Merge commit '11e2c0daa1ece49f278ac6284f03e36906e731ad' into claim_v2…

…+c2pa_crypto
contentauth · Dec 12, 2024 · 3b2f611 · 3b2f611
2 parents d5df782 + 11e2c0d
commit 3b2f611
Show file tree

Hide file tree

Showing 85 changed files with 2,629 additions and 1,743 deletions.
diff --git a/.commitlintrc.yml b/.commitlintrc.yml
@@ -24,6 +24,7 @@ rules:
       - export_schema
       - make_test_images
       - sdk
+      - c2patool
 
   # Scope may be empty
   # (NOTE: Disabled for now while we work around

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -175,6 +175,30 @@ jobs:
           fail_ci_if_error: true
           verbose: true
 
+  cargo-check:
+    name: Default features build
+    if: |
+      github.event_name != 'pull_request' ||
+      github.event.pull_request.author_association == 'COLLABORATOR' ||
+      github.event.pull_request.author_association == 'MEMBER' ||
+      github.event.pull_request.user.login == 'dependabot[bot]' ||
+      contains(github.event.pull_request.labels.*.name, 'safe to test')
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Install Rust toolchain
+        uses: dtolnay/rust-toolchain@stable
+
+      - name: Cache Rust dependencies
+        uses: Swatinem/rust-cache@v2
+
+      - name: "`cargo check` with default features"
+        run: cargo check
+
   tests-cross:
     name: Unit tests
     if: |

diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
@@ -147,9 +147,11 @@ jobs:
         echo Will add nightly suffix $NIGHTLY_SUFFIX
 
         sed -i "s/^version = \"\\(.*\\)\"/version = \"\\1$NIGHTLY_SUFFIX\"/" sdk/Cargo.toml
-
+        sed -i "s/path = \"..\/sdk\", version = \"\\(.*\\)\"/path = \"..\/sdk\", version = \"\\1$NIGHTLY_SUFFIX\"/" cli/Cargo.toml
+        
         cargo update -w
-        git add -f Cargo.lock
+        git add Cargo.lock
+        find . -name 'Cargo.toml' | xargs git add
 
         echo
         echo Proposed changes:

diff --git a/.github/workflows/pr_title.yml b/.github/workflows/pr_title.yml
@@ -42,6 +42,7 @@ jobs:
           # these exact names:
           #
           #    * sdk (The primary C2PA Rust SDK)
+          #    * c2patool
           #    * export_schema
           #    * make_test_images
           #
@@ -90,6 +91,16 @@ jobs:
             exit 0;
           fi
 
+          if echo "$PR_TITLE" | grep -E '^update: update '; then
+            echo "Exception / OK: Dependabot update pattern"
+            exit 0;
+          fi
+
+          if echo "$PR_TITLE" | grep -E '^update: bump '; then
+            echo "Exception / OK: Dependabot update pattern"
+            exit 0;
+          fi
+
           echo "Installing commitlint-rs. Please wait 30-40 seconds ..."
           cargo install --quiet commitlint-rs
           set -e

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -14,6 +14,9 @@ jobs:
     name: Release-plz
     runs-on: ubuntu-latest
 
+    outputs:
+      c2patool-release-tag: ${{ steps.sniff-c2patool-release-tag.outputs.tag }}
+
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
@@ -25,7 +28,8 @@ jobs:
         uses: dtolnay/rust-toolchain@stable
 
       - name: Run release-plz
-        uses: MarcoIeni/[email protected]
+        id: release-plz
+        uses: MarcoIeni/[email protected]
         env:
           GITHUB_TOKEN: ${{ secrets.RELEASE_PLZ_TOKEN }}
           CARGO_REGISTRY_TOKEN: ${{ secrets.CRATES_IO_SECRET }}
@@ -38,76 +42,81 @@ jobs:
             tail -n +2 |\
             sed 's/origin\///' |\
             xargs -I {} git push origin --delete {}
-      
-      - name: Identify c2patool release tag
+  
+      - name: Identify c2patool release
+        id: sniff-c2patool-release-tag
         run: |
-          echo "TO DO: Identify c2patool release tag, if any"
-          exit 1
-
-  # publish-c2patool-binaries:
-  #   name: Publish c2patool binaries
-  #   runs-on: ${{ matrix.os }}
-  #   needs: release-plz
-
-  #   strategy:
-  #     fail-fast: false
-  #     matrix:
-  #       os: [ macos-latest, ubuntu-latest, windows-latest ]
-  #       rust_version: [ stable ]
-  #       experimental: [ false ]
-  #       include:
-  #         - os: macos-latest
-  #           artifact_name: c2patool_mac_universal.zip
-  #           uploaded_asset_name: c2patool-${{ needs.repo-prep.outputs.new-tag }}-universal-apple-darwin.zip
-  #         - os: ubuntu-latest
-  #           artifact_name: c2patool_linux_intel.tar.gz
-  #           uploaded_asset_name: c2patool-${{ needs.repo-prep.outputs.new-tag }}-x86_64-unknown-linux-gnu.tar.gz
-  #         - os: windows-latest
-  #           artifact_name: c2patool_win_intel.zip
-  #           uploaded_asset_name: c2patool-${{ needs.repo-prep.outputs.new-tag }}-x86_64-pc-windows-msvc.zip
-
-  #   steps:
-  #     - name: Checkout repository
-  #       uses: actions/checkout@v4
-  #       with:
-  #         ref: ${{ needs.repo-prep.outputs.commit-hash }}
-
-  #     - name: Install Rust toolchain
-  #       uses: dtolnay/rust-toolchain@master
-  #       with:
-  #         toolchain: ${{ matrix.rust_version }}
-  #         components: llvm-tools-preview
-
-  #     - name: Install cargo-sbom
-  #       uses: baptiste0928/cargo-install@v3
-  #       with:
-  #         crate: cargo-sbom
-  #         version: '0.9.1'
-
-  #     - name: Cache Rust dependencies
-  #       uses: Swatinem/rust-cache@v2
-
-  #     - name: Run make release
-  #       run: make release
-
-  #     - name: Upload binary to GitHub
-  #       uses: svenstaro/upload-release-action@v1-release
-  #       with:
-  #         repo_token: ${{ secrets.GITHUB_TOKEN }}
-  #         file: target/${{ matrix.artifact_name }}
-  #         asset_name: ${{ matrix.uploaded_asset_name }}
-  #         tag: ${{ needs.repo-prep.outputs.new-tag }}
-  #         overwrite: true
-
-  #     - name: Generate SBOM
-  #       run: cargo sbom > c2patool.${{ matrix.os }}.sbom.json
-
-  #     - name: Upload SBOM to Github
-  #       uses: svenstaro/upload-release-action@v1-release
-  #       with:
-  #         repo_token: ${{ secrets.GITHUB_TOKEN }}
-  #         file: c2patool.${{ matrix.os }}.sbom.json
-  #         asset_name: c2patool-${{ needs.repo-prep.outputs.new-tag }}-sbom.json
-  #         tag: ${{ needs.repo-prep.outputs.new-tag }}
-  #         overwrite: true
+          echo tag=`git tag --contains HEAD | grep '^c2patool-'` >> "$GITHUB_OUTPUT" || true
+    
+  publish-c2patool-binaries:
+    name: Publish c2patool binaries
+    runs-on: ${{ matrix.os }}
+    needs: release-plz
+
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ macos-latest, ubuntu-latest, windows-latest ]
+        rust_version: [ stable ]
+        experimental: [ false ]
+        include:
+          - os: macos-latest
+            artifact_name: c2patool_mac_universal.zip
+            uploaded_asset_name: c2patool-${{ needs.release-plz.outputs.c2patool-release-tag }}-universal-apple-darwin.zip
+          - os: ubuntu-latest
+            artifact_name: c2patool_linux_intel.tar.gz
+            uploaded_asset_name: c2patool-${{ needs.release-plz.outputs.c2patool-release-tag }}-x86_64-unknown-linux-gnu.tar.gz
+          - os: windows-latest
+            artifact_name: c2patool_win_intel.zip
+            uploaded_asset_name: c2patool-${{ needs.release-plz.outputs.c2patool-release-tag }}-x86_64-pc-windows-msvc.zip
+
+    steps:
+      - name: Checkout repository
+        if: ${{ needs.release-plz.outputs.c2patool-release-tag }}
+        uses: actions/checkout@v4
+
+      - name: Install Rust toolchain
+        if: ${{ needs.release-plz.outputs.c2patool-release-tag }}
+        uses: dtolnay/rust-toolchain@master
+        with:
+          toolchain: ${{ matrix.rust_version }}
+          components: llvm-tools-preview
+
+      - name: Install cargo-sbom
+        if: ${{ needs.release-plz.outputs.c2patool-release-tag }}
+        uses: baptiste0928/cargo-install@v3
+        with:
+          crate: cargo-sbom
+          version: '0.9.1'
+
+      - name: Cache Rust dependencies
+        if: ${{ needs.release-plz.outputs.c2patool-release-tag }}
+        uses: Swatinem/rust-cache@v2
 
+      - name: Run make release
+        if: ${{ needs.release-plz.outputs.c2patool-release-tag }}
+        run: cd cli && make release
+
+      - name: Upload binary to GitHub
+        if: ${{ needs.release-plz.outputs.c2patool-release-tag }}
+        uses: svenstaro/upload-release-action@v1-release
+        with:
+          repo_token: ${{ secrets.GITHUB_TOKEN }}
+          file: target/${{ matrix.artifact_name }}
+          asset_name: ${{ matrix.uploaded_asset_name }}
+          tag: ${{ needs.release-plz.outputs.c2patool-release-tag }}
+          overwrite: true
+
+      - name: Generate SBOM
+        if: ${{ needs.release-plz.outputs.c2patool-release-tag }}
+        run: cd cli && cargo sbom > c2patool.${{ matrix.os }}.sbom.json
+
+      - name: Upload SBOM to Github
+        if: ${{ needs.release-plz.outputs.c2patool-release-tag }}
+        uses: svenstaro/upload-release-action@v1-release
+        with:
+          repo_token: ${{ secrets.GITHUB_TOKEN }}
+          file: cli/c2patool.${{ matrix.os }}.sbom.json
+          asset_name: c2patool-${{ needs.release-plz.outputs.c2patool-release-tag }}-sbom.json
+          tag: ${{ needs.release-plz.outputs.c2patool-release-tag }}
+          overwrite: true
diff --git a/.gitignore b/.gitignore
@@ -1,7 +1,5 @@
 /target/
 
-Cargo.lock
-
 **/*.rs.bk
 
 .DS_Store

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,6 +6,35 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm
 
 Since version 0.36.2, the format of this changelog is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
+## [0.40.0](https://github.com/contentauth/c2pa-rs/compare/c2pa-v0.39.0...c2pa-v0.40.0)
+_12 December 2024_
+
+### Added
+
+* Add `RawSigner` trait to `c2pa-crypto` (derived from `c2pa::Signer`) (#716)
+* Move time stamp code into c2pa-crypto (#696)
+* Adds ValidationState support (#701)
+* Introduce `DynamicAssertion` trait (#566)
+
+### Fixed
+
+* Compile `c2pa-crypto` with `cargo check` (#768)
+* Verbose assertions for `is_none()` (#704)
+* Remove `c2pa::Signer` dependency on `c2pa_crypto::TimeStampProvider` (#718)
+* Add support for MP3 without ID3 header (#652)
+* Treat Unicode-3.0 license as approved; unpin related dependencies (#693)
+* Remote manifest fetch test was not using full path (#675)
+* Fix #624 (edge cases when combining the box hashes) (#625)
+* Fix #672, Callback is unsound (#674)
+* Support "remote_manifest_fetch" verify setting (#667)
+
+### Updated dependencies
+
+* Bump chrono from 0.4.38 to 0.4.39 (#763)
+* Bump asn1-rs from 0.5.2 to 0.6.2 (#724)
+* Bump mockall requirement from 0.11.2 to 0.13.1 in /sdk (#685)
+* Update zip requirement from 0.6.6 to 2.2.1 in /sdk (#698)
+
 ## [0.39.0](https://github.com/contentauth/c2pa-rs/compare/c2pa-v0.38.0...c2pa-v0.39.0)
 _13 November 2024_