diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
index 2444972c..51c91fa6 100644
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -8,41 +8,41 @@ assignees: ''
---
-
## Erroneous Behavior
-
## Expected Behavior
-
## Steps to reproduce
-
## Possible Cause (Optional)
-
## Problem persists without calling from topgrade
-
- [ ] Yes
@@ -60,8 +60,8 @@ remote host
- [ ] No
## Configuration file (Optional)
-
@@ -74,15 +74,15 @@ related to configuration.
- Installation
-
- Topgrade version (`topgrade -V`)
## Verbose Output (`topgrade -v`)
-
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
index a75713ef..f793acea 100644
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -7,12 +7,12 @@
- [ ] I have read `CONTRIBUTING.md`
- [ ] *Optional:* I have tested the code myself
- [ ] If this PR introduces new user-facing messages they are translated
-
+
## For new steps
- [ ] *Optional:* Topgrade skips this step where needed
- [ ] *Optional:* The `--dry-run` option works with this step
-- [ ] *Optional:* The `--yes` option works with this step if it is supported by
+- [ ] *Optional:* The `--yes` option works with this step if it is supported by
the underlying command
If you developed a feature or a bug fix for someone else and you do not have the
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index dfd0e308..9be4d83e 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -2,9 +2,23 @@
version: 2
updates:
-
- package-ecosystem: "github-actions"
directory: "/"
schedule:
- # Check for updates to GitHub Actions every week
interval: "weekly"
+
+ - package-ecosystem: cargo
+ directory: "/"
+ schedule:
+ interval: "weekly"
+ day: "monday"
+ time: "06:00"
+ timezone: "UTC"
+ versioning-strategy: increase
+ labels: ["dependencies", "cargo"]
+ commit-message:
+ prefix: "deps(cargo)"
+ include: "scope"
+ groups:
+ cargo-minor-patch:
+ update-types: ["minor", "patch"]
diff --git a/.github/workflows/check_config_creation_if_not_exists.yml b/.github/workflows/check_config_creation_if_not_exists.yml
index 4e050ce0..bf103b1f 100644
--- a/.github/workflows/check_config_creation_if_not_exists.yml
+++ b/.github/workflows/check_config_creation_if_not_exists.yml
@@ -7,15 +7,18 @@ env:
CARGO_TERM_COLOR: always
+permissions:
+ contents: read
+
jobs:
TestConfig:
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v4
+ - uses: actions/checkout@v4.2.2
- run: |
CONFIG_PATH=~/.config/topgrade.toml;
if [ -f "$CONFIG_PATH" ]; then rm $CONFIG_PATH; fi
- cargo build;
+ cargo build;
TOPGRADE_SKIP_BRKC_NOTIFY=true ./target/debug/topgrade --dry-run --only system;
stat $CONFIG_PATH;
diff --git a/.github/workflows/check_i18n.yml b/.github/workflows/check_i18n.yml
index 32cbe91a..07d74b13 100644
--- a/.github/workflows/check_i18n.yml
+++ b/.github/workflows/check_i18n.yml
@@ -6,12 +6,15 @@ on:
name: Check i18n
+permissions:
+ contents: read
+
jobs:
check_locale:
runs-on: ubuntu-latest
steps:
- name: Checkout code
- uses: actions/checkout@v4
+ uses: actions/checkout@v4.2.2
- name: Install checker
# Build it with the dev profile as this is faster and the checker still works
diff --git a/.github/workflows/check_security_vulnerability.yml b/.github/workflows/check_security_vulnerability.yml
index a39a551e..e32d47c0 100644
--- a/.github/workflows/check_security_vulnerability.yml
+++ b/.github/workflows/check_security_vulnerability.yml
@@ -11,6 +11,9 @@ on:
branches:
- main
+permissions:
+ contents: read
+
jobs:
lint:
name: DevSkim
@@ -21,12 +24,12 @@ jobs:
security-events: write
steps:
- name: Checkout code
- uses: actions/checkout@v4
+ uses: actions/checkout@v4.2.2
- name: Run DevSkim scanner
- uses: microsoft/DevSkim-Action@v1
+ uses: microsoft/DevSkim-Action@4b5047945a44163b94642a1cecc0d93a3f428cc6 # v1.0.16
- name: Upload DevSkim scan results to GitHub Security tab
- uses: github/codeql-action/upload-sarif@v3
+ uses: github/codeql-action/upload-sarif@v3.29.5
with:
sarif_file: devskim-results.sarif
diff --git a/.github/workflows/check_semver.yml b/.github/workflows/check_semver.yml
index 3e4a0cc1..f66e101d 100644
--- a/.github/workflows/check_semver.yml
+++ b/.github/workflows/check_semver.yml
@@ -4,12 +4,15 @@ on:
name: Check SemVer compliance
+permissions:
+ contents: read
+
jobs:
prepare:
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v4
- - uses: actions-rs/toolchain@v1
+ - uses: actions/checkout@v4.2.2
+ - uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # v1.0.7
with:
toolchain: nightly-2022-08-03
override: true
@@ -18,7 +21,7 @@ jobs:
semver:
runs-on: ubuntu-latest
steps:
- - uses: actions-rs/cargo@v1
+ - uses: actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505 # v1.0.3
with:
command: install
args: --git https://github.com/rust-lang/rust-semverver
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 0b16c150..ea861206 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -10,13 +10,16 @@ env:
CROSS_VER: '0.2.5'
CARGO_NET_RETRY: 3
+permissions:
+ contents: read
+
jobs:
fmt:
name: Rustfmt
runs-on: ubuntu-latest
steps:
- name: Checkout code
- uses: actions/checkout@v4
+ uses: actions/checkout@v4.2.2
- name: Run cargo fmt
env:
@@ -30,7 +33,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout code
- uses: actions/checkout@v4
+ uses: actions/checkout@v4.2.2
- name: Check if `Step` enum is sorted
run: |
@@ -47,7 +50,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout code
- uses: actions/checkout@v4
+ uses: actions/checkout@v4.2.2
- name: Check if `Step::run()`'s match is sorted
run: |
@@ -55,7 +58,7 @@ jobs:
awk '/[[:alpha:]] =>/{print $1}' $FILE > original.txt
sort original.txt > sorted.txt
diff original.txt sorted.txt
-
+
main:
needs: [ fmt, step-enum-sorted, step-match-sorted ]
name: ${{ matrix.target_name }} (check, clippy)
@@ -96,10 +99,10 @@ jobs:
os: windows-latest
steps:
- name: Checkout code
- uses: actions/checkout@v4
+ uses: actions/checkout@v4.2.2
- name: Setup Rust Cache
- uses: Swatinem/rust-cache@v2
+ uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0
with:
prefix-key: ${{ matrix.target }}
diff --git a/.github/workflows/create_release_assets.yml b/.github/workflows/create_release_assets.yml
index 2f8f29d2..8de44494 100644
--- a/.github/workflows/create_release_assets.yml
+++ b/.github/workflows/create_release_assets.yml
@@ -3,22 +3,25 @@ name: Publish release files for CD native and non-cd-native environments
on:
release:
types: [ created ]
- # When a release failed, and there is something you need to fix in this
+ # When a release failed, and there is something you need to fix in this
# YML file, you can manually re-run the job via this event to re-do the
# release. (Simply re-run the job through GitHub UI won't work as it would use
# the old YML file, which needs a fix.)
workflow_dispatch:
inputs:
- # The GitHub Action (softprops/action-gh-release) used in this pipeline
+ # The GitHub Action (softprops/action-gh-release) used in this pipeline
# needs a tag, you specify it through this parameter.
- #
- # In the case described above, it should be an existing tag. E.g., the
+ #
+ # In the case described above, it should be an existing tag. E.g., the
# release of v16.0.4 failed, you should specify "v16.0.4" here.
- existing_tag:
+ existing_tag:
description: "The tag of the failed release that you wanna re-run and fix"
required: true
type: string
+permissions:
+ contents: read
+
jobs:
# Publish release files for CD native environments
native_build:
@@ -38,7 +41,7 @@ jobs:
platform: [ ubuntu-22.04, macos-latest, macos-13, windows-latest ]
runs-on: ${{ matrix.platform }}
steps:
- - uses: actions/checkout@v4
+ - uses: actions/checkout@v4.2.2
- name: Install needed components
run: |
@@ -121,13 +124,13 @@ jobs:
- name: Release
- uses: softprops/action-gh-release@v2
+ uses: softprops/action-gh-release@72f2c25fcb47643c292f7107632f7a47c1df5cd8 # v2.3.2
with:
tag_name: ${{ steps.determine_tag_name.outputs.tag_name }}
files: assets/*
- name: Generate artifact attestations
- uses: actions/attest-build-provenance@v2
+ uses: actions/attest-build-provenance@v2.4.0
with:
subject-path: assets/*
@@ -153,7 +156,7 @@ jobs:
]
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v4
+ - uses: actions/checkout@v4.2.2
- name: Install needed components
run: |
@@ -179,7 +182,7 @@ jobs:
run: rustup target add ${{ matrix.target }}
- name: install cross
- uses: taiki-e/install-action@v2
+ uses: taiki-e/install-action@aa2649f25ee7099207734772f5393fd30167cb73 # v2.58.0
with:
tool: cross@0.2.5
@@ -238,12 +241,12 @@ jobs:
- name: Release
- uses: softprops/action-gh-release@v2
+ uses: softprops/action-gh-release@72f2c25fcb47643c292f7107632f7a47c1df5cd8 # v2.3.2
with:
tag_name: ${{ steps.determine_tag_name.outputs.tag_name }}
files: assets/*
- name: Generate artifact attestations
- uses: actions/attest-build-provenance@v2
+ uses: actions/attest-build-provenance@v2.4.0
with:
subject-path: assets/*
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
new file mode 100644
index 00000000..76032407
--- /dev/null
+++ b/.github/workflows/dependency-review.yml
@@ -0,0 +1,22 @@
+# Dependency Review Action
+#
+# This Action will scan dependency manifest files that change as part of a Pull Request,
+# surfacing known-vulnerable versions of the packages declared or updated in the PR.
+# Once installed, if the workflow run is marked as required,
+# PRs introducing known-vulnerable packages will be blocked from merging.
+#
+# Source repository: https://github.com/actions/dependency-review-action
+name: 'Dependency Review'
+on: [pull_request]
+
+permissions:
+ contents: read
+
+jobs:
+ dependency-review:
+ runs-on: ubuntu-latest
+ steps:
+ - name: 'Checkout Repository'
+ uses: actions/checkout@v4.2.2
+ - name: 'Dependency Review'
+ uses: actions/dependency-review-action@da24556b548a50705dd671f47852072ea4c105d9 # v4.7.1
diff --git a/.github/workflows/release_to_aur.yml b/.github/workflows/release_to_aur.yml
index 31824636..02ae7135 100644
--- a/.github/workflows/release_to_aur.yml
+++ b/.github/workflows/release_to_aur.yml
@@ -1,7 +1,7 @@
name: Publish to AUR
on:
- # Step "Publish binary AUR package" needs the binaries built by the following
+ # Step "Publish binary AUR package" needs the binaries built by the following
# workflow, so we wait for it to complete.
workflow_run:
workflows: ["Publish release files for CD native and non-cd-native environments"]
@@ -15,6 +15,9 @@ on:
required: false
type: string
+permissions:
+ contents: read
+
jobs:
aur-publish:
runs-on: ubuntu-latest
diff --git a/.github/workflows/release_to_homebrew.yml b/.github/workflows/release_to_homebrew.yml
index 336e53f6..439d5fca 100644
--- a/.github/workflows/release_to_homebrew.yml
+++ b/.github/workflows/release_to_homebrew.yml
@@ -10,16 +10,19 @@ on:
tags:
- "v*"
+permissions:
+ contents: read
+
jobs:
homebrew-publish:
runs-on: ubuntu-latest
steps:
- name: Set up Homebrew
id: set-up-homebrew
- uses: Homebrew/actions/setup-homebrew@master
+ uses: Homebrew/actions/setup-homebrew@24a0b15df658487e137fcd20fba32757d41a9411 # master
- name: Cache Homebrew Bundler RubyGems
id: cache
- uses: actions/cache@v4
+ uses: actions/cache@v4.2.3
with:
path: ${{ steps.set-up-homebrew.outputs.gems-path }}
key: ${{ runner.os }}-rubygems-${{ steps.set-up-homebrew.outputs.gems-hash }}
@@ -29,7 +32,7 @@ jobs:
if: steps.cache.outputs.cache-hit != 'true'
run: brew install-bundler-gems
- name: Bump formulae
- uses: Homebrew/actions/bump-packages@master
+ uses: Homebrew/actions/bump-packages@24a0b15df658487e137fcd20fba32757d41a9411 # master
continue-on-error: true
with:
# Custom GitHub access token with only the 'public_repo' scope enabled
diff --git a/.github/workflows/release_to_pypi.yml b/.github/workflows/release_to_pypi.yml
index 7251e8e7..0abf055e 100644
--- a/.github/workflows/release_to_pypi.yml
+++ b/.github/workflows/release_to_pypi.yml
@@ -15,16 +15,16 @@ jobs:
matrix:
target: [x86_64, x86, aarch64]
steps:
- - uses: actions/checkout@v4
+ - uses: actions/checkout@v4.2.2
- name: Build wheels
- uses: PyO3/maturin-action@v1
+ uses: PyO3/maturin-action@e10f6c464b90acceb5f640d31beda6d586ba7b4a # v1.49.3
with:
target: ${{ matrix.target }}
args: --release --out dist
sccache: ${{ !startsWith(github.ref, 'refs/tags/') }}
manylinux: auto
- name: Upload wheels
- uses: actions/upload-artifact@v4
+ uses: actions/upload-artifact@v4.6.2
with:
name: wheels-linux-${{ matrix.target }}
path: dist
@@ -35,15 +35,15 @@ jobs:
matrix:
target: [x64, x86]
steps:
- - uses: actions/checkout@v4
+ - uses: actions/checkout@v4.2.2
- name: Build wheels
- uses: PyO3/maturin-action@v1
+ uses: PyO3/maturin-action@e10f6c464b90acceb5f640d31beda6d586ba7b4a # v1.49.3
with:
target: ${{ matrix.target }}
args: --release --out dist
sccache: ${{ !startsWith(github.ref, 'refs/tags/') }}
- name: Upload wheels
- uses: actions/upload-artifact@v4
+ uses: actions/upload-artifact@v4.6.2
with:
name: wheels-windows-${{ matrix.target }}
path: dist
@@ -54,15 +54,15 @@ jobs:
matrix:
target: [x86_64, aarch64]
steps:
- - uses: actions/checkout@v4
+ - uses: actions/checkout@v4.2.2
- name: Build wheels
- uses: PyO3/maturin-action@v1
+ uses: PyO3/maturin-action@e10f6c464b90acceb5f640d31beda6d586ba7b4a # v1.49.3
with:
target: ${{ matrix.target }}
args: --release --out dist
sccache: ${{ !startsWith(github.ref, 'refs/tags/') }}
- name: Upload wheels
- uses: actions/upload-artifact@v4
+ uses: actions/upload-artifact@v4.6.2
with:
name: wheels-macos-${{ matrix.target }}
path: dist
@@ -70,14 +70,14 @@ jobs:
sdist:
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v4
+ - uses: actions/checkout@v4.2.2
- name: Build sdist
- uses: PyO3/maturin-action@v1
+ uses: PyO3/maturin-action@e10f6c464b90acceb5f640d31beda6d586ba7b4a # v1.49.3
with:
command: sdist
args: --out dist
- name: Upload sdist
- uses: actions/upload-artifact@v4
+ uses: actions/upload-artifact@v4.6.2
with:
name: wheels-sdist
path: dist
@@ -94,15 +94,15 @@ jobs:
# Used to generate artifact attestation
attestations: write
steps:
- - uses: actions/download-artifact@v4
+ - uses: actions/download-artifact@v4.3.0
- name: Generate artifact attestation
- uses: actions/attest-build-provenance@v2
+ uses: actions/attest-build-provenance@v2.4.0
with:
subject-path: 'wheels-*/*'
- name: Publish to PyPI
- uses: PyO3/maturin-action@v1
+ uses: PyO3/maturin-action@e10f6c464b90acceb5f640d31beda6d586ba7b4a # v1.49.3
env:
MATURIN_PYPI_TOKEN: ${{ secrets.PYPI_API_TOKEN }}
with:
diff --git a/.github/workflows/release_to_winget.yml b/.github/workflows/release_to_winget.yml
index f2cb0b3b..9425ded8 100644
--- a/.github/workflows/release_to_winget.yml
+++ b/.github/workflows/release_to_winget.yml
@@ -4,12 +4,15 @@ on:
types: [released]
workflow_dispatch:
+permissions:
+ contents: read
+
jobs:
publish:
runs-on: windows-latest
steps:
- - uses: vedantmgoyal2009/winget-releaser@main
+ - uses: vedantmgoyal2009/winget-releaser@19e706d4c9121098010096f9c495a70a7518b30f # main
with:
identifier: topgrade-rs.topgrade
max-versions-to-keep: 5 # keep only latest 5 versions
- token: ${{ secrets.WINGET_TOKEN }}
\ No newline at end of file
+ token: ${{ secrets.WINGET_TOKEN }}
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
new file mode 100644
index 00000000..63a565f3
--- /dev/null
+++ b/.github/workflows/scorecards.yml
@@ -0,0 +1,76 @@
+# This workflow uses actions that are not certified by GitHub. They are provided
+# by a third-party and are governed by separate terms of service, privacy
+# policy, and support documentation.
+
+name: Scorecard supply-chain security
+on:
+ # For Branch-Protection check. Only the default branch is supported. See
+ # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
+ branch_protection_rule:
+ # To guarantee Maintained check is occasionally updated. See
+ # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
+ schedule:
+ - cron: '20 7 * * 2'
+ push:
+ branches: ["main"]
+
+# Declare default permissions as read only.
+permissions: read-all
+
+jobs:
+ analysis:
+ name: Scorecard analysis
+ runs-on: ubuntu-latest
+ permissions:
+ # Needed to upload the results to code-scanning dashboard.
+ security-events: write
+ # Needed to publish results and get a badge (see publish_results below).
+ id-token: write
+ contents: read
+ actions: read
+ # To allow GraphQL ListCommits to work
+ issues: read
+ pull-requests: read
+ # To detect SAST tools
+ checks: read
+
+ steps:
+ - name: "Checkout code"
+ uses: actions/checkout@v4.2.2
+ with:
+ persist-credentials: false
+
+ - name: "Run analysis"
+ uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
+ with:
+ results_file: results.sarif
+ results_format: sarif
+ # (Optional) "write" PAT token. Uncomment the `repo_token` line below if:
+ # - you want to enable the Branch-Protection check on a *public* repository, or
+ # - you are installing Scorecards on a *private* repository
+ # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.
+ # repo_token: ${{ secrets.SCORECARD_TOKEN }}
+
+ # Public repositories:
+ # - Publish results to OpenSSF REST API for easy access by consumers
+ # - Allows the repository to include the Scorecard badge.
+ # - See https://github.com/ossf/scorecard-action#publishing-results.
+ # For private repositories:
+ # - `publish_results` will always be set to `false`, regardless
+ # of the value entered here.
+ publish_results: true
+
+ # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
+ # format to the repository Actions tab.
+ - name: "Upload artifact"
+ uses: actions/upload-artifact@v4.6.2
+ with:
+ name: SARIF file
+ path: results.sarif
+ retention-days: 5
+
+ # Upload the results to GitHub's code scanning dashboard.
+ - name: "Upload to code-scanning"
+ uses: github/codeql-action/upload-sarif@v3.29.5
+ with:
+ sarif_file: results.sarif
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
new file mode 100644
index 00000000..c9ba1d0c
--- /dev/null
+++ b/.pre-commit-config.yaml
@@ -0,0 +1,14 @@
+repos:
+- repo: https://github.com/gitleaks/gitleaks
+ rev: v8.16.3
+ hooks:
+ - id: gitleaks
+- repo: https://github.com/shellcheck-py/shellcheck-py
+ rev: v0.10.0.1
+ hooks:
+ - id: shellcheck
+- repo: https://github.com/pre-commit/pre-commit-hooks
+ rev: v4.4.0
+ hooks:
+ - id: end-of-file-fixer
+ - id: trailing-whitespace
diff --git a/README.md b/README.md
index d4592536..70cd56d1 100644
--- a/README.md
+++ b/README.md
@@ -2,7 +2,7 @@
-
+
@@ -44,14 +44,14 @@ The compiled binaries contain a self-upgrading feature.
Just run `topgrade`.
-## Configuration
+## Configuration
See `config.example.toml` for an example configuration file.
## Migration and Breaking Changes
Whenever there is a **breaking change**, the major version number will be bumped,
-and we will document these changes in the release note, please take a look at
+and we will document these changes in the release note, please take a look at
it when updated to a major release.
> Got a question? Feel free to open an issue or discussion!
diff --git a/RELEASE_PROCEDURE.md b/RELEASE_PROCEDURE.md
index b9e1ebff..7fa1177d 100644
--- a/RELEASE_PROCEDURE.md
+++ b/RELEASE_PROCEDURE.md
@@ -1,8 +1,8 @@
> This document lists the steps that lead to a successful release of Topgrade.
1. Open a PR that:
-
- > Here is an [Example PR](https://github.com/topgrade-rs/topgrade/pull/652)
+
+ > Here is an [Example PR](https://github.com/topgrade-rs/topgrade/pull/652)
> that you can refer to.
1. bumps the version number.
@@ -10,10 +10,10 @@
> If there are breaking changes, the major version number should be increased.
2. If the major versioin number gets bumped, update [SECURITY.md][SECURITY_file_link].
-
+
[SECURITY_file_link]: https://github.com/topgrade-rs/topgrade/blob/main/SECURITY.md
- 3. Overwrite [`BREAKINGCHANGES`][breaking_changes] with
+ 3. Overwrite [`BREAKINGCHANGES`][breaking_changes] with
[`BREAKINGCHANGES_dev`][breaking_changes_dev], and create a new dev file:
```sh'
@@ -27,7 +27,7 @@
2. Check and merge that PR.
-3. Go to the [release](https://github.com/topgrade-rs/topgrade/releases) page
+3. Go to the [release](https://github.com/topgrade-rs/topgrade/releases) page
and click the [Draft a new release button](https://github.com/topgrade-rs/topgrade/releases/new)
4. Write the release notes
@@ -39,7 +39,7 @@
5. Attaching binaries
- You don't need to do this as our CI will automatically do it for you,
+ You don't need to do this as our CI will automatically do it for you,
binaries for Linux, macOS and Windows will be created and attached.
And the CI will publish the new binary to:
@@ -50,10 +50,10 @@
4. Winget
6. Manually release it to Crates.io
-
+
> Yeah, this is unfortunate, our CI won't do this for us. We should probably add one.
- 1. `cd` to the Topgrade directory, make sure that it is the latest version
+ 1. `cd` to the Topgrade directory, make sure that it is the latest version
(i.e., including the PR that bumps the version number).
2. Set up your token with `cargo login`.
3. Dry-run the publish `cargo publish --dry-run`.
@@ -62,8 +62,3 @@
> You can also take a look at the official tutorial [Publishing on crates.io][doc]
>
> [doc]: https://doc.rust-lang.org/cargo/reference/publishing.html
-
-
-
-
-
diff --git a/SECURITY.md b/SECURITY.md
index 1c60be32..57b255cb 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -8,4 +8,3 @@ We only support the latest major version and each subversion.
| -------- | ------------------ |
| 16.0.x | :white_check_mark: |
| < 16.0 | :x: |
-
diff --git a/build-all.sh b/build-all.sh
index 958cf6f2..0bad87c9 100755
--- a/build-all.sh
+++ b/build-all.sh
@@ -1,4 +1,5 @@
-#!/usr/bin/env sh
+#!/usr/bin/env bash
+
build_function() {
rustup update
cargo install cross
@@ -20,7 +21,7 @@ build_function() {
package_function() {
- cd build
+ cd build || exit 1
mkdir x86_64-unknown-linux-gnu/
mkdir x86_64-unknown-linux-musl/
mkdir x86_64-unknown-freebsd/
@@ -35,28 +36,28 @@ package_function() {
cp ../target/aarch64-unknown-linux-musl/release/topgrade aarch64-unknown-linux-musl/topgrade
cp ../target/x86_64-pc-windows-gnu/release/topgrade.exe x86_64-pc-windows-gnu/topgrade.exe
- cd x86_64-unknown-linux-gnu/
- tar -czf ../topgrade-${ans}-x86_64-linux-gnu.tar.gz topgrade
+ cd x86_64-unknown-linux-gnu/ || exit 1
+ tar -czf "../topgrade-${ans}-x86_64-linux-gnu.tar.gz" topgrade
cd ..
- cd x86_64-unknown-linux-musl
- tar -czf ../topgrade-${ans}-x86_64-linux-musl.tar.gz topgrade
+ cd x86_64-unknown-linux-musl/ || exit 1
+ tar -czf "../topgrade-${ans}-x86_64-linux-musl.tar.gz" topgrade
cd ..
- cd x86_64-unknown-freebsd/
- tar -czf ../topgrade-${ans}-x86_64-freebsd.tar.gz topgrade
+ cd x86_64-unknown-freebsd/ || exit 1
+ tar -czf "../topgrade-${ans}-x86_64-freebsd.tar.gz" topgrade
cd ..
- cd aarch64-unknown-linux-gnu/
- tar -czf ../topgrade-${ans}-aarch64-linux-gnu.tar.gz topgrade
+ cd aarch64-unknown-linux-gnu/ || exit 1
+ tar -czf "../topgrade-${ans}-aarch64-linux-gnu.tar.gz" topgrade
cd ..
- cd aarch64-unknown-linux-musl/
- tar -czf ../topgrade-${ans}-aarch64-linux-musl.tar.gz topgrade
+ cd aarch64-unknown-linux-musl/ || exit 1
+ tar -czf "../topgrade-${ans}-aarch64-linux-musl.tar.gz" topgrade
cd ..
- cd x86_64-pc-windows-gnu/
- zip -q ../topgrade-${ans}-x86_64-windows.zip topgrade.exe
+ cd x86_64-pc-windows-gnu/ || exit 1
+ zip -q "../topgrade-${ans}-x86_64-windows.zip" topgrade.exe
cd ..
cd ..
@@ -65,17 +66,19 @@ package_function() {
print_checksums() {
- cd build/
- sha256sum topgrade-${ans}-*
+ cd build/ || exit 1
+ sha256sum topgrade-"${ans}"-*
cd ../
}
while true; do
echo "You should always have a look on scripts you download from the internet."
+# shellcheck disable=SC2162
read -p "Do you still want to proceed? (y/n) " yn
echo -n "Input version number: "
+# shellcheck disable=SC2162
read ans
mkdir build
diff --git a/config.example.toml b/config.example.toml
index bca777fc..579ea409 100644
--- a/config.example.toml
+++ b/config.example.toml
@@ -236,7 +236,7 @@
# wsl_update_use_web_download = true
-# The default for winget_install_silently is true,
+# The default for winget_install_silently is true,
# this example turns off silent install.
# winget_install_silently = false
diff --git a/src/steps/os/os_release/amazon_linux b/src/steps/os/os_release/amazon_linux
index 2903a695..07a45072 100644
--- a/src/steps/os/os_release/amazon_linux
+++ b/src/steps/os/os_release/amazon_linux
@@ -6,4 +6,4 @@ VERSION_ID="2"
PRETTY_NAME="Amazon Linux 2"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2"
-HOME_URL="https://amazonlinux.com/"
\ No newline at end of file
+HOME_URL="https://amazonlinux.com/"
diff --git a/src/steps/os/os_release/arch32 b/src/steps/os/os_release/arch32
index 36f4a849..08ebb662 100644
--- a/src/steps/os/os_release/arch32
+++ b/src/steps/os/os_release/arch32
@@ -8,4 +8,4 @@ HOME_URL="https://www.archlinux32.org/"
DOCUMENTATION_URL="https://wiki.archlinux.org/"
SUPPORT_URL="https://bbs.archlinux32.org/"
BUG_REPORT_URL="https://bugs.archlinux32.org/"
-LOGO=archlinux
\ No newline at end of file
+LOGO=archlinux
diff --git a/src/steps/os/os_release/bazzite b/src/steps/os/os_release/bazzite
index 3b34bd02..a28eb3c8 100644
--- a/src/steps/os/os_release/bazzite
+++ b/src/steps/os/os_release/bazzite
@@ -22,4 +22,4 @@ OSTREE_VERSION='41.20250208.0'
BUILD_ID="Stable (F41.20250208)"
BOOTLOADER_NAME="Bazzite Stable (F41.20250208)"
BUILD_ID="Stable (F41.20250208)"
-BOOTLOADER_NAME="Bazzite Stable (F41.20250208)"
\ No newline at end of file
+BOOTLOADER_NAME="Bazzite Stable (F41.20250208)"
diff --git a/src/steps/os/os_release/centos b/src/steps/os/os_release/centos
index 7037a940..c276e3ae 100644
--- a/src/steps/os/os_release/centos
+++ b/src/steps/os/os_release/centos
@@ -13,4 +13,3 @@ CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"
-
diff --git a/src/steps/os/os_release/fedoraswayatomic b/src/steps/os/os_release/fedoraswayatomic
index ab259590..eda41fc1 100644
--- a/src/steps/os/os_release/fedoraswayatomic
+++ b/src/steps/os/os_release/fedoraswayatomic
@@ -20,4 +20,4 @@ REDHAT_SUPPORT_PRODUCT_VERSION=40
SUPPORT_END=2025-05-13
VARIANT="Sway Atomic"
VARIANT_ID=sway-atomic
-OSTREE_VERSION='40.20240426.0'
\ No newline at end of file
+OSTREE_VERSION='40.20240426.0'
diff --git a/src/steps/os/os_release/garuda b/src/steps/os/os_release/garuda
index cd121382..90bfb628 100644
--- a/src/steps/os/os_release/garuda
+++ b/src/steps/os/os_release/garuda
@@ -7,4 +7,4 @@ HOME_URL="https://www.garudalinux.in/"
DOCUMENTATION_URL="https://wiki.archlinux.org/"
SUPPORT_URL="https://forum.garudalinux.in/"
BUG_REPORT_URL="https://gitlab.com/groups/garuda-linux/"
-LOGO=garudalinux
\ No newline at end of file
+LOGO=garudalinux
diff --git a/src/steps/os/os_release/manjaro-arm b/src/steps/os/os_release/manjaro-arm
index 80e98c5a..24454473 100644
--- a/src/steps/os/os_release/manjaro-arm
+++ b/src/steps/os/os_release/manjaro-arm
@@ -4,4 +4,3 @@ PRETTY_NAME="Manjaro ARM"
ANSI_COLOR="1;32"
HOME_URL="https://www.manjaro.org/"
SUPPORT_URL="https://forum.manjaro.org/c/manjaro-arm/"
-