Skip to content

Add release-plz automated release pipeline#1

Merged
rubenhensen merged 3 commits into
mainfrom
add-release-plz
May 18, 2026
Merged

Add release-plz automated release pipeline#1
rubenhensen merged 3 commits into
mainfrom
add-release-plz

Conversation

@rubenhensen
Copy link
Copy Markdown

@rubenhensen rubenhensen commented May 18, 2026
edited
Loading

Summary

  • Adds release-plz.toml configuring single-crate releases for irma with v<version> tags and cargo-semver-checks enabled.
  • Adds .github/workflows/release-plz.yml with two jobs: release-plz-pr (maintains an open release PR with version bump + changelog) and release-plz-release (tags, creates a GitHub release, and publishes to crates.io after the release PR merges).
  • Uses crates.io trusted publishing (OIDC via id-token: write) — no CARGO_REGISTRY_TOKEN secret needed.

Follow-ups before the first release works end-to-end

  • Configure trusted publishing for the irma crate on crates.io (Settings -> Trusted Publishing): repository encryption4all/irmars, workflow release-plz.yml, no environment. Per crates.io's limitation, the first publish of a new crate must still be done manually — trusted publishing only works on crates that already exist on crates.io. The irma crate is owned by the original tweedegolf maintainers, so either request ownership or rename the crate (e.g. irma-e4a) and do the first manual publish yourself.
  • In Settings -> Actions -> General -> Workflow permissions, enable "Allow GitHub Actions to create and approve pull requests" so the release PR can be opened.
  • Cargo.toml still points repository = "https://github.com/tweedegolf/irmars"; update to encryption4all/irmars before the first publish.

Test plan

  • Merge this PR and confirm the release-plz-pr job opens a "chore: release" PR.
  • Merge the release PR and confirm release-plz-release creates the tag, GitHub release, and (once trusted publishing + crate ownership are in place) publishes to crates.io.

@rubenhensen
Add release-plz automated release pipeline
6648b68 
Configures release-plz to manage version bumps, changelog generation,
git tags, GitHub releases, and crates.io publishing on push to main.
dobby-coder[bot]
dobby-coder Bot approved these changes May 18, 2026
View reviewed changes
Copy link
Copy Markdown

@dobby-coder dobby-coder Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed the diff and ran through the release-plz config against the crate layout.

Looks good

  • release-plz.toml uses the right structure for a single-crate repo (the [workspace] table is release-plz's global-defaults section, not a Cargo workspace declaration — correct usage here).
  • git_tag_name = "v{{ version }}" matches the existing v0.1.0 / v0.2.1 tags already on main, so release-plz won't try to retag old versions.
  • semver_check = true is a nice safety net before publishing.
  • Workflow split into a release-pr job and a release job is the canonical release-plz setup; permissions are correctly scoped per job.
  • fetch-depth: 0 + persist-credentials: false are the recommended settings.

Minor observations (non-blocking)

  • CARGO_REGISTRY_TOKEN is exported into the release-plz-pr job too. Harmless, but only the release job actually publishes, so it could be dropped from the PR job.
  • id-token: write on the release job is only needed if you switch to OIDC trusted publishing on crates.io. Since the plan is to use CARGO_REGISTRY_TOKEN, it's currently unused — fine to leave for future use.
  • No concurrency group on release-plz-release. Probably fine because it only fires on push-to-main after a release-PR merge, but adding one would prevent overlap if two release PRs land back-to-back.

Prerequisites are already called out in the PR bodyCARGO_REGISTRY_TOKEN secret, crate ownership on crates.io (or rename), workflow permissions toggle, and the repository = "tweedegolf/irmars" URL in Cargo.toml. Nothing to add there.

Approving — this can land as-is, and the follow-ups in the description gate the first successful publish, not the merge.

@rubenhensen
Use trusted publishing for crates.io
240c094 
Remove CARGO_REGISTRY_TOKEN; release-plz authenticates via OIDC
using id-token: write, per the release-plz quickstart guide.
@rubenhensen
Rename crate to irmars for the fork
9f05f2d 
The original 'irma' name is taken on crates.io by the upstream
tweedegolf maintainers, so publish the fork as 'irmars' to match
the repository name. Also update the repository URL to point at
the encryption4all fork and add a readme field.
@rubenhensen rubenhensen merged commit e21067a into main May 18, 2026
1 of 2 checks passed
@rubenhensen rubenhensen deleted the add-release-plz branch May 18, 2026 08:45
@dobby-coder dobby-coder Bot mentioned this pull request May 19, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dobby-coder dobby-coder[bot] dobby-coder[bot] approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@rubenhensen