Add GitHub Actions

Fix wasm32 target Rename crates to use dash instead of underscore
rustbunker · Sep 23, 2024 · defdd2b · defdd2b
1 parent a0c3a01
commit defdd2b
Show file tree

Hide file tree

Showing 8 changed files with 234 additions and 8 deletions.
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -0,0 +1,130 @@
+name: CI checks
+
+on: [push, pull_request]
+
+jobs:
+  test:
+    name: Test on ${{ matrix.os }}
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os: [ubuntu-latest, windows-latest, macOS-latest]
+
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions-rs/toolchain@v1
+        with:
+          toolchain: 1.76
+          override: true
+      - name: cargo fetch
+        uses: actions-rs/cargo@v1
+        with:
+          command: fetch
+      - name: Build tests
+        uses: actions-rs/cargo@v1
+        with:
+          command: build
+          args: --all --verbose --exclude plexi_cli --all-features --tests
+      - name: Run tests
+        uses: actions-rs/cargo@v1
+        with:
+          command: test
+          args: --all --verbose --exclude plexi_cli --all-features
+
+  build:
+    name: Build target ${{ matrix.target }}
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        target:
+          - wasm32-unknown-unknown
+
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions-rs/toolchain@v1
+        with:
+          toolchain: 1.76
+          override: true
+      - name: Add target
+        run: rustup target add ${{ matrix.target }}
+      - name: cargo fetch
+        uses: actions-rs/cargo@v1
+        with:
+          command: fetch
+      - name: Build for target
+        working-directory: ./plexi_core
+        run: cargo build --verbose --no-default-features --target ${{ matrix.target }}
+
+  bitrot:
+    name: Bitrot
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions-rs/toolchain@v1
+        with:
+          toolchain: 1.76
+          override: true
+      - name: cargo check
+        uses: actions-rs/cargo@v1
+        with:
+          command: check
+          args: --tests --examples --benches --all-features
+
+  clippy:
+    name: Clippy (1.76)
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions-rs/toolchain@v1
+        with:
+          toolchain: 1.76
+          components: clippy
+          override: true
+      - name: Clippy check
+        uses: actions-rs/clippy-check@v1
+        with:
+          name: Clippy (1.76)
+          token: ${{ secrets.GITHUB_TOKEN }}
+          args: --all-features --all-targets -- -D warnings
+
+  doc-links:
+    name: Intra-doc links
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions-rs/toolchain@v1
+        with:
+          toolchain: 1.76
+          override: true
+      - name: cargo fetch
+        uses: actions-rs/cargo@v1
+        with:
+          command: fetch
+
+      # Ensure intra-documentation links all resolve correctly
+      # Requires #![deny(intra_doc_link_resolution_failure)] in crates.
+      - name: Check intra-doc links
+        uses: actions-rs/cargo@v1
+        with:
+          command: doc
+          args: --all --exclude plexi_cli --all-features --document-private-items
+
+  fmt:
+    name: Rustfmt
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions-rs/toolchain@v1
+        with:
+          toolchain: 1.76
+          components: rustfmt
+          override: true
+      - name: Check formatting
+        uses: actions-rs/cargo@v1
+        with:
+          command: fmt
+          args: --all -- --check
diff --git a/.github/workflows → .github/workflows/semgrep.yaml b/.github/workflows → .github/workflows/semgrep.yaml
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -33,6 +33,7 @@ colored = "2.1"
 env_logger = { version = "0.11" }
 ed25519-dalek = { version = "2" }
 futures-util = "0.3"
+getrandom = "0.2"
 hex = { version = "0.4" }
 log = "0.4"
 prost = "0.13"
@@ -48,7 +49,7 @@ utoipa = "4"
 uuid = { version = "1.9", features = ["v4", "serde"] }
 
 # workspace dependencies
-plexi_core = { path = "./plexi_core" }
+plexi-core = { path = "./plexi_core" }
 
 [profile.release]
 lto = true

diff --git a/plexi_cli/Cargo.toml b/plexi_cli/Cargo.toml
@@ -1,5 +1,5 @@
 [package]
-name = "plexi_cli"
+name = "plexi-cli"
 description = "A flexible auditor companion client"
 version.workspace = true
 authors.workspace = true
@@ -32,4 +32,4 @@ time = { workspace = true, features = ["formatting"] }
 tokio = { workspace = true, features = ["full"] }
 
 # workspace dependencies
-plexi_core = { workspace = true, features = ["client"] }
+plexi-core = { workspace = true, features = ["client"] }
diff --git a/plexi_cli/README.md b/plexi_cli/README.md
@@ -0,0 +1,84 @@
+# Plexi
+
+![Plexi banner](../docs/assets/plexi_banner.png)
+
+Plexi is a flexible auditor for [Key Transparency systems](https://blog.cloudflare.com/key-transparency).
+
+## Tables of Content
+
+* [Features](#features)
+* [Installation](#installation)
+* [Usage](#usage)
+  * [Configure your auditor remote](#configure-your-auditor-remote)
+  * [List monitored Logs](#list-monitored-logs)
+  * [Audit a signature](#audit-a-signature)
+* [Conduct](#conduct)
+* [License](#license)
+
+## Features
+
+* Verify authenticity of a signature, to confirm it has been signed by a given public key
+* Verify the validity of [facebook/akd](https://github.com/facebook/akd) proofs
+* List Logs an Auditor monitors
+
+## Installation
+
+| Environment                                                   | CLI Command           |
+|:--------------------------------------------------------------|:----------------------|
+| [Cargo](https://www.rust-lang.org/tools/install) (Rust 1.76+) | `cargo install plexi` |
+
+## Usage
+
+Use the `--help` option for more details about the commands and their options.
+
+```bash
+plexi [OPTIONS] <COMMAND>
+```
+
+### Configure your auditor remote
+
+`plexi` does not come with a default remote auditor, and you will need to choose your own. 
+
+You can do so either by passing `--remote-url=<REMOTE>` or setting the `PLEXI_REMOTE_URL` environment variable.
+
+A common remote is provided below:
+
+| Name       | Remote                                          |
+|:-----------|:------------------------------------------------|
+| Cloudflare | `https://plexi.key-transparency.cloudflare.com` |
+
+If you have deployed your own auditor, you can add a remote by filing a [GitHub issue](https://github.com/cloudflare/plexi/issues).
+
+### List monitored Logs
+
+An auditor monitors multiple Logs at once. To discover which Logs an auditor is monitoring, run the following:
+
+```shell
+plexi ls --remote-url 'https://plexi.key-transparency.cloudflare.com'
+whatsapp.key-transparency.v1
+```
+
+### Audit a signature
+
+The Key Transparency Auditor vouches for Log validity by ensuring epoch uniqueness. and verifying the associated proof
+
+`plexi audit` provides information about a given epoch and its validity. It can perform a local audit to confirm the auditor behaviour.
+
+For instance, to verify WhatsApp Log auditted by Cloudflare Auditor, run the following:
+```shell
+> plexi audit --remote-url 'https://plexi.key-transparency.cloudflare.com' --namespace 'whatsapp.key-transparency.v1' --long
+Namespace: whatsapp.key-transparency.v1
+Ciphersuite: ed25519(protobuf)
+Timestamp: 2024-09-19T09:59:44Z
+Epoch height: 476847
+Epoch digest: 9d217c91dc629d16a3b1379e8fd7c949c27b1b6038259e3918bd0da3cd6c34d1
+Signature: e4c83e3091ba8764752120bd7a726a28759d25a01f39d07131d6ba66a913d58d8f0f48f63bc7e037cc5ddd81dc76acc847dbf8d02b2f55251e6f2b1f00191902
+Verification: success
+```
+
+## Conduct
+
+Plexi and Cloudflare OpenSource generally follows the [Contributor Covenant Code of Conduct](https://github.com/cloudflare/.github/blob/26b37ca2ba7ab3d91050ead9f2c0e30674d3b91e/CODE_OF_CONDUCT.md). Violating the CoC could result in a warning or a ban to Plexi or any and all repositories in the Cloudflare organization.
+
+## License
+This project is Licensed under [Apache License, Version 2.0](../LICENSE).
diff --git a/plexi_core/Cargo.toml b/plexi_core/Cargo.toml
@@ -1,5 +1,5 @@
 [package]
-name = "plexi_core"
+name = "plexi-core"
 description = "A flexible auditor companion client"
 version.workspace = true
 authors.workspace = true
@@ -33,5 +33,10 @@ thiserror = { workspace = true }
 utoipa = { workspace = true, optional = true }
 uuid = { workspace = true, features = ["v4", "serde"] }
 
+# wasm32 dependencies
+[target.'cfg(target_arch = "wasm32")'.dependencies]
+ed25519-dalek = { workspace = true, features = ["rand_core"] }
+getrandom = { workspace = true, features = ["js"] }
+
 [build-dependencies]
 prost-build = { version = "0.13" }
diff --git a/plexi_core/src/namespaces.rs b/plexi_core/src/namespaces.rs
@@ -1,6 +1,7 @@
 use core::fmt;
 
 use serde::{Deserialize, Serialize};
+#[cfg(feature = "openapi")]
 use utoipa::ToSchema;
 
 use crate::{Epoch, PlexiError, SignatureVersion};
@@ -40,7 +41,8 @@ impl IntoIterator for Namespaces {
     }
 }
 
-#[derive(Clone, Debug, Serialize, Deserialize, ToSchema)]
+#[derive(Clone, Debug, Serialize, Deserialize)]
+#[cfg_attr(feature = "openapi", derive(ToSchema))]
 pub struct Namespace {
     name: String,
     log_directory: Option<String>,