Skip to content

xtask: add cratesio install smoke#580

Merged
EffortlessSteven merged 1 commit into
mainfrom
xtask/cratesio-smoke
May 11, 2026
Merged

xtask: add cratesio install smoke#580
EffortlessSteven merged 1 commit into
mainfrom
xtask/cratesio-smoke

Conversation

@EffortlessSteven

Copy link
Copy Markdown
Member

Why

v0.7.0 closeout surfaced a gap: the internal workspace tests prove
the in-repo view of uselesskey, but they cannot catch failures a
downstream consumer would hit first. Specifically:

  • Published-manifest drift (path-only deps leaking into release
    packages, version fields out of sync).
  • Missing crates.io dependency entries.
  • Feature-flag drift between in-workspace and published surface.
  • cargo install uselesskey-cli failing on a fresh cargo cache.

This PR adds the missing "outside-the-workspace" smoke: a fresh
binary crate that depends on uselesskey either from crates.io or a
local path, compiles against the public facade, runs the resulting
binary, and exercises the uselesskey-cli bundle workflow
end-to-end.

What

New subcommand cargo xtask cratesio-smoke with three flags:

  • --path <DIR> (pre-publish, offline-safe) — depend on
    uselesskey from a local workspace, useful before a release lands
    on crates.io. --path . resolves the current workspace.
  • --version <X> (post-publish, network-bound) — depend on the
    actual crates.io release. Mutually exclusive with --path.
  • --skip-install-cli — CI cost lever; skips the
    cargo install uselesskey-cli step while keeping the facade
    smoke.

The smoke:

  1. Creates a fresh, isolated binary crate under
    target/xtask/cratesio-smoke/smoke-app/ (gitignored). The
    project skeleton is hand-rolled so the parent workspace's
    Cargo.toml is never mutated as a side effect of cargo init.
  2. Adds uselesskey with features rsa,jwk,token via cargo add.
  3. Writes a tiny main.rs that exercises Factory, RsaFactoryExt,
    TokenFactoryExt, and the JWK pipeline.
  4. Runs cargo check, then cargo build, then executes the built
    binary.
  5. Installs uselesskey-cli into <temp>/cli-root/ with --locked
    and runs bundle --profile scanner-safe -> verify-bundle -> inspect-bundle, asserting each step exits 0.

Mutual exclusion is enforced at the clap layer; the runtime guard
also rejects the "neither flag supplied" case with a clear error.

v0.7.1 plan

This is PR 4 of the v0.7.1 publish-system hardening series (PRs 1-3
and 6 already merged). --version 0.7.1 is the post-publish mode
and only becomes runnable once v0.7.1 lands on crates.io; the
implementation is ready now so the release workflow can adopt it
immediately.

Test plan

  • cargo build -p xtask succeeds
  • cargo test -p xtask cratesio_smoke passes (clap-validation
    unit test covers bare invocation, mutual exclusion, both happy
    paths, and --skip-install-cli propagation)
  • cargo xtask cratesio-smoke --path . --skip-install-cli
    succeeds end-to-end (facade smoke without CLI install)
  • cargo xtask cratesio-smoke --path . succeeds end-to-end
    (facade smoke + cargo install uselesskey-cli + bundle /
    verify-bundle / inspect-bundle workflow)
  • cargo fmt --check -p xtask clean
  • cargo clippy -p xtask --all-targets -- -D warnings clean
  • CI green (gates the merge)

Adds `cargo xtask cratesio-smoke` to prove the published-manifest view
of `uselesskey`: a downstream consumer with no path dependencies on
this workspace can pull the crate from crates.io (or a local path),
compile against the public facade, build a binary, and run the
`uselesskey-cli` bundle workflow end-to-end.

Why this proves the external user view
--------------------------------------
v0.7.0 closeout exposed that the in-repo workspace tests cannot catch
failure classes a downstream consumer would hit first:

  - Published-manifest drift (path-only deps leaking into a release
    package, version fields out of sync).
  - Missing crates.io dependency entries.
  - Feature-flag drift between in-workspace and published surface.
  - `cargo install uselesskey-cli` failing on a fresh cargo cache.

The smoke materializes a fresh binary crate under
`target/xtask/cratesio-smoke/` (gitignored), depends on `uselesskey`
with the curated `rsa,jwk,token` feature set, runs `cargo check` and
`cargo build`, executes the built binary, and then installs
`uselesskey-cli` to a sandbox root and exercises
`bundle --profile scanner-safe` -> `verify-bundle` -> `inspect-bundle`.

Modes
-----
  --path .               : pre-publish, offline-safe, exercises the
                           local workspace as if it were crates.io
  --version 0.7.1        : post-publish, network-bound, exercises the
                           actual crates.io release (becomes useful
                           once v0.7.1 lands)
  --skip-install-cli     : CI cost lever — skips the expensive
                           `cargo install` step while keeping the
                           facade smoke

The project skeleton is hand-rolled rather than created via
`cargo init` so the parent workspace's Cargo.toml is never mutated as
a side effect.

Notes
-----
- `--version 0.7.1` cannot be wired into CI until v0.7.1 ships; the
  command is implemented now so the publish workflow can adopt it the
  moment the version is live.
- `--path .` mode does not touch the network and is safe for
  airgapped CI.
@chatgpt-codex-connector

Copy link
Copy Markdown

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.
To continue using code reviews, add credits to your account and enable them for code reviews in your settings.

@gemini-code-assist

Copy link
Copy Markdown

Warning

You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again!

@coderabbitai

coderabbitai Bot commented May 11, 2026

Copy link
Copy Markdown

Warning

Rate limit exceeded

@EffortlessSteven has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 12 minutes and 52 seconds before requesting another review.

You’ve run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: db922d3e-a249-4620-8f0f-a949c96ac367

📥 Commits

Reviewing files that changed from the base of the PR and between b8e2df4 and cb6f1e2.

📒 Files selected for processing (1)
  • xtask/src/main.rs
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch xtask/cratesio-smoke

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@EffortlessSteven EffortlessSteven merged commit de133c3 into main May 11, 2026
6 checks passed
EffortlessSteven added a commit that referenced this pull request May 11, 2026
Why patch mode
==============

v0.7.0 ran the full minor-release evidence lane, including expensive
gates like `cargo xtask mutants-nightly --scope public`, the broad
perf suite, and new product profile proofs. That investment is right
for a minor release that changes the user-facing platform.

v0.7.1 is different: it hardens release tooling and the user install
path without changing public behavior. It only needs confidence that
release-system gates and the user path still work. Running the full
minor lane on every patch wastes CI time and dulls the signal of the
minor lane itself.

What the patch lane runs
========================

`cargo xtask release-evidence --version <V> --patch [--summary]`
selects `release_evidence_steps_patch()` which runs 10 focused steps:

1.  `public-surface`            — re-confirm exported API
2.  `check-file-policy`         — non-Rust file allowlist
3.  `publish-preflight`         — metadata + cargo package --no-verify
4.  `publish-check`             — ordered publish dry-runs (includes
                                  topology guard from #572 and
                                  publish=false dep guard from #578)
5.  `scanner-safe-reference --check` (#577) — scanner reference paths
6.  `cratesio-smoke --path . --skip-install-cli` (#580) — user path
7.  `docs-sync --check`         — docs are in sync with code
8.  `no-blob`                   — no secret-shaped blobs in test paths
9.  `examples-smoke`            — examples still compile / run
10. `impacted-evidence --base origin/main` — change-impact routing

What it deliberately omits
==========================

- `mutants-nightly --scope public` — full nightly mutation runs
  against `main` on schedule; targeted mutation already runs through
  `cargo xtask pr` when `impacted-evidence` flags the change.
- broad perf suite (`perf --compare`) — patch releases should not
  shift baselines; if they do, escalate to the minor lane.
- new product profile proofs (scanner-safe bundle, OIDC contract
  pack) — patch releases are not the venue to re-prove new profiles.

Receipt shape
=============

`ReleaseEvidenceReceipt` gains a `lane_mode` field (`"minor"` or
`"patch"`). The existing `lane: "release-evidence"` string is
preserved for backward compatibility with anything consuming the
shape; only the new field distinguishes the two lanes. The
release-evidence markdown gains a `Mode:` line; the summary opens
with a "Patch-mode evidence lane" callout when patch is set and
swaps the v0.7.0-specific gate table for the patch step list.

Tests
=====

- `release_evidence_patch_step_list_excludes_mutants_nightly`
- `release_evidence_minor_step_list_includes_mutants_nightly`
- `release_evidence_patch_step_list_includes_scanner_safe_reference`
- `release_evidence_patch_step_list_includes_cratesio_smoke`
- `release_evidence_patch_receipt_records_patch_mode`
- `release_evidence_patch_summary_announces_patch_lane`

Minor-lane callers (`release-evidence --version X [--summary]` with
no `--patch`) are unchanged in behavior and continue to run the
full 15-step lane.
@EffortlessSteven EffortlessSteven mentioned this pull request May 11, 2026
4 tasks
EffortlessSteven added a commit that referenced this pull request May 11, 2026
Bump workspace version 0.7.0 -> 0.7.1 and seed the CHANGELOG entry
describing the release-hardening additions (#572, #577, #578, #580,
#581) and docs (#571, #579). No new product surface; no shim removal;
no profile work. Patch evidence lane passes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant