chore: Adopt '_rust/main' template

.clippy.toml

@@ -1 +1,13 @@
-msrv = "1.64.0"  # MSRV
+msrv = "1.65.0"  # MSRV
+warn-on-all-wildcard-imports = true
+allow-expect-in-tests = true
+allow-unwrap-in-tests = true
+allow-dbg-in-tests = true
+disallowed-methods = [
+    { path = "std::option::Option::map_or", reason = "prefer `map(..).unwrap_or(..)` for legibility" },
+    { path = "std::option::Option::map_or_else", reason = "prefer `map(..).unwrap_or_else(..)` for legibility" },
+    { path = "std::result::Result::map_or", reason = "prefer `map(..).unwrap_or(..)` for legibility" },
+    { path = "std::result::Result::map_or_else", reason = "prefer `map(..).unwrap_or_else(..)` for legibility" },
+    { path = "std::iter::Iterator::for_each", reason = "prefer `for` for side-effects" },
+    { path = "std::iter::Iterator::try_for_each", reason = "prefer `for` for side-effects" },
+]

.github/renovate.json5

@@ -1,48 +1,102 @@
 {
-  "schedule": [
-    "before 3am on the first day of the month"
+  schedule: [
+    'before 5am on the first day of the month',
   ],
-  "ignoreDeps": [
-    "toml_old",
+  semanticCommits: 'enabled',
+  configMigration: true,
+  dependencyDashboard: true,
+  regexManagers: [
+    {
+      fileMatch: [
+        '^rust-toolchain\\.toml$',
+        'Cargo.toml$',
+        'clippy.toml$',
+        '\\.clippy.toml$',
+        '^\\.github/workflows/ci.yml$',
+        '^\\.github/workflows/rust-next.yml$',
+      ],
+      matchStrings: [
+        'MSRV.*?(?<currentValue>\\d+\\.\\d+(\\.\\d+)?)',
+        '(?<currentValue>\\d+\\.\\d+(\\.\\d+)?).*?MSRV',
+      ],
+      depNameTemplate: 'rust',
+      packageNameTemplate: 'rust-lang/rust',
+      datasourceTemplate: 'github-releases',
+    },
   ],
-  "semanticCommits": "enabled",
-  "configMigration": true,
-  "packageRules": [
+  packageRules: [
+    {
+      commitMessageTopic: 'MSRV',
+      matchManagers: [
+        'regex',
+      ],
+      matchPackageNames: [
+        'rust',
+      ],
+      minimumReleaseAge: "252 days",  // 6 releases * 6 weeks per release * 7 days per week
+      internalChecksFilter: "strict",
+    },
     // Goals:
     // - Keep version reqs low, ignoring compatible normal/build dependencies
     // - Take advantage of latest dev-dependencies
     // - Rollup safe upgrades to reduce CI runner load
     // - Help keep number of versions down by always using latest breaking change
     // - Have lockfile and manifest in-sync
     {
-      "matchManagers": ["cargo"],
-      "matchDepTypes": ["build-dependencies", "dependencies"],
-      "matchCurrentVersion": ">=0.1.0",
-      "matchUpdateTypes": ["patch"],
-      "enabled": false,
+      matchManagers: [
+        'cargo',
+      ],
+      matchDepTypes: [
+        'build-dependencies',
+        'dependencies',
+      ],
+      matchCurrentVersion: '>=0.1.0',
+      matchUpdateTypes: [
+        'patch',
+      ],
+      enabled: false,
     },
     {
-      "matchManagers": ["cargo"],
-      "matchDepTypes": ["build-dependencies", "dependencies"],
-      "matchCurrentVersion": ">=1.0.0",
-      "matchUpdateTypes": ["minor"],
-      "enabled": false,
+      matchManagers: [
+        'cargo',
+      ],
+      matchDepTypes: [
+        'build-dependencies',
+        'dependencies',
+      ],
+      matchCurrentVersion: '>=1.0.0',
+      matchUpdateTypes: [
+        'minor',
+      ],
+      enabled: false,
     },
     {
-      "matchManagers": ["cargo"],
-      "matchDepTypes": ["dev-dependencies"],
-      "matchCurrentVersion": ">=0.1.0",
-      "matchUpdateTypes": ["patch"],
-      "automerge": true,
-      "groupName": "compatible (dev)",
+      matchManagers: [
+        'cargo',
+      ],
+      matchDepTypes: [
+        'dev-dependencies',
+      ],
+      matchCurrentVersion: '>=0.1.0',
+      matchUpdateTypes: [
+        'patch',
+      ],
+      automerge: true,
+      groupName: 'compatible (dev)',
     },
     {
-      "matchManagers": ["cargo"],
-      "matchDepTypes": ["dev-dependencies"],
-      "matchCurrentVersion": ">=1.0.0",
-      "matchUpdateTypes": ["minor"],
-      "automerge": true,
-      "groupName": "compatible (dev)",
+      matchManagers: [
+        'cargo',
+      ],
+      matchDepTypes: [
+        'dev-dependencies',
+      ],
+      matchCurrentVersion: '>=1.0.0',
+      matchUpdateTypes: [
+        'minor',
+      ],
+      automerge: true,
+      groupName: 'compatible (dev)',
     },
   ],
 }

.github/settings.yml

@@ -1,21 +1,29 @@
 # These settings are synced to GitHub by https://probot.github.io/apps/settings/
 
 repository:
-  description: Rust TOML Parser
-  topics: rust toml
+  description: "Rust TOML Parser"
+  homepage: "https://docs.rs/toml"
+  topics: "rust toml"
   has_issues: true
   has_projects: false
   has_wiki: false
   has_downloads: true
   default_branch: main
 
-  allow_squash_merge: true
+  # Preference: people do clean commits
   allow_merge_commit: true
-  allow_rebase_merge: true
+  # Backup in case we need to clean up commits
+  allow_squash_merge: true
+  # Not really needed
+  allow_rebase_merge: false
 
-  # Manual: allow_auto_merge: true, see https://github.com/probot/settings/issues/402
+  allow_auto_merge: true
   delete_branch_on_merge: true
 
+  squash_merge_commit_title: "PR_TITLE"
+  squash_merge_commit_message: "PR_BODY"
+  merge_commit_message: "PR_BODY"
+
 labels:
   - name: "A-parse"
     description: "Area: Parsing TOML"
@@ -62,6 +70,6 @@ branches:
       required_status_checks:
         # Required. Require branches to be up to date before merging.
         strict: false
-        contexts: ["CI"]
+        contexts: ["CI", "Lint Commits", "Spell Check with Typos"]
       enforce_admins: false
       restrictions: null

.github/workflows/audit.yml

@@ -1,21 +1,49 @@
 name: Security audit
+
+permissions:
+  contents: read
+
 on:
   pull_request:
     paths:
       - '**/Cargo.toml'
       - '**/Cargo.lock'
   push:
-    paths:
-      - '**/Cargo.toml'
-      - '**/Cargo.lock'
-  schedule:
-  - cron: '1 1 1 * *'
+    branches:
+    - main
+
+env:
+  RUST_BACKTRACE: 1
+  CARGO_TERM_COLOR: always
+  CLICOLOR: 1
+
 jobs:
   security_audit:
+    permissions:
+      issues: write # to create issues (actions-rs/audit-check)
+      checks: write # to create check (actions-rs/audit-check)
     runs-on: ubuntu-latest
+    # Prevent sudden announcement of a new advisory from failing ci:
+    continue-on-error: true
     steps:
     - name: Checkout repository
       uses: actions/checkout@v3
     - uses: actions-rs/audit-check@v1
       with:
         token: ${{ secrets.GITHUB_TOKEN }}
+
+  cargo_deny:
+    permissions:
+      issues: write # to create issues (actions-rs/audit-check)
+      checks: write # to create check (actions-rs/audit-check)
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        checks:
+          - bans licenses sources
+    steps:
+    - uses: actions/checkout@v3
+    - uses: EmbarkStudios/cargo-deny-action@v1
+      with:
+        command: check ${{ matrix.checks }}
+        rust-version: stable

.github/workflows/ci.yml

@@ -1,13 +1,23 @@
 name: CI
+
+permissions:
+  contents: read
+
 on:
   pull_request:
   push:
     branches:
     - main
-  schedule:
-  - cron: '19 19 19 * *'
+
+env:
+  RUST_BACKTRACE: 1
+  CARGO_TERM_COLOR: always
+  CLICOLOR: 1
+
 jobs:
   ci:
+    permissions:
+      contents: none
     name: CI
     needs: [test, msrv, docs, rustfmt, clippy]
     runs-on: ubuntu-latest
@@ -26,12 +36,12 @@ jobs:
     - name: Checkout repository
       uses: actions/checkout@v3
     - name: Install Rust
-      uses: dtolnay/rust-toolchain@v1
+      uses: dtolnay/rust-toolchain@stable
       with:
         toolchain: ${{ matrix.rust }}
     - uses: Swatinem/rust-cache@v2
     - name: Build
-      run: cargo test --no-run --workspace
+      run: cargo test --no-run --workspace --all-features
     - name: Default features
       run: cargo test --workspace
     - name: toml_edit (all features)
@@ -49,30 +59,42 @@ jobs:
     - name: toml (no-default features)
       run: cargo test -p toml --no-default-features
   msrv:
-    name: "Check MSRV: 1.64.0"
+    name: "Check MSRV: 1.65.0"
     runs-on: ubuntu-latest
     steps:
     - name: Checkout repository
       uses: actions/checkout@v3
     - name: Install Rust
-      uses: dtolnay/rust-toolchain@v1
+      uses: dtolnay/rust-toolchain@stable
       with:
-        toolchain: 1.64.0  # MSRV
+        toolchain: 1.65.0  # MSRV
     - uses: Swatinem/rust-cache@v2
     - name: Default features
       run: cargo check --workspace --all-targets
     - name: All features
       run: cargo check --workspace --all-targets --all-features
     - name: No-default features
       run: cargo check --workspace --all-targets --no-default-features
+  lockfile:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+    - name: Install Rust
+      uses: dtolnay/rust-toolchain@stable
+      with:
+        toolchain: stable
+    - uses: Swatinem/rust-cache@v2
+    - name: "Is lockfile updated?"
+      run: cargo fetch --locked
   docs:
     name: Docs
     runs-on: ubuntu-latest
     steps:
     - name: Checkout repository
       uses: actions/checkout@v3
     - name: Install Rust
-      uses: dtolnay/rust-toolchain@v1
+      uses: dtolnay/rust-toolchain@stable
       with:
         toolchain: stable
     - uses: Swatinem/rust-cache@v2
@@ -87,7 +109,7 @@ jobs:
     - name: Checkout repository
       uses: actions/checkout@v3
     - name: Install Rust
-      uses: dtolnay/rust-toolchain@v1
+      uses: dtolnay/rust-toolchain@stable
       with:
         # Not MSRV because its harder to jump between versions and people are
         # more likely to have stable
@@ -99,16 +121,32 @@ jobs:
   clippy:
     name: clippy
     runs-on: ubuntu-latest
+    permissions:
+      security-events: write # to upload sarif results
     steps:
     - name: Checkout repository
       uses: actions/checkout@v3
     - name: Install Rust
-      uses: dtolnay/rust-toolchain@v1
+      uses: dtolnay/rust-toolchain@stable
       with:
-        toolchain: 1.64.0  # MSRV
+        toolchain: 1.65.0  # MSRV
         components: clippy
     - uses: Swatinem/rust-cache@v2
-    - uses: actions-rs/clippy-check@v1
+    - name: Install SARIF tools
+      run: cargo install clippy-sarif --version 0.3.4 --locked  # Held back due to msrv
+    - name: Install SARIF tools
+      run: cargo install sarif-fmt --version 0.3.4 --locked # Held back due to msrv
+    - name: Check
+      run: >
+        cargo clippy --workspace --all-features --all-targets --message-format=json -- -D warnings --allow deprecated
+        | clippy-sarif
+        | tee clippy-results.sarif
+        | sarif-fmt
+      continue-on-error: true
+    - name: Upload
+      uses: github/codeql-action/upload-sarif@v2
       with:
-        token: ${{ secrets.GITHUB_TOKEN }}
-        args: --workspace --all-features --all-targets -- -D warnings --allow deprecated
+        sarif_file: clippy-results.sarif
+        wait-for-processing: true
+    - name: Report status
+      run: cargo clippy --workspace --all-features --all-targets -- -D warnings --allow deprecated