Closed thedavemarshall closed 4 months ago
@anakrish Is this the approach you were thinking for https://github.com/microsoft/regorus/issues/242 ?
@thedavemarshall Looks great! Thanks for taking this on.
One question: How trustworthy is oxidize-rb/actions/setup-ruby-and-rust@v1
?
@anakrish Great question! I'm not a security expert or rust expert, and I'm also relatively new to GitHub actions, but here's what I've found. The summary is that I would trust this action, but I'm happy to try a different approach if you'd prefer!
oxidize-rb/actions/setup-ruby-and-rust@v1
source code is maintained by the same individuals in the oxidize-rb GitHub organization as https://github.com/oxidize-rb/rb-sys , which is used as a runtime dependency for the Ruby-rust bindings of Regorus (https://rubygems.org/gems/rb_sys and https://crates.io/crates/rb-sys) , and appears to be the recommended way to CI test ruby-rust bindings https://github.com/oxidize-rb/rb-sys?tab=readme-ov-file#quick-links@thedavemarshall Thanks for the investigation. Based on your findings, I agree with you that it is reasonable to trust oxidize-rb
since we already trust rb-sys
. Additionally, magnus
also uses oxidize-rb
in its CI:
Also, bytecodealliance
in your list is focused on security.
Based on all the above, I'm OK to trust oxidize-rb
.
@thedavemarshall This PR inspired me to do #247.
This change adds a
test-ruby
CI workflow that is triggered on pushes and pull requests tomain
, and will run the default rake task ofcompile test rubocop
.Happy to change the naming or triggers here, but wanted to see what it would take to get the ruby test suite run as part of CI.
see https://github.com/oxidize-rb/actions/blob/main/setup-ruby-and-rust/readme.md for docs on the rust and ruby setup action.
see https://github.com/thedavemarshall/regorus/actions/runs/9142734035/job/25138614189 for an example run of this workflow.