ci: pedantic checks

Author: SergioRibera

.github/workflows/ci.yml

@@ -29,6 +29,6 @@ jobs:
         uses: actions/checkout@v4
       - uses: dtolnay/rust-toolchain@stable
       - uses: Swatinem/rust-cache@v2
-      - name: cargo check
+      - name: Checks
         run: |
-          cargo clippy -- -D warnings
+          cargo clippy -- -D warnings -D clippy::pedantic

crates/config/src/lib.rs

@@ -1,3 +1,5 @@
+#![allow(clippy::missing_panics_doc)]
+
 use std::collections::HashSet;
 use std::path::PathBuf;
 
@@ -77,6 +79,7 @@ impl Config {
     }
 }
 
+#[must_use]
 pub fn parse_config(path: &PathBuf) -> Config {
     if path.is_dir() {
         let mut config = Config::default();
@@ -103,6 +106,7 @@ pub fn parse_config(path: &PathBuf) -> Config {
     }
 }
 
+#[must_use]
 pub fn get_config() -> (PathBuf, Config) {
     let args = Command::new("grhooks")
         .version(env!("CARGO_PKG_VERSION"))

crates/core/src/cmd.rs

@@ -1,17 +1,16 @@
 use std::path::PathBuf;
-use std::sync::Arc;
 
 use grhooks_config::WebhookConfig;
 use srtemplate::SrTemplate;
 
-pub async fn execute_command<'a>(
+pub async fn execute_command(
     config: &WebhookConfig,
     event_type: &str,
     value: &serde_json::Value,
 ) -> std::io::Result<String> {
-    let ctx = Arc::new(SrTemplate::with_delimiter("${{", "}}"));
+    let ctx = SrTemplate::with_delimiter("${{", "}}");
     ctx.add_variable("event.type", event_type);
-    crate::process_value(ctx.clone(), "event", value);
+    crate::process_value(&ctx, "event", value);
 
     let (shell, args) = if let Some(shell) = config.shell.as_ref() {
         let mut args = shell.clone();
@@ -22,9 +21,9 @@ pub async fn execute_command<'a>(
     };
 
     let output = if let Some(script_path) = &config.script {
-        execute_script(ctx.as_ref(), script_path, &shell, &args).await?
+        execute_script(&ctx, script_path, &shell, &args).await?
     } else if let Some(command) = config.command.as_deref() {
-        execute_direct_command(ctx.as_ref(), command, &shell, &args).await?
+        execute_direct_command(&ctx, command, &shell, &args).await?
     } else {
         return Err(std::io::Error::new(
             std::io::ErrorKind::Other,
@@ -35,8 +34,8 @@ pub async fn execute_command<'a>(
     Ok(output)
 }
 
-async fn execute_direct_command<'a>(
-    ctx: &SrTemplate<'a>,
+async fn execute_direct_command(
+    ctx: &SrTemplate<'_>,
     command: &str,
     shell: &str,
     shell_args: &[String],
@@ -55,11 +54,11 @@ async fn execute_direct_command<'a>(
         .output()
         .await?;
 
-    handle_command_output(output, &rendered_cmd)
+    handle_command_output(&output, &rendered_cmd)
 }
 
-async fn execute_script<'a>(
-    ctx: &SrTemplate<'a>,
+async fn execute_script(
+    ctx: &SrTemplate<'_>,
     script_path: &PathBuf,
     shell: &str,
     shell_args: &[String],
@@ -93,10 +92,10 @@ async fn execute_script<'a>(
         .output()
         .await?;
 
-    handle_command_output(output, &format!("script: {temp_script:?}"))
+    handle_command_output(&output, &format!("script: {temp_script:?}"))
 }
 
-fn handle_command_output(output: std::process::Output, context: &str) -> std::io::Result<String> {
+fn handle_command_output(output: &std::process::Output, context: &str) -> std::io::Result<String> {
     if !output.status.success() {
         let err_msg = format!(
             "Command failed ({} - {}):\nSTDERR: {}\nSTDOUT: {}",

crates/core/src/lib.rs

@@ -1,4 +1,4 @@
-use std::sync::Arc;
+#![allow(clippy::missing_errors_doc)]
 
 use serde_json::Value;
 use srtemplate::SrTemplate;
@@ -15,32 +15,32 @@ pub fn render_secret(secret: &str, event_type: &str) -> String {
     secret
 }
 
-pub fn process_value<'a>(ctx: Arc<SrTemplate<'a>>, prefix: &'a str, value: &'a Value) {
+pub fn process_value<'a>(ctx: &SrTemplate<'a>, prefix: &'a str, value: &'a Value) {
     match value {
         Value::Null => {
             tracing::trace!("Processing value: {prefix} = {value}");
-            ctx.add_variable(prefix, &"null")
+            ctx.add_variable(prefix, "null");
         }
         Value::Bool(b) => {
             tracing::trace!("Processing value: {prefix} = {value}");
-            ctx.add_variable(prefix, b)
+            ctx.add_variable(prefix, b);
         }
         Value::Number(n) => {
             tracing::trace!("Processing value: {prefix} = {value}");
-            ctx.add_variable(prefix, n)
+            ctx.add_variable(prefix, n);
         }
         Value::String(s) => {
             tracing::trace!("Processing value: {prefix} = {value}");
-            ctx.add_variable(prefix, s)
+            ctx.add_variable(prefix, s);
         }
         Value::Array(arr) => {
             tracing::trace!("Processing value: {prefix} = Array {{}}");
             for (i, item) in arr.iter().enumerate() {
-                let key = format!("{}[{}]", prefix, i);
+                let key = format!("{prefix}[{i}]");
                 let key = unsafe {
                     core::mem::transmute::<&str, &'a str>(Box::leak(key.into_boxed_str()))
                 };
-                process_value(ctx.clone(), key, item);
+                process_value(ctx, key, item);
             }
         }
         Value::Object(obj) => {
@@ -49,12 +49,12 @@ pub fn process_value<'a>(ctx: Arc<SrTemplate<'a>>, prefix: &'a str, value: &'a V
                 let key = if prefix.is_empty() {
                     k.to_string()
                 } else {
-                    format!("{}.{}", prefix, k)
+                    format!("{prefix}.{k}")
                 };
                 let key = unsafe {
                     core::mem::transmute::<&str, &'a str>(Box::leak(key.into_boxed_str()))
                 };
-                process_value(ctx.clone(), &key, v);
+                process_value(ctx, key, v);
             }
         }
     }

crates/origin/src/errors.rs

@@ -13,7 +13,7 @@ pub enum Error {
 impl Debug for Error {
     fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
         match self {
-            Error::MissingHeader(header) => write!(f, "Missing required header: {}", header),
+            Error::MissingHeader(header) => write!(f, "Missing required header: {header}"),
             Error::InvalidSignature => write!(f, "Invalid signature"),
             Error::InvalidUserAgent => write!(f, "Invalid user agent"),
             Error::UnsupportedEvent => write!(f, "Unsupported event type"),
@@ -26,7 +26,7 @@ impl IntoResponse for Error {
         match self {
             Error::MissingHeader(header) => (
                 StatusCode::BAD_REQUEST,
-                format!("Missing required header: {}", header),
+                format!("Missing required header: {header}"),
             )
                 .into_response(),
             Error::InvalidSignature => {

crates/origin/src/github.rs

@@ -38,7 +38,7 @@ impl WebhookOrigin for GitHubValidator {
         headers
             .get("X-GitHub-Event")
             .and_then(|v| v.to_str().ok())
-            .map(|s| s.to_string())
+            .map(ToString::to_string)
             .ok_or(Error::MissingHeader("X-GitHub-Event"))
     }
 
@@ -48,30 +48,27 @@ impl WebhookOrigin for GitHubValidator {
         secret: &str,
         body: &[u8],
     ) -> Result<(), Error> {
-        let (expected_signature, signature) = match headers
+        let (expected_signature, signature) = if let Some(signature) = headers
             .get("X-Hub-Signature-256")
             .and_then(|v| v.to_str().ok())
         {
-            Some(signature) => {
-                let signature = signature.trim_start_matches("sha256=");
-                let mut mac = Hmac::<Sha256>::new_from_slice(secret.as_bytes())
-                    .map_err(|_| Error::InvalidSignature)?;
-                mac.update(body);
-                let expected_signature = hex::encode(mac.finalize().into_bytes());
-                (expected_signature, signature)
-            }
-            None => {
-                let signature = headers
-                    .get("X-Hub-Signature")
-                    .and_then(|v| v.to_str().ok())
-                    .ok_or(Error::MissingHeader("X-Hub-Signature"))?;
-                let signature = signature.trim_start_matches("sha1=");
-                let mut mac = Hmac::<Sha1>::new_from_slice(secret.as_bytes())
-                    .map_err(|_| Error::InvalidSignature)?;
-                mac.update(body);
-                let expected_signature = hex::encode(mac.finalize().into_bytes());
-                (expected_signature, signature)
-            }
+            let signature = signature.trim_start_matches("sha256=");
+            let mut mac = Hmac::<Sha256>::new_from_slice(secret.as_bytes())
+                .map_err(|_| Error::InvalidSignature)?;
+            mac.update(body);
+            let expected_signature = hex::encode(mac.finalize().into_bytes());
+            (expected_signature, signature)
+        } else {
+            let signature = headers
+                .get("X-Hub-Signature")
+                .and_then(|v| v.to_str().ok())
+                .ok_or(Error::MissingHeader("X-Hub-Signature"))?;
+            let signature = signature.trim_start_matches("sha1=");
+            let mut mac = Hmac::<Sha1>::new_from_slice(secret.as_bytes())
+                .map_err(|_| Error::InvalidSignature)?;
+            mac.update(body);
+            let expected_signature = hex::encode(mac.finalize().into_bytes());
+            (expected_signature, signature)
         };
 
         if !constant_time_eq::constant_time_eq(signature.as_bytes(), expected_signature.as_bytes())

crates/origin/src/gitlab.rs

@@ -30,7 +30,7 @@ impl WebhookOrigin for GitLabValidator {
         headers
             .get("X-Gitlab-Event")
             .and_then(|v| v.to_str().ok())
-            .map(|s| s.to_string())
+            .map(ToString::to_string)
             .ok_or(Error::MissingHeader("X-Gitlab-Event"))
     }
 

crates/origin/src/lib.rs

@@ -1,3 +1,5 @@
+#![allow(clippy::missing_errors_doc)]
+
 use axum::http::HeaderMap;
 use serde::Deserialize;
 

src/handlers.rs

@@ -25,20 +25,21 @@ pub async fn webhook_handler(
     let Some(event_type) = header.get("X-GitHub-Event").and_then(|v| v.to_str().ok()) else {
         return (
             StatusCode::BAD_REQUEST,
-            format!("Missing X-GitHub-Event header"),
+            "Missing X-GitHub-Event header".to_string(),
         );
     };
 
-    if !webhook.events.is_empty() && !webhook.events.contains(&"*".to_string()) {
-        if !webhook.events.contains(&event_type.to_string()) {
-            return (
-                StatusCode::BAD_REQUEST,
-                format!("Event '{event_type}' not allowed"),
-            );
-        }
+    if !webhook.events.is_empty()
+        && !webhook.events.contains("*")
+        && !webhook.events.contains(event_type)
+    {
+        return (
+            StatusCode::BAD_REQUEST,
+            format!("Event '{event_type}' not allowed"),
+        );
     }
 
-    match grhooks_core::execute_command(&webhook, event_type, &value).await {
+    match grhooks_core::execute_command(webhook, event_type, &value).await {
         Ok(output) => (StatusCode::OK, output),
         Err(e) => {
             tracing::error!("Error executing command: {e}");

src/main.rs

@@ -46,7 +46,7 @@ async fn main() {
 
     println!("listening on {}", listener.local_addr().unwrap());
 
-    axum::serve(listener, app).await.unwrap()
+    axum::serve(listener, app).await.unwrap();
 }
 
 fn listen_config_changes(state: GlobalConfig) -> impl EventHandler {
@@ -60,7 +60,7 @@ fn listen_config_changes(state: GlobalConfig) -> impl EventHandler {
             config.webhooks = Vec::new(); // restore webhooks
             event.paths.iter().for_each(|path| {
                 tracing::info!("Config file changed: {path:?}");
-                config.merge(grhooks_config::parse_config(&path))
+                config.merge(grhooks_config::parse_config(path));
             });
             config.print_paths();
         }