lib.rs"
              $genRs = Join-Path $srcDir "generated_contracts.rs"
              if ((Test-Path $libRs) -and (Select-String -Quiet -Pattern 'mod generated_contracts' $libRs) -and (-not (Test-Path $genRs))) {
                $memberDir = Split-Path $srcDir -Parent
                $memberContracts = Join-Path $memberDir "contracts"
                if (Test-Path $pcContracts) {
                  & $pvPath codegen $pcContracts -o $genRs
                } elseif (Test-Path $memberContracts) {
                  & $pvPath codegen $memberContracts -o $genRs
                }
              }
            }
          }

      - name: Clippy
        shell: bash
        run: |
          if [ -n "${{ matrix.features }}" ]; then
            cargo clippy --all-targets --features ${{ matrix.features }} -- -D warnings
          else
            cargo clippy --all-targets -- -D warnings
          fi

      - name: Rustfmt
        run: cargo fmt --all -- --check