Use custom token to trigger reruns

Merge pull request #618 from vbrandl/dependabot/cargo/tokio-1.28.1
Bump tokio from 1.28.0 to 1.28.1
2023-05-17 15:15:49 +02:00 · 2023-05-11 13:35:05 +02:00 · 2023-05-11 11:21:01 +00:00 · 2023-05-11 11:20:47 +00:00 · 2023-05-11 13:20:07 +02:00 · 2023-05-11 11:06:57 +00:00
10 changed files with 1326 additions and 577 deletions
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@ -10,3 +10,15 @@ updates:
      - vbrandl
    labels:
      - dependencies
+      - dependabot
+
+  - package-ecosystem: 'github-actions'
+    directory: '/'
+    schedule:
+      interval: 'daily'
+    open-pull-requests-limit: 10
+    assignees:
+      - vbrandl
+    labels:
+      - dependabot
+      - dependencies
--- a/.github/workflows/dependabot-changelog.yml
+++ b/.github/workflows/dependabot-changelog.yml
@ -0,0 +1,26 @@
+name: 'Dependabot Changelog'
+on:
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+      - labeled
+      - unlabeled
+
+jobs:
+  changelog:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          token: ${{ secrets.ACTION_TOKEN }}
+      - uses: dangoslen/dependabot-changelog-helper@v3
+        with:
+          activationLabel: 'dependabot'
+      - uses: stefanzweifel/git-auto-commit-action@v4
+        with:
+          commit_message: "Update Changelog"
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -42,7 +42,7 @@ jobs:
          override: true

      - name: Cache cargo registry, index and build directory
-        uses: actions/cache@v2
+        uses: actions/cache@v3
        with:
          path: |
            ~/.cargo/registry
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -4,6 +4,68 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

 ## [Unreleased]
+### Dependencies
+- Bump `serde` from 1.0.160 to 1.0.163 (#613, #617)
+- Bump `actions/cache` from 2 to 3 (#616)
+- Bump `tokio` from 1.28.0 to 1.28.1 (#618)
+
+
+## [0.35.0] 2023-05-04
+
+* Updated [`h2`](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17, fixes [SEC#11] ([#599])
+* Updated [`git2`](https://github.com/rust-lang/git2-rs) from 0.16.1 to 0.17.0 ([#602])
+* Updated [`git2`](https://github.com/rust-lang/git2-rs) from 0.17.0 to 0.17.1 ([#603])
+* Updated [`tracing-subscriber`](https://github.com/tokio-rs/tracing) from 0.3.16 to 0.3.17 ([#604])
+* Updated [`tokio`](https://github.com/tokio-rs/tokio) from 1.27.0 to 1.28.0 ([#605])
+* Updated [`tracing`](https://github.com/tokio-rs/tracing) from 0.1.37 to 0.1.38 ([#607])
+* Updated [`vergen`](https://github.com/rustyhorde/vergen) from 8.1.1 to 8.1.3 ([#608])
+* Downgrade yanked [`tracing`](https://github.com/tokio-rs/tracing) 0.1.38 to 0.1.37 ([#611])
+* Updated [`reqwest`](https://github.com/seanmonstar/reqwest) from 0.11.16 to 0.11.17 ([#609])
+* Updated [`anyhow`](https://github.com/dtolnay/anyhow) from 1.0.70 to 1.0.71 ([#610])
+
+[#599]: https://github.com/vbrandl/hoc/pull/599
+[#602]: https://github.com/vbrandl/hoc/pull/602
+[#603]: https://github.com/vbrandl/hoc/pull/603
+[#604]: https://github.com/vbrandl/hoc/pull/604
+[#605]: https://github.com/vbrandl/hoc/pull/605
+[#607]: https://github.com/vbrandl/hoc/pull/607
+[#608]: https://github.com/vbrandl/hoc/pull/608
+[#611]: https://github.com/vbrandl/hoc/pull/611
+[#609]: https://github.com/vbrandl/hoc/pull/609
+[#610]: https://github.com/vbrandl/hoc/pull/610
+
+[SEC#11]: https://github.com/vbrandl/hoc/security/dependabot/11
+
+
+## [0.34.0] 2023-04-13
+
+* Updated [`tracing-actix-web`](https://github.com/LukeMathWalker/tracing-actix-web) from 0.7.2 to 0.7.3 ([#578])
+* Updated [`serde`](https://github.com/serde-rs/serde) from 1.0.156 to 1.0.158 ([#580])
+* Updated [`mime`](https://github.com/hyperium/mime) from 0.3.16 to 0.3.17 ([#582])
+* Updated [`dotenvy`](https://github.com/allan2/dotenvy) from 0.15.6 to 0.15.7 ([#583])
+* Updated [`reqwest`](https://github.com/seanmonstar/reqwest) from 0.11.14 to 0.11.16 ([#586])
+* Updated [`tokio`](https://github.com/tokio-rs/tokio) from 1.26.0 to 1.27.0 ([#588])
+* Updated [`tempfile`](https://github.com/Stebalien/tempfile) from 3.4.0 to 3.5.0 ([#590])
+* Updated [`tracing-bunyan-formatter`](https://github.com/LukeMathWalker/tracing-bunyan-formatter) from 0.3.6 to 0.3.7 ([#593])
+* Updated [`serde`](https://github.com/serde-rs/serde) from 1.0.158 to 1.0.160 ([#594])
+* Updated [`serde_json`](https://github.com/serde-rs/json) from 1.0.94 to 1.0.96 ([#595])
+* Updated [`openssl`](https://github.com/sfackler/rust-openssl) from 0.10.40 to 0.10.50, fixes [SEC#6], [SEC#7], and [SEC#8] ([#596])
+
+[#578]: https://github.com/vbrandl/hoc/pull/578
+[#580]: https://github.com/vbrandl/hoc/pull/580
+[#582]: https://github.com/vbrandl/hoc/pull/582
+[#583]: https://github.com/vbrandl/hoc/pull/583
+[#586]: https://github.com/vbrandl/hoc/pull/586
+[#588]: https://github.com/vbrandl/hoc/pull/588
+[#590]: https://github.com/vbrandl/hoc/pull/590
+[#593]: https://github.com/vbrandl/hoc/pull/593
+[#594]: https://github.com/vbrandl/hoc/pull/594
+[#595]: https://github.com/vbrandl/hoc/pull/595
+[#596]: https://github.com/vbrandl/hoc/pull/596
+
+[SEC#6]: https://github.com/vbrandl/hoc/security/dependabot/6
+[SEC#7]: https://github.com/vbrandl/hoc/security/dependabot/7
+[SEC#8]: https://github.com/vbrandl/hoc/security/dependabot/8


 ## [0.33.0] 2023-03-16
--- a/Cargo.lock
+++ b/Cargo.lock
--- a/Cargo.toml
+++ b/Cargo.toml
@ -1,9 +1,9 @@
 [package]
 name = "hoc"
-version = "0.33.0"
+version = "0.35.0"
 authors = ["Valentin Brandl <vbrandl@riseup.net>"]
 edition = "2021"
-build = "build.rs"
+build = "src/build.rs"

 [lib]
 path = "src/lib.rs"
@ -18,30 +18,31 @@ actix-web = "4.3.1"
 badgers = "1.2.0"
 bytes = "1.4.0"
 config = { version = "0.13.3", features = ["toml"] }
-dotenvy = "0.15.6"
+dotenvy = "0.15.7"
 futures = "0.3.27"
-git2 = "0.16.1"
+git2 = "0.17.1"
 lazy_static = "1.4.0"
 mime = "0.3"
 number_prefix = "0.4.0"
 openssl-probe = "0.1.5"
-reqwest = "0.11.14"
-serde = "1.0.156"
+reqwest = "0.11.17"
+serde = "1.0.163"
 serde_derive = "1.0.137"
 serde_json = "1.0.94"
 tracing = "0.1.37"
-tracing-actix-web = "0.7.2"
+tracing-actix-web = "0.7.3"
 tracing-bunyan-formatter = "0.3.6"
 tracing-futures = "0.2.5"
 tracing-log = "0.1.3"
-tracing-subscriber = { version = "0.3.16", features = ["registry", "env-filter"] }
+tracing-subscriber = { version = "0.3.17", features = ["registry", "env-filter"] }

 [build-dependencies]
+anyhow = "1.0.71"
 ructe = { version = "0.16.1", features = ["mime03"] }
-vergen = { version = "7.5.1", default-features = false, features = ["git"] }
+vergen = { version = "8.1.3", default-features = false, features = ["git", "gitoxide"] }

 [dev-dependencies]
 awc = "3.1.1"
 ructe = "0.16.1"
-tempfile = "3.4.0"
-tokio = "1.26.0"
+tempfile = "3.5.0"
+tokio = "1.28.1"
--- a/3
+++ b/3
@ -10,7 +10,7 @@ RUN echo 'fn main() { println!("Hello, world!"); }' >> src/main.rs
 COPY ./Cargo.lock ./Cargo.lock
 COPY ./Cargo.toml ./Cargo.toml
 # HACK: remove build-dependencies so we have at least some caching
-RUN head -n $(($(grep -n "\[build-dependencies\]" Cargo.toml | cut -f1 -d:) - 1)) Cargo.toml | sed '/build.rs/d' > \
+RUN head -n $(($(grep -n "\[build-dependencies\]" Cargo.toml | cut -f1 -d:) - 1)) Cargo.toml | sed '/src\/build.rs/d' > \
        Cargo.toml2  && rm Cargo.toml && mv Cargo.toml2 Cargo.toml
 # build to cache dependencies
 RUN cargo build --release
@ -24,7 +24,6 @@ COPY ./.git ./.git
 # copy source code
 COPY ./static ./static
 COPY ./templates ./templates
-COPY ./build.rs ./build.rs
 COPY ./src ./src
 # build source code
 RUN cargo build --release
--- a/build.rs
+++ b/build.rs
@ -1,15 +0,0 @@
-extern crate ructe;
-extern crate vergen;
-
-use ructe::{Ructe, RucteError};
-use vergen::{vergen, Config, ShaKind};
-
-fn main() -> Result<(), RucteError> {
-    let mut config = Config::default();
-    *config.git_mut().sha_kind_mut() = ShaKind::Short;
-    vergen(config).expect("Unable to generate static repo info");
-    let mut ructe = Ructe::from_env()?;
-    let mut statics = ructe.statics()?;
-    statics.add_files("static")?;
-    ructe.compile_templates("templates")
-}
--- a/src/build.rs
+++ b/src/build.rs
@ -0,0 +1,12 @@
+use anyhow::Result;
+use ructe::Ructe;
+use vergen::EmitBuilder;
+
+fn main() -> Result<()> {
+    EmitBuilder::builder().git_sha(true).emit()?;
+
+    let mut ructe = Ructe::from_env()?;
+    let mut statics = ructe.statics()?;
+    statics.add_files("static")?;
+    Ok(ructe.compile_templates("templates")?)
+}
--- a/src/statics.rs
+++ b/src/statics.rs
@ -4,7 +4,7 @@ pub struct VersionInfo<'a> {
 }

 pub(crate) const VERSION_INFO: VersionInfo = VersionInfo {
-    commit: env!("VERGEN_GIT_SHA_SHORT"),
+    commit: env!("VERGEN_GIT_SHA"),
    version: env!("CARGO_PKG_VERSION"),
 };