Initial implementation

Author: taiki-e

.clippy.toml

@@ -0,0 +1,13 @@
+# Clippy configuration
+# https://doc.rust-lang.org/nightly/clippy/lint_configuration.html
+
+allow-private-module-inception = true
+avoid-breaking-exported-api = false
+disallowed-names = []
+disallowed-macros = [
+    { path = "std::dbg", reason = "it is okay to use during development, but please do not include it in main branch" },
+]
+disallowed-methods = [
+]
+disallowed-types = [
+]

.cspell.json

@@ -0,0 +1,51 @@
+{
+  "version": "0.2",
+  "gitignoreRoot": ".",
+  "useGitignore": true,
+  "dictionaryDefinitions": [
+    {
+      "name": "organization-dictionary",
+      "path": "https://raw.githubusercontent.com/taiki-e/github-actions/HEAD/.github/.cspell/organization-dictionary.txt",
+      "addWords": true
+    },
+    {
+      "name": "project-dictionary",
+      "path": "./.github/.cspell/project-dictionary.txt",
+      "addWords": true
+    },
+    {
+      "name": "rust-dependencies",
+      "path": "./.github/.cspell/rust-dependencies.txt",
+      "addWords": true
+    }
+  ],
+  "dictionaries": [
+    "organization-dictionary",
+    "project-dictionary",
+    "rust-dependencies"
+  ],
+  "ignoreRegExpList": [
+    // Copyright notice
+    "Copyright .*",
+    // GHA actions/workflows
+    "uses: .+@",
+    // GHA context (repo name, owner name, etc.)
+    "github.\\w+ (=|!)= '.+'",
+    // GH username
+    "( |\\[)@[\\w_-]+",
+    // Git config username
+    "git config user.name .*",
+    // Username in todo comment
+    "(TODO|FIXME)\\([\\w_., -]+\\)",
+    // Cargo.toml authors
+    "authors *= *\\[.*\\]",
+    "\".* <[\\w_.+-]+@[\\w.-]+>\""
+  ],
+  "languageSettings": [
+    {
+      "languageId": ["*"],
+      "dictionaries": ["bash", "rust"]
+    }
+  ],
+  "ignorePaths": ["tests/external/**", "tests/fixtures/**"]
+}

.deny.toml

@@ -0,0 +1,41 @@
+# https://embarkstudios.github.io/cargo-deny/checks/advisories/cfg.html
+[advisories]
+yanked = "deny"
+git-fetch-with-cli = true
+ignore = [
+]
+
+# https://embarkstudios.github.io/cargo-deny/checks/bans/cfg.html
+[bans]
+multiple-versions = "warn"
+wildcards = "deny"
+allow-wildcard-paths = true
+build.executables = "deny"
+build.interpreted = "deny"
+build.include-dependencies = true
+build.include-workspace = false # covered by tools/tidy.sh
+build.include-archives = true
+build.allow-build-scripts = [
+    { name = "proc-macro2" }, # via serde_derive
+    { name = "serde_json" },
+    { name = "serde" },
+]
+build.bypass = [
+]
+
+# https://embarkstudios.github.io/cargo-deny/checks/licenses/cfg.html
+[licenses]
+unused-allowed-license = "deny"
+private.ignore = true
+allow = [
+    "Apache-2.0",
+    "MIT",
+    "Unicode-3.0", # unicode-ident
+]
+
+# https://embarkstudios.github.io/cargo-deny/checks/sources/cfg.html
+[sources]
+unknown-registry = "deny"
+unknown-git = "deny"
+allow-git = [
+]

.editorconfig

@@ -0,0 +1,24 @@
+# EditorConfig configuration
+# https://editorconfig.org
+
+root = true
+
+[*]
+charset = utf-8
+end_of_line = lf
+indent_size = 4
+indent_style = space
+insert_final_newline = true
+trim_trailing_whitespace = true
+
+[*.{css,html,json,md,rb,sh,yml,yaml}]
+indent_size = 2
+
+[*.{js,yml,yaml}]
+quote_type = single
+
+[*.sh]
+# https://google.github.io/styleguide/shellguide.html#s5.3-pipelines
+binary_next_line = true
+# https://google.github.io/styleguide/shellguide.html#s5.5-case-statement
+switch_case_indent = true

.gitattributes

@@ -0,0 +1,3 @@
+* text=auto eol=lf
+.github/.cspell/rust-dependencies.txt linguist-generated
+src/gen/** linguist-generated

.github/.cspell/project-dictionary.txt

@@ -0,0 +1,20 @@
+acvf
+binstall
+buildah
+buildkit
+Dockerfilefromarg
+dockerfiles
+enquote
+hfuzz
+jeztah
+libunwind
+machdep
+memrchr
+moby
+nofrom
+onbuild
+shykes
+TARGETPLATFORM
+testdata
+thrpt
+unparse

.github/.cspell/rust-dependencies.txt

@@ -0,0 +1,19 @@
+version: 2
+updates:
+  - package-ecosystem: cargo
+    directories:
+      - /
+      # crates with [workspace] table are not recognized by the above 'directory: /'
+      - /fuzz
+    schedule:
+      interval: daily
+    commit-message:
+      prefix: ''
+    labels: []
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: daily
+    commit-message:
+      prefix: ''
+    labels: []

.github/dependabot.yml

@@ -0,0 +1,121 @@
+name: CI
+
+permissions:
+  contents: read
+
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+      - dev
+  schedule:
+    - cron: '0 2 * * *'
+  workflow_dispatch:
+
+env:
+  CARGO_INCREMENTAL: 0
+  CARGO_NET_GIT_FETCH_WITH_CLI: true
+  CARGO_NET_RETRY: 10
+  CARGO_TERM_COLOR: always
+  RUST_BACKTRACE: 1
+  RUSTDOCFLAGS: -D warnings
+  RUSTFLAGS: -D warnings
+  RUSTUP_MAX_RETRIES: 10
+
+defaults:
+  run:
+    shell: bash --noprofile --norc -CeEuxo pipefail {0}
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}
+  cancel-in-progress: true
+
+jobs:
+  miri:
+    uses: taiki-e/github-actions/.github/workflows/miri.yml@main
+    with:
+      # NB: sync with test job's --exclude option
+      args: --exclude parse-dockerfile-internal-codegen
+  msrv:
+    uses: taiki-e/github-actions/.github/workflows/msrv.yml@main
+  release-dry-run:
+    uses: taiki-e/github-actions/.github/workflows/release-dry-run.yml@main
+  test:
+    uses: taiki-e/github-actions/.github/workflows/test.yml@main
+    with:
+      # NB: sync with miri job's --exclude option
+      test-args: --exclude parse-dockerfile-internal-codegen
+      build-args: --lib
+      no-std: false
+  tidy:
+    uses: taiki-e/github-actions/.github/workflows/tidy.yml@main
+    permissions:
+      contents: read
+      pull-requests: write # for gh pr edit --add-assignee
+      repository-projects: read # for gh pr edit --add-assignee
+    secrets: inherit
+
+  fuzz:
+    env:
+      FUZZ_MAX_TOTAL_TIME: 60 # 1 minute
+    runs-on: ubuntu-latest
+    timeout-minutes: 60
+    steps:
+      - uses: taiki-e/checkout-action@v1
+      - uses: taiki-e/github-actions/install-rust@nightly
+      - run: sudo apt-get -o Acquire::Retries=10 -qq update && sudo apt-get -o Acquire::Retries=10 -o Dpkg::Use-Pty=0 install -y --no-install-recommends binutils-dev libunwind8-dev
+      - uses: taiki-e/cache-cargo-install-action@v2
+        with:
+          tool: cargo-fuzz
+      # We cannot use cache for cargo-afl because afl.rs requires the cargo-afl binary and afl library to be built with the same compiler version.
+      - run: cargo install cargo-afl --debug --locked
+      - uses: taiki-e/cache-cargo-install-action@v2
+        with:
+          # TODO: Pass --no-default-features
+          tool: honggfuzz
+      - run: cargo fuzz build --features libfuzzer
+      - run: cargo afl build --release --features afl
+        working-directory: fuzz
+      - run: |
+          HFUZZ_BUILD_ARGS="--features honggfuzz" \
+            RUSTFLAGS="${RUSTFLAGS:-} -Z sanitizer=address" \
+            cargo hfuzz build
+        working-directory: fuzz
+      # On scheduled job, run fuzzer $FUZZ_MAX_TOTAL_TIME seconds per target.
+      # TODO: This is currently skipped for libfuzzer due to https://github.com/rust-fuzz/cargo-fuzz/issues/270.
+      # TODO: Honggfuzz
+      - name: Cache AFL++ output
+        uses: actions/cache@v4
+        with:
+          path: fuzz/out
+          key: afl-out-${{ github.run_id }}
+          restore-keys: afl-out-
+        if: github.event_name == 'schedule'
+      - name: Fuzzing with AFL++
+        run: |
+          sudo tee -- /proc/sys/kernel/core_pattern >/dev/null <<<core
+          # shellcheck disable=SC2010
+          for target in $(ls | grep -E '\.rs$' | sed -E 's/\.rs$//'); do
+            cargo afl fuzz -i "seeds/${target}" -o "out/${target}" -V "${FUZZ_MAX_TOTAL_TIME}" "target/release/${target}"
+            rmdir -- "out/${target}/default/crashes" 2>/dev/null || true
+            rmdir -- "out/${target}/default/hangs" 2>/dev/null || true
+            if [[ -d "out/${target}/default/crashes" ]] || [[ -d "out/${target}/default/hangs" ]]; then
+              exit 1
+            fi
+          done
+        working-directory: fuzz
+        if: github.event_name == 'schedule'
+      - name: Archive artifacts
+        run: |
+          if [[ -d out ]]; then
+            tar acvf ../afl-artifacts.tar.gz out
+          fi
+        working-directory: fuzz
+        if: failure() && github.event_name == 'schedule'
+      - name: Upload artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: fuzz-artifacts
+          path: afl-artifacts.tar.gz
+        if: failure() && github.event_name == 'schedule'

.github/workflows/ci.yml

@@ -0,0 +1,82 @@
+name: Release
+
+permissions:
+  contents: read
+
+on:
+  push:
+    tags:
+      - v[0-9]+.*
+
+env:
+  CARGO_INCREMENTAL: 0
+  CARGO_NET_GIT_FETCH_WITH_CLI: true
+  CARGO_NET_RETRY: 10
+  CARGO_TERM_COLOR: always
+  RUST_BACKTRACE: 1
+  RUSTFLAGS: -D warnings
+  RUSTUP_MAX_RETRIES: 10
+
+defaults:
+  run:
+    shell: bash --noprofile --norc -CeEuxo pipefail {0}
+
+jobs:
+  create-release:
+    if: github.repository_owner == 'taiki-e'
+    uses: taiki-e/github-actions/.github/workflows/create-release.yml@main
+    permissions:
+      contents: write
+    secrets: inherit
+
+  upload-assets:
+    name: ${{ matrix.target }}
+    if: github.repository_owner == 'taiki-e'
+    needs: create-release
+    strategy:
+      matrix:
+        include:
+          - target: aarch64-unknown-linux-gnu
+            os: ubuntu-20.04
+          - target: aarch64-unknown-linux-musl
+          - target: aarch64-apple-darwin
+            os: macos-13
+          - target: aarch64-pc-windows-msvc
+            os: windows-2019
+          - target: x86_64-unknown-linux-gnu
+            os: ubuntu-20.04
+          - target: x86_64-unknown-linux-musl
+          - target: x86_64-apple-darwin
+            os: macos-13
+          - target: x86_64-pc-windows-msvc
+            os: windows-2019
+          - target: x86_64-unknown-freebsd
+          - target: x86_64-unknown-illumos
+          - target: universal-apple-darwin
+            os: macos-13
+    runs-on: ${{ matrix.os || 'ubuntu-latest' }}
+    timeout-minutes: 60
+    permissions:
+      contents: write
+    steps:
+      - uses: taiki-e/checkout-action@v1
+      - uses: taiki-e/github-actions/install-rust@stable
+      - uses: taiki-e/setup-cross-toolchain-action@v1
+        with:
+          target: ${{ matrix.target }}
+      - run: printf '%s\n' "RUSTFLAGS=${RUSTFLAGS} -C target-feature=+crt-static" >>"${GITHUB_ENV}"
+        if: contains(matrix.target, '-windows-msvc')
+      - run: printf '%s\n' "RUSTFLAGS=${RUSTFLAGS} -C target-feature=+crt-static -C link-self-contained=yes" >>"${GITHUB_ENV}"
+        if: contains(matrix.target, '-linux-musl')
+      # https://doc.rust-lang.org/rustc/platform-support.html
+      - run: printf 'MACOSX_DEPLOYMENT_TARGET=10.12\n' >>"${GITHUB_ENV}"
+        if: matrix.target == 'x86_64-apple-darwin'
+      - run: printf 'MACOSX_DEPLOYMENT_TARGET=11.0\n' >>"${GITHUB_ENV}"
+        if: matrix.target == 'aarch64-apple-darwin' || matrix.target == 'universal-apple-darwin'
+      - uses: taiki-e/upload-rust-binary-action@v1
+        with:
+          bin: parse-dockerfile
+          target: ${{ matrix.target }}
+          tar: all
+          zip: windows
+          token: ${{ secrets.GITHUB_TOKEN }}