ci: prep for release (#265)

.github/dependabot.yaml

@@ -4,3 +4,8 @@ updates:
   directory: "/"
   schedule:
     interval: "weekly"
+
+- package-ecosystem: cargo
+  directory: "/"
+  schedule:
+    interval: "weekly"

.github/workflows/ci.yml

@@ -8,6 +8,10 @@ on:
     branches:
       - master
 
+concurrency:
+  group: ${{ github.ref }}
+  cancel-in-progress: true
+
 permissions:
   contents: read
 
@@ -24,13 +28,14 @@ jobs:
             github.com:443
             static.rust-lang.org:443
 
-      - name: Checkout
-        uses: actions/checkout@61b9e3751b92087fd0b06925ba6dd6314e06f089
+      - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633
+        with:
+          fetch-depth: 0
 
       - name: Rust toolchain
         uses: dtolnay/rust-toolchain@d8352f6b1d2e870bc5716e7a6d9b65c4cc244a1a
         with:
-          toolchain: 1.73.0
+          toolchain: "1.73.0"
           components: rustfmt
 
       - name: Check Formatting
@@ -52,6 +57,9 @@ jobs:
           - os: ubuntu-latest
             python-version: "3.10"
             allow-prereleases: false
+          - os: ubuntu-latest
+            python-version: 3.9
+            allow-prereleases: false
           - os: ubuntu-latest
             python-version: 3.8
             allow-prereleases: false
@@ -73,7 +81,10 @@ jobs:
             static.rust-lang.org:443
             objects.githubusercontent.com:443
 
-      - uses: actions/checkout@61b9e3751b92087fd0b06925ba6dd6314e06f089
+      - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633
+        with:
+          fetch-depth: 0
+
       - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d  # 5.1.0
         with:
           python-version: ${{ matrix.python-version }}
@@ -81,7 +92,7 @@ jobs:
 
       - uses: dtolnay/rust-toolchain@d8352f6b1d2e870bc5716e7a6d9b65c4cc244a1a
         with:
-          toolchain: 1.73.0
+          toolchain: "1.73.0"
 
       - uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84  # 2.7.3
       - run: python3 -m pip install nox

.github/workflows/publish.yaml

@@ -9,9 +9,16 @@ on:
 #     branches:
 #       - master
 
+permissions:
+  contents: read
+
 jobs:
   linux:
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write  # ability to mint the OIDC token permission is necessary to persist the attestation
+      contents: read
+      attestations: write  # persist the attestation
     strategy:
       matrix:
         platform: [ 'x86_64-unknown-linux-gnu', 'aarch64-unknown-linux-gnu' ]
@@ -32,13 +39,13 @@ jobs:
             github.com:443
             index.crates.io:443
             objects.githubusercontent.com:443
-            uploads.github.com:443
             pkg-containers.githubusercontent.com:443
             pypi.org:443
             quay.io:443
             sh.rustup.rs:443
             static.crates.io:443
             static.rust-lang.org:443
+            uploads.github.com:443
 
       - uses: actions/checkout@61b9e3751b92087fd0b06925ba6dd6314e06f089
       - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d
@@ -53,14 +60,23 @@ jobs:
           command: build
           args: --release --sdist -o dist -i 3.8 3.9 3.10 3.11 3.12
 
+      - name: Generate artifact attestation
+        uses: actions/attest-build-provenance@897ed5eab6ed058a474202017ada7f40bfa52940 # v1.0.0
+        with:
+          subject-path: 'dist/*'
+
       - name: Upload wheels
         uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808  # 4.3.3
         with:
-          name: wheels
+          name: wheels-${{ matrix.platform }}
           path: dist
 
   windows:
     runs-on: windows-latest
+    permissions:
+      id-token: write  # ability to mint the OIDC token permission is necessary to persist the attestation
+      contents: read
+      attestations: write  # persist the attestation
     strategy:
       matrix:
         target: [x64]
@@ -69,7 +85,7 @@ jobs:
       - name: Harden Runner
         uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4
         with:
-          egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
+          egress-policy: audit
 
       - uses: actions/checkout@61b9e3751b92087fd0b06925ba6dd6314e06f089
       - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d
@@ -83,6 +99,11 @@ jobs:
           command: build
           args: --release -o dist
 
+      - name: Generate artifact attestation
+        uses: actions/attest-build-provenance@897ed5eab6ed058a474202017ada7f40bfa52940 # v1.0.0
+        with:
+          subject-path: 'dist/*'
+
       - name: Upload wheels
         uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808  # 4.3.3
         with:
@@ -91,6 +112,10 @@ jobs:
 
   macos:
     runs-on: macos-latest
+    permissions:
+      id-token: write  # ability to mint the OIDC token permission is necessary to persist the attestation
+      contents: read
+      attestations: write  # persist the attestation
     strategy:
       matrix:
         python-version: ['3.8', '3.9', '3.10', '3.11', '3.12']
@@ -115,10 +140,15 @@ jobs:
           command: build
           args: --release -o dist
 
+      - name: Generate artifact attestation
+        uses: actions/attest-build-provenance@897ed5eab6ed058a474202017ada7f40bfa52940 # v1.0.0
+        with:
+          subject-path: 'dist/*'
+
       - name: Upload wheels
         uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808  # 4.3.3
         with:
-          name: wheels
+          name: wheels-${{ matrix.platform }}
           path: dist
 
   python-release-github:
@@ -144,7 +174,7 @@ jobs:
 
       - uses: dtolnay/rust-toolchain@d8352f6b1d2e870bc5716e7a6d9b65c4cc244a1a
         with:
-          toolchain: 1.73.0
+          toolchain: "1.73.0"
 
       - name: Set up Python 3.8
         uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
@@ -153,8 +183,9 @@ jobs:
 
       - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
         with:
-          name: wheels
           path: wheels
+          pattern: wheels-*
+          merge-multiple: true
 
       - name: Upload release binaries
         uses: alexellis/upload-assets@13926a61cdb2cb35f5fdef1c06b8b591523236d3
@@ -173,12 +204,13 @@ jobs:
       - name: Harden Runner
         uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4
         with:
-          egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
+          egress-policy: audit
 
       - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
         with:
-          name: wheels
           path: wheels
+          pattern: wheels-*
+          merge-multiple: true
 
       - name: Publish package distributions to Test PyPI
         uses: pypa/gh-action-pypi-publish@81e9d935c883d0b210363ab89cf05f3894778450 # v1.8.14

Cargo.lock

@@ -1073,7 +1073,7 @@ dependencies = [
 
 [[package]]
 name = "tantivy"
-version = "0.21.0"
+version = "0.22.0"
 dependencies = [
  "base64",
  "chrono",
@@ -1084,7 +1084,7 @@ dependencies = [
  "pythonize",
  "serde",
  "serde_json",
- "tantivy 0.22.0",
+ "tantivy 0.22.0 (registry+https://github.com/rust-lang/crates.io-index)",
 ]
 
 [[package]]

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "tantivy"
-version = "0.21.0"
+version = "0.22.0"
 readme = "README.md"
 authors = ["Damir Jelić <poljar@termina.org.uk>"]
 edition = "2021"

src/document.rs

@@ -230,7 +230,7 @@ fn value_to_py(py: Python, value: &Value) -> PyResult<PyObject> {
             .into_py(py)
         }
         Value::Facet(f) => Facet { inner: f.clone() }.into_py(py),
-        Value::Array(arr) => {
+        Value::Array(_arr) => {
             // TODO implement me
             unimplemented!();
         }