Tidy a few

.cargo/config.toml

@@ -0,0 +1,9 @@
+# The backtrace for rust is almost as large as the entire binary.
+# = Huge reduction in binary size by removing all that.
+[profile.release]
+panic = "immediate-abort"
+
+[unstable]
+panic-immediate-abort = true
+build-std = ["std", "panic_abort"]
+build-std-features = ["optimize_for_size"]

.github/dependabot.yml

@@ -1,44 +1,10 @@
-# To get started with Dependabot version updates, you'll need to specify which
-# package ecosystems to update and where the package manifests are located.
-# Please see the documentation for all configuration options:
-# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
-
 version: 2
 updates:
   - package-ecosystem: cargo
-    directory: "/"
+    directory: /
     schedule:
       interval: daily
-      time: "20:00"
-    assignees:
-      - xosnrdev
-    commit-message:
-      prefix: "chore"
-      include: "scope"
-    groups:
-      dev-deps:
-        dependency-type: development
-        update-types:
-          - patch
-          - minor
-      deps:
-        dependency-type: production
-        update-types:
-          - patch
-          - minor
-
-  - package-ecosystem: "github-actions"
-    directory: "/"
+  - package-ecosystem: github-actions
+    directory: /
     schedule:
-      interval: weekly
-      time: "20:02"
-    assignees:
-      - xosnrdev
-    commit-message:
-      prefix: "chore"
-      include: "scope"
-    groups:
-      ci-deps:
-        update-types:
-          - patch
-          - minor
+      interval: daily

.github/workflows/ci.yml

@@ -2,24 +2,41 @@ name: CI
 
 on:
   push:
-    branches: [main]
+    branches:
+      - main
   pull_request:
-  workflow_dispatch:
+    branches:
+      - main
+
+permissions:
+  contents: read
 
 env:
   CARGO_TERM_COLOR: always
 
 jobs:
-  lint:
+  check:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
-
-      - name: Install rust toolchain
-        uses: dtolnay/rust-toolchain@stable
-
+      - name: Checkout
+        uses: actions/checkout@v6
+      # https://github.com/actions/cache/blob/main/examples.md#rust---cargo
+      # Depends on `Cargo.lock` --> Has to be after checkout.
+      - uses: actions/cache@v5
+        with:
+          path: |
+            ~/.cargo/bin/
+            ~/.cargo/registry/index/
+            ~/.cargo/registry/cache/
+            ~/.cargo/git/db/
+            target/
+          key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
+      - name: Install Rust
+        run: |
+          rustup toolchain install nightly --no-self-update --profile minimal --component rust-src,rustfmt,clippy
       - name: Check formatting
         run: cargo fmt --all -- --check
-
+      - name: Run tests
+        run: cargo test --all-features --all-targets
       - name: Run clippy
-        run: cargo clippy --all-targets --all-features -- -D warnings
+        run: cargo clippy --all-features --all-targets -- --no-deps --deny warnings -W clippy::pedantic

.github/workflows/release.yml

@@ -1,4 +1,4 @@
-# This file was autogenerated by dist: https://opensource.axo.dev/cargo-dist/
+# This file was autogenerated by dist: https://axodotdev.github.io/cargo-dist
 #
 # Copyright 2022-2024, axodotdev
 # SPDX-License-Identifier: MIT or Apache-2.0
@@ -47,7 +47,7 @@ on:
 jobs:
   # Run 'dist plan' (or host) to determine what tasks we need to do
   plan:
-    runs-on: "ubuntu-latest"
+    runs-on: "ubuntu-22.04"
     outputs:
       val: ${{ steps.plan.outputs.manifest }}
       tag: ${{ !github.event.pull_request && github.ref_name || '' }}
@@ -58,12 +58,13 @@ jobs:
     steps:
       - uses: actions/checkout@v4
         with:
+          persist-credentials: false
           submodules: recursive
       - name: Install dist
         # we specify bash to get pipefail; it guards against the `curl` command
         # failing. otherwise `sh` won't catch that `curl` returned non-0
         shell: bash
-        run: "curl --proto '=https' --tlsv1.2 -LsSf https://github.com/axodotdev/cargo-dist/releases/download/v0.28.0/cargo-dist-installer.sh | sh"
+        run: "curl --proto '=https' --tlsv1.2 -LsSf https://github.com/axodotdev/cargo-dist/releases/download/v0.30.3/cargo-dist-installer.sh | sh"
       - name: Cache dist
         uses: actions/upload-artifact@v4
         with:
@@ -117,6 +118,7 @@ jobs:
           git config --global core.longpaths true
       - uses: actions/checkout@v4
         with:
+          persist-credentials: false
           submodules: recursive
       - name: Install Rust non-interactively if not already installed
         if: ${{ matrix.container }}
@@ -168,13 +170,14 @@ jobs:
     needs:
       - plan
       - build-local-artifacts
-    runs-on: "ubuntu-latest"
+    runs-on: "ubuntu-22.04"
     env:
       GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       BUILD_MANIFEST_NAME: target/distrib/global-dist-manifest.json
     steps:
       - uses: actions/checkout@v4
         with:
+          persist-credentials: false
           submodules: recursive
       - name: Install cached dist
         uses: actions/download-artifact@v4
@@ -214,16 +217,17 @@ jobs:
       - plan
       - build-local-artifacts
       - build-global-artifacts
-    # Only run if we're "publishing", and only if local and global didn't fail (skipped is fine)
-    if: ${{ always() && needs.plan.outputs.publishing == 'true' && (needs.build-global-artifacts.result == 'skipped' || needs.build-global-artifacts.result == 'success') && (needs.build-local-artifacts.result == 'skipped' || needs.build-local-artifacts.result == 'success') }}
+    # Only run if we're "publishing", and only if plan, local and global didn't fail (skipped is fine)
+    if: ${{ always() && needs.plan.result == 'success' && needs.plan.outputs.publishing == 'true' && (needs.build-global-artifacts.result == 'skipped' || needs.build-global-artifacts.result == 'success') && (needs.build-local-artifacts.result == 'skipped' || needs.build-local-artifacts.result == 'success') }}
     env:
       GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-    runs-on: "ubuntu-latest"
+    runs-on: "ubuntu-22.04"
     outputs:
       val: ${{ steps.host.outputs.manifest }}
     steps:
       - uses: actions/checkout@v4
         with:
+          persist-credentials: false
           submodules: recursive
       - name: Install cached dist
         uses: actions/download-artifact@v4
@@ -282,10 +286,11 @@ jobs:
     # still allowing individual publish jobs to skip themselves (for prereleases).
     # "host" however must run to completion, no skipping allowed!
     if: ${{ always() && needs.host.result == 'success' }}
-    runs-on: "ubuntu-latest"
+    runs-on: "ubuntu-22.04"
     env:
       GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     steps:
       - uses: actions/checkout@v4
         with:
+          persist-credentials: false
           submodules: recursive

Cargo.toml

@@ -1,11 +1,10 @@
 [package]
 name = "rce-engine"
 version = "1.2.71"
-authors = ["ToolKitHub"]
+edition = "2024"
+authors = ["ToolKitHub <xosnrdev@gmail.com>"]
 description = "A secure service for running untrusted code inside isolated Docker containers via a simple HTTP API"
-homepage = "https://github.com/ToolKitHub/rce-engine?tab=readme-ov-file#readme"
 repository = "https://github.com/ToolKitHub/rce-engine"
-edition = "2024"
 license = "MIT"
 
 [dependencies]
@@ -18,18 +17,17 @@ log = "0.4.29"
 serde = { version = "1.0.228", features = ["derive"] }
 serde_json = "1.0.145"
 
-# We use `opt-level = "s"` as it significantly reduces binary size.
+# See https://doc.rust-lang.org/cargo/reference/profiles.html
+# See default profiles: https://doc.rust-lang.org/cargo/reference/profiles.html#default-profiles
 [profile.release]
-codegen-units = 1           # reduces binary size by ~2%
-debug = "full"              # No one needs an undebuggable release binary
-lto = true                  # reduces binary size by ~14%
-opt-level = "s"             # reduces binary size by ~25%
-panic = "abort"             # reduces binary size by ~50% in combination with -Zbuild-std-features=panic_immediate_abort
-split-debuginfo = "packed"  # generates a separate *.dwp/*.dSYM so the binary can get stripped
-strip = "symbols"           # See split-debuginfo - allows us to drop the size by ~65%
-incremental = true          # Improves re-compile times
+codegen-units = 1          # reduces binary size by ~2%
+lto = true                 # reduces binary size by ~14%
+panic = "abort"            # reduces binary size by ~50% in combination with -Zbuild-std-features=panic_immediate_abort
+split-debuginfo = "packed" # generates a separate *.dwp/*.dSYM so the binary can get stripped
+strip = "symbols"          # See split-debuginfo - allows us to drop the size by ~65%
+incremental = true         # Improves re-compile times
 
 # The profile that 'dist' will build with
 [profile.dist]
 inherits = "release"
-
+lto = "thin"

README.md

@@ -1,10 +1,10 @@
 # rce-engine
 
-**rce-engine** is a secure service for running untrusted code inside isolated Docker containers via a simple HTTP API. See [supported languages](https://github.com/ToolKitHub/rce-runner)
+A secure service for running untrusted code inside isolated Docker containers via a simple HTTP API. See [supported programming languages](https://github.com/ToolKitHub/rce-runner)
 
-[View full documentation](DOCUMENTATION.md)
+See [Documentation](DOCUMENTATION.md) for more details.
 
-## Why Use rce-engine?
+## Features
 
 - **Security First**: Run untrusted code safely in isolated containers
 - **Language Support**: Execute code in 41 programming languages
@@ -14,14 +14,16 @@
 
 ## Quick Start
 
-**Requirements**:
+**System Requirements**:
+
 - Ubuntu 22.04+
 - Docker installed
 
 ### Installation
 
 For installation instructions, see:
-- [Standard Installation Guide](docs/install/ubuntu-22.04.md) (recommended)
+
+- [Standard Installation Guide](docs/install/ubuntu-22.04.md)
 - [Enhanced Security Installation with gVisor](docs/install/ubuntu-22.04-gvisor.md)
 
 ### Basic Usage
@@ -33,16 +35,17 @@ curl --request POST \
      --header 'X-Access-Token: your-token-here' \
      --header 'Content-Type: application/json' \
      --data '{
-       "image": "toolkithub/python:latest", 
+       "image": "toolkithub/python:latest",
        "payload": {
-         "language": "python", 
+         "language": "python",
          "files": [{"name": "main.py", "content": "print(\"Hello world!\")"}]
        }
      }' \
      --url 'http://localhost:8080/run'
 ```
 
 Response:
+
 ```json
 {
   "stdout": "Hello world!\n",
@@ -57,7 +60,6 @@ Response:
 - [API Reference](docs/api/run.md)
 - [Installation guides](docs/install/)
 
-
 ## License
 
-See [License](./LICENSE)
+This project is licensed under the [MIT License](./LICENSE)

dist-workspace.toml

@@ -4,18 +4,14 @@ members = ["cargo:."]
 # Config for 'dist'
 [dist]
 # The preferred dist version to use in CI (Cargo.toml SemVer syntax)
-cargo-dist-version = "0.28.0"
+cargo-dist-version = "0.30.3"
 # CI backends to support
 ci = "github"
 # The installers to generate for each app
 installers = ["shell"]
 # Target platforms to build apps for (Rust target-triple syntax)
 targets = ["x86_64-unknown-linux-gnu"]
 # Path that installers should place binaries in
-install-path = "CARGO_HOME"
+install-path = "~/rce/bin"
 # Whether to install an updater program
-install-updater = true
-
-[dist.github-custom-runners]
-global = "ubuntu-latest"
-x86_64-unknown-linux-gnu = "ubuntu-latest"
+install-updater = false

docs/install/ubuntu-22.04.md

@@ -32,9 +32,9 @@ Since rce-engine will run as a service under the `rce` user, install it directly
 sudo mkdir -p /home/rce/bin
 
 # Install directly to the service user's directory
-sudo -u rce RCE_ENGINE_INSTALL_DIR=/home/rce/bin curl --proto '=https' --tlsv1.2 -LsSf https://github.com/ToolKitHub/rce-engine/releases/download/v1.2.71/rce-engine-installer.sh | sh
+sudo -u rce curl --proto '=https' --tlsv1.2 -LsSf https://github.com/ToolKitHub/rce-engine/releases/download/v1.2.71/rce-engine-installer.sh | sh
 
-# Ensure correct permissions
+# Set execute permissions
 sudo chmod +rx /home/rce/bin/rce-engine
 ```
 

rust-toolchain.toml

@@ -1,3 +1,2 @@
 [toolchain]
-channel = "1.88.0"
-components = ["rustfmt", "clippy"]
+channel = "nightly"

rustfmt.toml

@@ -0,0 +1,7 @@
+style_edition = "2024"
+use_small_heuristics = "Max"
+group_imports = "StdExternalCrate"
+imports_granularity = "Module"
+format_code_in_doc_comments = true
+newline_style = "Unix"
+use_field_init_shorthand = true