mirror of
https://github.com/huggingface/xet-core.git
synced 2026-06-04 13:30:29 +08:00
5868f64ab9
CI for hf-hub is running cargo audit and found many issues through
hf-xet transitive deps. this PR attempts to solve some of them (not
necessarily all of them).
Main changes:
- dropped derivative and reqwest-retry
- replaced bincode with postcard, only used in testing
- upgrade xet-core rand usage
- added audit CI step and ignoring some issues that we can't easily fix.
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> **Medium Risk**
> Medium risk because it removes `reqwest-retry`/`derivative` and
replaces part of the retry classification logic with an in-house
equivalent, which could subtly change HTTP retry behavior; the remaining
changes are dependency/version bumps and test-only serialization swaps.
>
> **Overview**
> Adds a new CI `cargo audit` job and introduces `.cargo/audit.toml` to
ignore a small set of **dev-only** RustSec advisories with documented
rationale.
>
> Reduces audit surface by dropping `derivative` (manual `Debug` impl
for `AuthConfig`) and removing `reqwest-retry`, replacing its
status-code classification with a local `Retryable` enum +
`default_on_request_success` helper in `RetryWrapper`.
>
> Updates workspace deps (notably `rand` to `0.10` and `rand_distr` to
`0.6`) and adjusts call sites to the newer `rand` APIs (`RngExt`
imports, minor test/bench tweaks). Test-only binary serialization
switches from `bincode` to `postcard` (and updates affected tests), with
corresponding lockfile updates across crates.
>
> <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit
26377f4a1c. Bugbot is set up for automated
code reviews on this repo. Configure
[here](https://www.cursor.com/dashboard/bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
140 lines
5.4 KiB
YAML
140 lines
5.4 KiB
YAML
name: xet-core CI
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
pull_request:
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.ref }}
|
|
cancel-in-progress: true
|
|
|
|
jobs:
|
|
fmt:
|
|
name: Rustfmt
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
- uses: dtolnay/rust-toolchain@3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9 # master
|
|
with:
|
|
toolchain: nightly
|
|
components: rustfmt
|
|
- name: Format
|
|
run: |
|
|
cargo fmt --manifest-path ./Cargo.toml --all -- --check
|
|
cargo fmt --manifest-path ./hf_xet/Cargo.toml --all -- --check
|
|
detect-unused-dependencies:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
- name: Machete
|
|
uses: bnjbvr/cargo-machete@b81ce1560c5fbd0210cb66d88bf210329ff04266 # main
|
|
check-bench-compiles:
|
|
name: Check benchmarks compile
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
- uses: dtolnay/rust-toolchain@3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9 # master
|
|
with:
|
|
toolchain: 1.94.1
|
|
- uses: ./.github/actions/cache-rust-build
|
|
- name: Compile benchmarks
|
|
run: |
|
|
cargo bench --no-run --workspace --exclude git_xet
|
|
build_and_test-linux:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
- name: Install Rust 1.94
|
|
uses: dtolnay/rust-toolchain@3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9 # master
|
|
with:
|
|
toolchain: 1.94.1
|
|
components: clippy
|
|
- uses: ./.github/actions/cache-rust-build
|
|
- name: Lint
|
|
run: |
|
|
cargo clippy -r --verbose -- -D warnings # elevates warnings to errors
|
|
cargo clippy -r --verbose --manifest-path hf_xet/Cargo.toml -- -D warnings # elevates warnings to errors
|
|
- name: Set up Git LFS
|
|
run: |
|
|
curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | sudo bash
|
|
sudo apt-get install git-lfs
|
|
git lfs install
|
|
- name: Build and Test
|
|
run: |
|
|
cargo test --verbose --no-fail-fast --features "strict simulation git-xet-for-integration-test"
|
|
- name: Build and Test hf_xet
|
|
run: |
|
|
cd hf_xet && cargo test --verbose --no-fail-fast
|
|
- name: Check Cargo.lock has no uncommitted changes
|
|
run: |
|
|
# the build and test steps would update Cargo.lock if it is out of date
|
|
test -z "$(git status --porcelain Cargo.lock)" || (echo "Cargo.lock has uncommitted changes!" && exit 1)
|
|
build_and_test-win:
|
|
runs-on: windows-latest
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
- name: Install Rust 1.94
|
|
uses: dtolnay/rust-toolchain@3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9 # master
|
|
with:
|
|
toolchain: 1.94.1
|
|
- uses: ./.github/actions/cache-rust-build
|
|
- name: Build and Test
|
|
run: |
|
|
cargo test --verbose --no-fail-fast --features "strict simulation git-xet-for-integration-test"
|
|
- name: Build and Test hf_xet
|
|
run: |
|
|
cd hf_xet && cargo test --verbose --no-fail-fast
|
|
build_and_test-macos:
|
|
runs-on: macos-latest
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
- name: Install Rust 1.94
|
|
uses: dtolnay/rust-toolchain@3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9 # master
|
|
with:
|
|
toolchain: 1.94.1
|
|
- name: Set up Git LFS
|
|
run: |
|
|
brew install git-lfs
|
|
git lfs install
|
|
- uses: ./.github/actions/cache-rust-build
|
|
- name: Build and Test
|
|
run: |
|
|
cargo test --verbose --no-fail-fast --features "strict simulation git-xet-for-integration-test"
|
|
- name: Build and Test hf_xet
|
|
run: |
|
|
cd hf_xet && cargo test --verbose --no-fail-fast
|
|
build_and_test-wasm:
|
|
name: Build WASM
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
- uses: ./.github/actions/build-wasm
|
|
- name: Check hf_xet_thin_wasm Cargo.lock has no uncommitted changes
|
|
working-directory: wasm/hf_xet_thin_wasm
|
|
run: |
|
|
# the build steps would update Cargo.lock if it is out of date
|
|
test -z "$(git status --porcelain Cargo.lock)" || (echo "hf_xet_thin_wasm Cargo.lock has uncommitted changes!" && exit 1)
|
|
- name: Check hf_xet_wasm Cargo.lock has no uncommitted changes
|
|
working-directory: wasm/hf_xet_wasm
|
|
run: |
|
|
# the build steps would update Cargo.lock if it is out of date
|
|
test -z "$(git status --porcelain Cargo.lock)" || (echo "hf_xet_wasm Cargo.lock has uncommitted changes!" && exit 1)
|
|
cargo-audit:
|
|
name: Cargo Audit
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
- uses: dtolnay/rust-toolchain@3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9 # master
|
|
with:
|
|
toolchain: 1.94.1
|
|
- name: Install cargo-audit
|
|
run: cargo install --locked cargo-audit
|
|
- name: Run cargo audit
|
|
run: cargo audit -D warnings
|