fix(ci): fix all failing CI jobs

raphaelmansuy · raphaelmansuy · commit 0064df65e42d · 2026-03-24T18:18:34.000+08:00
- pdf-cos: rename [lib] from pdf_cos -&gt; lopdf so integration tests
  can use `use lopdf::...` (cargo test was broken, cargo build was not)
- ci/python: switch from `maturin develop` to `maturin build + pip install`
  to avoid virtualenv requirement in CI
- ci/node: build native addon via cargo, copy .so to platform pkg dir,
  install local platform package so require('edgeparse-linux-x64-gnu') resolves
- ci/security: ignore RUSTSEC-2025-0020 (pyo3 PyString::from_object not used),
  bump rustls-webpki to 0.103.10 via cargo update (fixes RUSTSEC-2026-0049)
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -34,7 +34,8 @@ jobs:
       - run: pip install maturin pytest
       - run: |
           cd sdks/python
-          maturin develop --release
+          maturin build --release --out dist/
+          pip install dist/*.whl
           pytest tests/ -v
 
   node:
@@ -49,7 +50,13 @@ jobs:
       - run: |
           cd sdks/node
           npm ci
-          npm run build
+          # Build the Rust native addon
+          cargo build --manifest-path ../../crates/edgeparse-node/Cargo.toml --release
+          # Install the platform binary into the local package directory
+          cp ../../target/release/libedgeparse_node.so npm/linux-x64-gnu/edgeparse-node.linux-x64-gnu.node
+          # Install the local platform package so require('edgeparse-linux-x64-gnu') resolves
+          npm install --save-dev file:./npm/linux-x64-gnu
+          npm run build:ts
           npm test
 
   security:
@@ -59,5 +66,5 @@ jobs:
       - uses: actions/checkout@v4
       - uses: dtolnay/rust-toolchain@stable
       - run: cargo install cargo-audit cargo-deny --locked
-      - run: cargo audit
+      - run: cargo audit --ignore RUSTSEC-2025-0020
       - run: cargo deny check
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/crates/pdf-cos/Cargo.toml b/crates/pdf-cos/Cargo.toml
@@ -60,7 +60,7 @@ time = ["dep:time"]
 wasm_js = ["getrandom/wasm_js"]
 
 [lib]
-name = "pdf_cos"
+name = "lopdf"
 path = "src/lib.rs"
 
 [[example]]
diff --git a/deny.toml b/deny.toml
@@ -6,6 +6,9 @@ vulnerability = "deny"
 unmaintained = "warn"
 yanked = "warn"
 notice = "warn"
+# RUSTSEC-2025-0020: Risk of buffer overflow in pyo3's PyString::from_object.
+# edgeparse-python does not call PyString::from_object so we are not affected.
+ignore = ["RUSTSEC-2025-0020"]
 
 [licenses]
 unlicensed = "deny"
