update to upstream

.github/dependabot.yml

@@ -3,12 +3,15 @@ updates:
 - package-ecosystem: github-actions
   directory: "/"
   schedule:
-    interval: daily
+    interval: monthly
     timezone: America/New_York
   open-pull-requests-limit: 10
 - package-ecosystem: cargo
   directory: "/"
+  # Update only the lockfile. We shouldn't update Cargo.toml unless it's for
+  # a security issue, or if we need a new feature of the dependency.
+  versioning-strategy: lockfile-only
   schedule:
-    interval: daily
+    interval: monthly
     timezone: America/New_York
   open-pull-requests-limit: 10

.github/workflows/coverage.yaml

@@ -23,25 +23,22 @@ jobs:
       RUST_BACKTRACE: full
 
     steps:
-      - uses: actions/checkout@v4.1.1
+      - uses: actions/checkout@v6.0.2
         with:
           persist-credentials: false
 
-      - uses: actions-rs/toolchain@v1.0.7
+      - uses: dtolnay/rust-toolchain@stable
         with:
-          toolchain: stable
-          override: true
-          profile: minimal
-          components: llvm-tools-preview
+          components: llvm-tools
 
       - name: Install cargo-llvm-cov cargo command
         run: cargo install cargo-llvm-cov
 
       - name: Run tests
-        run: cargo llvm-cov --lcov --no-report --ignore-filename-regex '.*(tests).*|benches.rs|gencode|helpers.rs'
+        run: cargo llvm-cov --lcov --no-report --ignore-filename-regex '.*(tests).*|benches.rs|gencode|helpers.rs|interoperability_tests.rs'
 
       - name: Generate coverage report
-        run: cargo llvm-cov report --lcov --ignore-filename-regex '.*(tests).*|benches.rs|gencode|helpers.rs' --output-path lcov.info
+        run: cargo llvm-cov report --lcov --ignore-filename-regex '.*(tests).*|benches.rs|gencode|helpers.rs|interoperability_tests.rs' --output-path lcov.info
 
       - name: Upload coverage report to Codecov
-        uses: codecov/codecov-action@v4.0.1
+        uses: codecov/codecov-action@v6.0.0

.github/workflows/docs.yml

@@ -15,14 +15,20 @@ on:
     paths:
       # doc source files
       - 'book/**'
-      - '**/firebase.json'
-      - 'katex-header.html'
+      # source files; some md files include code snippets that we want to keep up to date
+      - 'frost-*/**'
       # workflow definitions
       - '.github/workflows/docs.yml'
   push:
     branches:
       - main
 
+# Sets permissions for GitHub Pages deployment
+permissions:
+  contents: read
+  pages: write
+  id-token: write
+
 env:
   RUST_LOG: info
   RUST_BACKTRACE: full
@@ -31,26 +37,22 @@ env:
 
 jobs:
   build:
-    name: Build and Deploy Docs (+beta)
+    name: Build Docs (+beta)
     timeout-minutes: 45
     runs-on: ubuntu-latest
     steps:
       - name: Checkout the source code
-        uses: actions/checkout@v4.1.1
+        uses: actions/checkout@v6.0.2
         with:
           persist-credentials: false
 
       - name: Install latest beta
-        uses: actions-rs/toolchain@v1
-        with:
-          toolchain: beta
-          components: rust-docs
-          override: true
+        uses: dtolnay/rust-toolchain@beta
 
       - uses: Swatinem/rust-cache@v2
 
       - name: Setup mdBook
-        uses: peaceiris/actions-mdbook@v1.2.0
+        uses: peaceiris/actions-mdbook@v2.0.0
         with:
           mdbook-version: '0.4.18'
 
@@ -64,23 +66,23 @@ jobs:
         run: |
           mdbook build book/
 
-      - name: Deploy FROST book to Firebase preview channel
-        uses: FirebaseExtended/action-hosting-deploy@v0
-        if: ${{ github.event_name == 'pull_request' && github.actor != 'dependabot[bot]' }}
-        with:
-          entrypoint: "book/"
-          expires: 14d
-          firebaseServiceAccount: ${{ secrets.GCP_SA_KEY }}
-          repoToken: ${{ secrets.GITHUB_TOKEN }}
-          projectId: ${{ vars.FIREBASE_PROJECT_ID }}
-
-      - name: Deploy FROST book to Firebase live channel
-        uses: FirebaseExtended/action-hosting-deploy@v0
+      - name: Upload artifact
+        uses: actions/upload-pages-artifact@v4
         if: ${{ github.event_name == 'push' && github.ref_name == 'main' }}
         with:
-          channelId: live
-          entrypoint: "book/"
-          firebaseServiceAccount: ${{ secrets.GCP_SA_KEY }}
-          repoToken: ${{ secrets.GITHUB_TOKEN }}
-          projectId: ${{ vars.FIREBASE_PROJECT_ID }}
+          path: 'book/book'
+
+  deploy:
+    name: Deploy to GitHub Pages
+    if: ${{ github.event_name == 'push' && github.ref_name == 'main' }}
+    needs: build
+    timeout-minutes: 10
+    runs-on: ubuntu-latest
+    environment:
+      name: github-pages
+      url: ${{ steps.deployment.outputs.page_url }}
+    steps:
+      - name: Deploy to GitHub Pages
+        id: deployment
+        uses: actions/deploy-pages@v5
 

.github/workflows/main.yml

@@ -9,49 +9,100 @@ on:
       - main
 
 jobs:
-
   build_default:
     name: build with default features
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v4.1.1
-      - uses: actions-rs/toolchain@v1.0.7
-        with:
-          toolchain: beta
-          override: true
-      - uses: actions-rs/cargo@v1.0.3
-        with:
-          command: build
+      - uses: actions/checkout@v6.0.2
+      - uses: dtolnay/rust-toolchain@beta
+      - run: cargo build
+
+  build_latest:
+    name: build with latest versions of dependencies
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v6.0.2
+      - uses: dtolnay/rust-toolchain@stable
+      - run: cargo update && cargo build --all-features
+
+  build_msrv:
+    name: build with MSRV (1.81)
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v6.0.2
+      # Re-resolve Cargo.lock with minimal versions.
+      # This only works with nightly. We pin to a specific version because
+      # newer versions use lock file version 4, but the MSRV cargo does not
+      # support that.
+      - uses: dtolnay/rust-toolchain@master
+        with:
+          toolchain: nightly-2024-09-20
+      - run: cargo update -Z minimal-versions
+      # Now check that `cargo build` works with respect to the oldest possible
+      # deps and the stated MSRV
+      - uses: dtolnay/rust-toolchain@1.81
+      - run: cargo build --all-features
+
+  # TODO: this is filling up the disk space in CI. See if there is a way to
+  # workaround it.
+
+  # build_all_features:
+  #   name: build all features combinations
+  #   runs-on: ubuntu-latest
+
+  #   steps:
+  #     - uses: actions/checkout@v6.0.2
+  #     - uses: dtolnay/rust-toolchain@stable
+  #     - run: cargo install cargo-all-features
+  #     # We check and then test because some test dependencies could help
+  #     # a bugged build work, while a regular build would fail.
+  #     # Note that this also builds each crate separately, which also helps
+  #     # catching some issues.
+  #     - run: cargo check-all-features
+  #     # Build all tests. We don't run them to save time, since it's unlikely
+  #     # that tests would fail due to feature combinations.
+  #     - run: cargo test-all-features --no-run
+
+  build_no_std:
+    name: build with no_std
+    runs-on: ubuntu-latest
+    # Skip ed448 which does not support it.
+    strategy:
+      matrix:
+        crate: [ristretto255, ed25519, p256, secp256k1, secp256k1-tr, rerandomized]
+    steps:
+    - uses: actions/checkout@v6.0.2
+    - uses: dtolnay/rust-toolchain@master
+      with:
+        toolchain: stable
+        targets: thumbv6m-none-eabi
+    - run: cargo build -p frost-${{ matrix.crate }} --no-default-features --target thumbv6m-none-eabi
+    - run: cargo build -p frost-${{ matrix.crate }} --no-default-features --features serialization --target thumbv6m-none-eabi
 
   test_beta:
     name: test on beta
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v4.1.1
-      - uses: actions-rs/toolchain@v1.0.7
-        with:
-          toolchain: beta
-          override: true
-      - uses: actions-rs/cargo@v1.0.3
-        with:
-          command: test
-          args: --release --all-features
+      - uses: actions/checkout@v6.0.2
+      - uses: dtolnay/rust-toolchain@beta
+      - run: cargo test --release --all-features
 
   clippy:
     name: Clippy
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v4.1.1
+      - uses: actions/checkout@v6.0.2
         with:
           persist-credentials: false
 
-      - uses: actions-rs/toolchain@v1.0.7
+      - uses: dtolnay/rust-toolchain@stable
         with:
-          toolchain: stable
-          override: true
+          components: clippy
 
       - name: Check workflow permissions
         id: check_permissions
@@ -62,12 +113,9 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Run clippy action to produce annotations
-        uses: actions-rs/clippy-check@v1.0.7
+        uses: clechasseur/rs-clippy-check@v5
         if: ${{ steps.check_permissions.outputs.has-permission }}
         with:
-          # GitHub displays the clippy job and its results as separate entries
-          name: Clippy (stable) Results
-          token: ${{ secrets.GITHUB_TOKEN }}
           args: --all-features --all-targets -- -D warnings
 
       - name: Run clippy manually without annotations
@@ -79,71 +127,56 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v4.1.1
+      - uses: actions/checkout@v6.0.2
         with:
           persist-credentials: false
 
-      - uses: actions-rs/toolchain@v1.0.7
+      - uses: dtolnay/rust-toolchain@stable
         with:
-          toolchain: stable
           components: rustfmt
-          override: true
 
       - uses: Swatinem/rust-cache@v2
 
-      - uses: actions-rs/cargo@v1.0.3
-        with:
-          command: fmt
-          args: --all -- --check
+      - run: cargo fmt --all -- --check
 
   gencode:
     name: Check if automatically generated code is up to date
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v4.1.1
+      - uses: actions/checkout@v6.0.2
         with:
           persist-credentials: false
 
-      - uses: actions-rs/toolchain@v1.0.7
+      - uses: dtolnay/rust-toolchain@stable
         with:
-          toolchain: stable
           components: rustfmt
-          override: true
 
       - uses: Swatinem/rust-cache@v2
 
-      - uses: actions-rs/cargo@v1.0.3
-        with:
-          command: run
-          args: --bin gencode -- --check
+      - run: cargo run --bin gencode -- --check
 
   docs:
     name: Check Rust doc
     runs-on: ubuntu-latest
+    env:
+      RUSTDOCFLAGS: -D warnings
 
     steps:
-      - uses: actions/checkout@v4.1.1
+      - uses: actions/checkout@v6.0.2
         with:
           persist-credentials: false
 
-      - uses: actions-rs/toolchain@v1.0.7
-        with:
-          toolchain: stable
-          profile: minimal
-          override: true
+      - uses: dtolnay/rust-toolchain@stable
 
-      - uses: actions-rs/cargo@v1.0.3
-        with:
-          command: doc
-          args: --no-deps --document-private-items --all-features
+      - run: cargo doc --no-deps --document-private-items --all-features
 
   actionlint:
     runs-on: ubuntu-latest
     continue-on-error: true
     steps:
-      - uses: actions/checkout@v4.1.1
-      - uses: reviewdog/action-actionlint@v1.41.0
+      - uses: actions/checkout@v6.0.2
+      - uses: reviewdog/action-actionlint@v1.72.0
         with:
           level: warning
-          fail_on_error: false
+          fail_level: none

.github/workflows/release-drafter.yml

@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       # Drafts your next Release notes as Pull Requests are merged into main
-      - uses: release-drafter/release-drafter@v6
+      - uses: release-drafter/release-drafter@v7
         with:
           # (Optional) specify config name to use, relative to .github/. Default: release-drafter.yml
           config-name: release-drafter.yml

.gitignore

@@ -1,6 +1,5 @@
 /target
 **/*.rs.bk
-Cargo.lock
 *~
 **/.DS_Store
 .vscode/*