chore: Update from '_rust/main' template

Author: epage

.clippy.toml

@@ -1 +1,12 @@
-msrv = "1.64.0"  # MSRV
+msrv = "1.65.0"  # MSRV
+warn-on-all-wildcard-imports = true
+allow-expect-in-tests = true
+allow-unwrap-in-tests = true
+allow-dbg-in-tests = true
+allow-print-in-tests = true
+disallowed-methods = [
+    { path = "std::option::Option::map_or", reason = "use `map(..).unwrap_or(..)`" },
+    { path = "std::option::Option::map_or_else", reason = "use `map(..).unwrap_or_else(..)`" },
+    { path = "std::result::Result::map_or", reason = "use `map(..).unwrap_or(..)`" },
+    { path = "std::result::Result::map_or_else", reason = "use `map(..).unwrap_or_else(..)`" },
+]

.github/renovate.json5

@@ -4,7 +4,33 @@
   ],
   "semanticCommits": "enabled",
   "configMigration": true,
+  "dependencyDashboard": true,
+  "regexManagers": [
+    {
+      "fileMatch": [
+        "^rust-toolchain\\.toml$",
+        "Cargo.toml$",
+        "clippy.toml$",
+        "\.clippy.toml$",
+        "^\.github/workflows/ci.yml$",
+        "^\.github/workflows/rust-next.yml$",
+      ],
+      "matchStrings": [
+        "MSRV.*?(?<currentValue>\\d+\\.\\d+(\\.\\d+)?)",
+        "(?<currentValue>\\d+\\.\\d+(\\.\\d+)?).*?MSRV",
+      ],
+      "depNameTemplate": "rust",
+      "packageNameTemplate": "rust-lang/rust",
+      "datasourceTemplate": "github-releases",
+    }
+  ],
   "packageRules": [
+    {
+      "commitMessageTopic": "MSRV",
+      "matchManagers": ["regex"],
+      "matchPackageNames": ["rust"],
+      "stabilityDays": 126,  // 3 releases * 6 weeks per release * 7 days per week
+    },
     // Goals:
     // - Keep version reqs low, ignoring compatible normal/build dependencies
     // - Take advantage of latest dev-dependencies

.github/settings.yml

@@ -1,9 +1,9 @@
 # These settings are synced to GitHub by https://probot.github.io/apps/settings/
 
 repository:
-  description: Filesystem fixtures and assertions.
-  homepage: docs.rs/assert_fs
-  topics: rust fs test
+  description: "Filesystem fixtures and assertions."
+  homepage: "docs.rs/assert_fs"
+  topics: "rust fs test"
   has_issues: true
   has_projects: false
   has_wiki: false
@@ -21,19 +21,19 @@ labels:
   # Type
   - name: bug
     color: '#b60205'
-    description: Not as expected
+    description: "Not as expected"
   - name: enhancement
     color: '#1d76db'
-    description: Improve the expected
+    description: "Improve the expected"
   # Flavor
   - name: question
     color: "#cc317c"
-    description: Uncertainty is involved
+    description: "Uncertainty is involved"
   - name: breaking-change
     color: "#e99695"
   - name: good first issue
     color: '#c2e0c6'
-    description: Help wanted!
+    description: "Help wanted!"
 
 branches:
   - name: master

.github/workflows/audit.yml

@@ -1,21 +1,49 @@
 name: Security audit
+
+permissions:
+  contents: read
+
 on:
   pull_request:
     paths:
       - '**/Cargo.toml'
       - '**/Cargo.lock'
   push:
-    paths:
-      - '**/Cargo.toml'
-      - '**/Cargo.lock'
-  schedule:
-  - cron: '6 6 6 * *'
+    branches:
+    - master
+
+env:
+  RUST_BACKTRACE: 1
+  CARGO_TERM_COLOR: always
+  CLICOLOR: 1
+
 jobs:
   security_audit:
+    permissions:
+      issues: write # to create issues (actions-rs/audit-check)
+      checks: write # to create check (actions-rs/audit-check)
     runs-on: ubuntu-latest
+    # Prevent sudden announcement of a new advisory from failing ci:
+    continue-on-error: true
     steps:
     - name: Checkout repository
       uses: actions/checkout@v3
     - uses: actions-rs/audit-check@v1
       with:
         token: ${{ secrets.GITHUB_TOKEN }}
+
+  cargo_deny:
+    permissions:
+      issues: write # to create issues (actions-rs/audit-check)
+      checks: write # to create check (actions-rs/audit-check)
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        checks:
+          - bans licenses sources
+    steps:
+    - uses: actions/checkout@v3
+    - uses: EmbarkStudios/cargo-deny-action@v1
+      with:
+        command: check ${{ matrix.checks }}
+        rust-version: stable

.github/workflows/ci.yml

@@ -1,23 +1,23 @@
 name: CI
+
+permissions:
+  contents: read
+
 on:
   pull_request:
-    paths:
-    - '**'
-    - '!/*.md'
-    - '!/docs/**'
-    - "!/LICENSE-*"
   push:
     branches:
     - master
-    paths:
-    - '**'
-    - '!/*.md'
-    - '!/docs/**'
-    - "!/LICENSE-*"
-  schedule:
-  - cron: '13 13 13 * *'
+
+env:
+  RUST_BACKTRACE: 1
+  CARGO_TERM_COLOR: always
+  CLICOLOR: 1
+
 jobs:
   ci:
+    permissions:
+      contents: none
     name: CI
     needs: [test, msrv, docs, rustfmt, clippy]
     runs-on: ubuntu-latest
@@ -36,11 +36,9 @@ jobs:
     - name: Checkout repository
       uses: actions/checkout@v3
     - name: Install Rust
-      uses: actions-rs/toolchain@v1
+      uses: dtolnay/rust-toolchain@stable
       with:
         toolchain: ${{ matrix.rust }}
-        profile: minimal
-        override: true
     - uses: Swatinem/rust-cache@v2
     - name: Build
       run: cargo test --no-run --workspace --all-features
@@ -51,17 +49,15 @@ jobs:
     - name: No-default features
       run: cargo test --workspace --no-default-features
   msrv:
-    name: "Check MSRV: 1.64.0"
+    name: "Check MSRV: 1.65.0"
     runs-on: ubuntu-latest
     steps:
     - name: Checkout repository
       uses: actions/checkout@v3
     - name: Install Rust
-      uses: actions-rs/toolchain@v1
+      uses: dtolnay/rust-toolchain@stable
       with:
-        toolchain: 1.64.0  # MSRV
-        profile: minimal
-        override: true
+        toolchain: 1.65.0  # MSRV
     - uses: Swatinem/rust-cache@v2
     - name: Default features
       run: cargo check --workspace --all-targets
@@ -76,11 +72,9 @@ jobs:
     - name: Checkout repository
       uses: actions/checkout@v3
     - name: Install Rust
-      uses: actions-rs/toolchain@v1
+      uses: dtolnay/rust-toolchain@stable
       with:
         toolchain: stable
-        profile: minimal
-        override: true
     - uses: Swatinem/rust-cache@v2
     - name: Check documentation
       env:
@@ -93,32 +87,42 @@ jobs:
     - name: Checkout repository
       uses: actions/checkout@v3
     - name: Install Rust
-      uses: actions-rs/toolchain@v1
+      uses: dtolnay/rust-toolchain@stable
       with:
         # Not MSRV because its harder to jump between versions and people are
         # more likely to have stable
         toolchain: stable
-        profile: minimal
-        override: true
         components: rustfmt
     - uses: Swatinem/rust-cache@v2
     - name: Check formatting
       run: cargo fmt --all -- --check
   clippy:
     name: clippy
     runs-on: ubuntu-latest
+    permissions:
+      security-events: write # to upload sarif results
     steps:
     - name: Checkout repository
       uses: actions/checkout@v3
     - name: Install Rust
-      uses: actions-rs/toolchain@v1
+      uses: dtolnay/rust-toolchain@stable
       with:
-        toolchain: 1.64.0  # MSRV
-        profile: minimal
-        override: true
+        toolchain: 1.65.0  # MSRV
         components: clippy
     - uses: Swatinem/rust-cache@v2
-    - uses: actions-rs/clippy-check@v1
+    - name: Install SARIF tools
+      run: cargo install clippy-sarif --version 0.3.4 --locked  # Held back due to msrv
+    - name: Install SARIF tools
+      run: cargo install sarif-fmt --version 0.3.4 --locked # Held back due to msrv
+    - name: Check
+      run: >
+        cargo clippy --workspace --all-features --all-targets --message-format=json -- -D warnings --allow deprecated
+        | clippy-sarif
+        | tee clippy-results.sarif
+        | sarif-fmt
+      continue-on-error: true
+    - name: Upload
+      uses: github/codeql-action/upload-sarif@v2
       with:
-        token: ${{ secrets.GITHUB_TOKEN }}
-        args: --workspace --all-features --all-targets -- -D warnings --allow deprecated
+        sarif_file: clippy-results.sarif
+        wait-for-processing: true

.github/workflows/committed.yml

@@ -3,6 +3,14 @@
 name: Lint Commits
 on: [pull_request]
 
+permissions:
+  contents: read
+
+env:
+  RUST_BACKTRACE: 1
+  CARGO_TERM_COLOR: always
+  CLICOLOR: 1
+
 jobs:
   committed:
     name: Lint Commits

.github/workflows/pre-commit.yml

@@ -1,10 +1,21 @@
 name: pre-commit
+
+permissions: {} # none
+
 on:
   pull_request:
   push:
     branches: [master]
+
+env:
+  RUST_BACKTRACE: 1
+  CARGO_TERM_COLOR: always
+  CLICOLOR: 1
+
 jobs:
   pre-commit:
+    permissions:
+      contents: read
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v3

.github/workflows/rust-next.yml

@@ -1,7 +1,17 @@
 name: rust-next
+
+permissions:
+  contents: read
+
 on:
   schedule:
   - cron: '6 6 6 * *'
+
+env:
+  RUST_BACKTRACE: 1
+  CARGO_TERM_COLOR: always
+  CLICOLOR: 1
+
 jobs:
   test:
     name: Test
@@ -18,61 +28,13 @@ jobs:
     - name: Checkout repository
       uses: actions/checkout@v3
     - name: Install Rust
-      uses: actions-rs/toolchain@v1
+      uses: dtolnay/rust-toolchain@stable
       with:
         toolchain: ${{ matrix.rust }}
-        profile: minimal
-        override: true
     - uses: Swatinem/rust-cache@v2
     - name: Default features
       run: cargo test --workspace
     - name: All features
       run: cargo test --workspace --all-features
     - name: No-default features
       run: cargo test --workspace --no-default-features
-  rustfmt:
-    name: rustfmt
-    strategy:
-      matrix:
-        rust:
-        - stable
-        - beta
-    continue-on-error: ${{ matrix.rust != 'stable' }}
-    runs-on: ubuntu-latest
-    steps:
-    - name: Checkout repository
-      uses: actions/checkout@v3
-    - name: Install Rust
-      uses: actions-rs/toolchain@v1
-      with:
-        toolchain: ${{ matrix.rust }}
-        profile: minimal
-        override: true
-        components: rustfmt
-    - uses: Swatinem/rust-cache@v2
-    - name: Check formatting
-      run: cargo fmt --all -- --check
-  clippy:
-    name: clippy
-    strategy:
-      matrix:
-        rust:
-        - 1.64.0  # MSRV
-        - stable
-    continue-on-error: ${{ matrix.rust != '1.64.0' }}  # MSRV
-    runs-on: ubuntu-latest
-    steps:
-    - name: Checkout repository
-      uses: actions/checkout@v3
-    - name: Install Rust
-      uses: actions-rs/toolchain@v1
-      with:
-        toolchain: ${{ matrix.rust }}
-        profile: minimal
-        override: true
-        components: clippy
-    - uses: Swatinem/rust-cache@v2
-    - uses: actions-rs/clippy-check@v1
-      with:
-        token: ${{ secrets.GITHUB_TOKEN }}
-        args: --workspace --all-features --all-targets -- -D warnings