ci(supply-chain+dependabot): Automatically create exemptions for cargo-crev for dependa-bot PRs

fix(time): Remove non-functional test causing errors on mac os
There actually is no reason why now being time 0.0 would be incorrect; it might just mean a low resolution clock is being used.
2026-02-27 22:13:12 -08:00 · 2025-04-09 07:59:20 +02:00 · 2025-04-09 01:29:21 +02:00 · 2025-04-09 01:21:23 +02:00 · 2025-04-09 01:01:40 +02:00
3 changed files with 68 additions and 17 deletions
--- a/.github/workflows/cargo-crev-exemptions-dependabot.yml
+++ b/.github/workflows/cargo-crev-exemptions-dependabot.yml
@@ -0,0 +1,58 @@
+name: Dependabot Vet Exemptions
+on:
+  pull_request:
+    branches:
+      - main
+    paths:
+      - "Cargo.toml"
+      - "Cargo.lock"
+
+jobs:
+  dependabot-cargo-crev-exceptions:
+    if: github.actor == 'dependabot[bot]' # Run only for Dependabot PRs
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.head_ref }}
+          token: ${{ secrets.GITHUB_TOKEN }} # Ensure push access
+
+      - uses: actions/cache@v4
+        with:
+          path: |
+            ~/.cargo/bin/
+            ~/.cargo/registry/index/
+            ~/.cargo/registry/cache/
+          key: cargo-vet-cache
+
+      - name: Install stable toolchain # Since we are running/compiling cargo-vet, we should rely on the stable toolchain.
+        run: |
+          rustup toolchain install stable
+          rustup default stable
+
+      - uses: actions/cache@v4
+        with:
+          path: ${{ runner.tool_cache }}/cargo-vet
+          key: cargo-vet-bin
+
+      - name: Add the tool cache directory to the search path
+        run: echo "${{ runner.tool_cache }}/cargo-vet/bin" >> $GITHUB_PATH
+
+      - name: Ensure that the tool cache is populated with the cargo-vet binary
+        run: cargo install --root ${{ runner.tool_cache }}/cargo-vet cargo-vet
+
+      - name: Regenerate vet exemptions
+        run: cargo vet regenerate exemptions
+
+      - name: Check for changes
+        run: git diff --exit-code || echo "Changes detected, committing..."
+
+      - name: Commit and push changes
+        if: success()
+        run: |
+          git config --global user.name "github-actions[bot]"
+          git config --global user.email "github-actions@github.com"
+          git add supply-chain./*
+          git commit -m "Regenerate cargo vet exemptions"
+          git push origin ${{ github.head_ref }}
--- a/.github/workflows/docker.yaml
+++ b/.github/workflows/docker.yaml
@@ -135,7 +135,7 @@ jobs:

        uses: docker/metadata-action@v5
        with:
-          images: ghcr.io/${{ github.actor }}/rp
+          images: ghcr.io/${{ github.repository_owner }}/rp
          labels: |
            maintainer=Karolin Varner <karo@cupdev.net>, wucke13 <wucke13@gmail.com>
            org.opencontainers.image.authors=Karolin Varner <karo@cupdev.net>, wucke13 <wucke13@gmail.com>
@@ -148,7 +148,7 @@ jobs:
            org.opencontainers.image.source=https://github.com/rosenpass/rosenpass

      - name: Log in to registry
-        run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+        run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.repository_owner }} --password-stdin

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
@@ -161,7 +161,7 @@ jobs:
          file: docker/Dockerfile
          push: ${{ github.event_name != 'pull_request' }}
          labels: ${{ steps.meta.outputs.labels }}
-          tags: ghcr.io/${{ github.actor }}/rp
+          tags: ghcr.io/${{ github.repository_owner }}/rp
          target: rp
          platforms: linux/${{ matrix.arch }}
          outputs: type=image,push-by-digest=true,name-canonical=true,push=true
@@ -199,7 +199,7 @@ jobs:
        id: meta
        uses: docker/metadata-action@v5
        with:
-          images: ghcr.io/${{ github.actor }}/rosenpass
+          images: ghcr.io/${{ github.repository_owner }}/rosenpass
          labels: |
            maintainer=Karolin Varner <karo@cupdev.net>, wucke13 <wucke13@gmail.com>
            org.opencontainers.image.authors=Karolin Varner <karo@cupdev.net>, wucke13 <wucke13@gmail.com>
@@ -212,7 +212,7 @@ jobs:
            org.opencontainers.image.source=https://github.com/rosenpass/rosenpass

      - name: Log in to registry
-        run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+        run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.repository_owner }} --password-stdin

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
@@ -225,7 +225,7 @@ jobs:
          file: docker/Dockerfile
          push: ${{ github.event_name != 'pull_request' }}
          labels: ${{ steps.meta.outputs.labels }}
-          tags: ghcr.io/${{ github.actor }}/rosenpass
+          tags: ghcr.io/${{ github.repository_owner }}/rosenpass
          target: rosenpass
          platforms: linux/${{ matrix.arch }}
          outputs: type=image,push-by-digest=true,name-canonical=true,push=true
@@ -262,7 +262,7 @@ jobs:
          merge-multiple: true

      - name: Log in to registry
-        run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+        run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.repository_owner }} --password-stdin

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
@@ -271,7 +271,7 @@ jobs:
        id: meta
        uses: docker/metadata-action@v5
        with:
-          images: ghcr.io/${{ github.actor }}/${{ matrix.target }}
+          images: ghcr.io/${{ github.repository_owner }}/${{ matrix.target }}
          tags: |
            type=edge,branch=main
            type=sha,branch=main
@@ -281,8 +281,8 @@ jobs:
        working-directory: ${{ runner.temp }}/digests
        run: |
          docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
-            $(printf 'ghcr.io/${{ github.actor }}/${{ matrix.target }}@sha256:%s ' *)
+            $(printf 'ghcr.io/${{ github.repository_owner }}/${{ matrix.target }}@sha256:%s ' *)

      - name: Inspect image
        run: |
-          docker buildx imagetools inspect ghcr.io/${{ github.actor }}/${{ matrix.target }}:${{ steps.meta.outputs.version }}
+          docker buildx imagetools inspect ghcr.io/${{ github.repository_owner }}/${{ matrix.target }}:${{ steps.meta.outputs.version }}
--- a/util/src/time.rs
+++ b/util/src/time.rs
@@ -39,13 +39,6 @@ mod tests {
    use std::thread::sleep;
    use std::time::Duration;

-    #[test]
-    fn test_timebase() {
-        let timebase = Timebase::default();
-        let now = timebase.now();
-        assert!(now > 0.0);
-    }
-
    #[test]
    fn test_timebase_clone() {
        let timebase = Timebase::default();
Author	SHA1	Message	Date
David Niehues	ae418ffba7	ci(supply-chain+dependabot): Automatically create exemptions for cargo-crev for dependa-bot PRs	2025-04-09 07:59:20 +02:00
Karolin Varner	e3f7773bac	fix(time): Remove non-functional test causing errors on mac os There actually is no reason why now being time 0.0 would be incorrect; it might just mean a low resolution clock is being used.	2025-04-09 01:29:21 +02:00
Karolin Varner	9ab754eb0b	fix(docker): Used name of author not of org for docker upload	2025-04-09 01:21:23 +02:00
Karolin Varner	b055457d01	Sha3 use in Rosenpass, Trait for Crypto Primitives, and Libcrux Crypto Backend (#632 )	2025-04-09 01:01:40 +02:00