From b3c2df004ae934a81fcb0db397934ee75a9f2e77 Mon Sep 17 00:00:00 2001 From: Xenira <1288524+Xenira@users.noreply.github.com> Date: Wed, 29 Oct 2025 07:58:19 +0100 Subject: [PATCH] ci(release): switch to trusted publishing See https://crates.io/docs/trusted-publishing --- .github/workflows/release-plz.yml | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release-plz.yml b/.github/workflows/release-plz.yml index 90a22477e..ca5fe3206 100644 --- a/.github/workflows/release-plz.yml +++ b/.github/workflows/release-plz.yml @@ -15,6 +15,8 @@ jobs: release-plz-release: name: Release-plz release runs-on: ubuntu-latest + permissions: + id-token: write if: ${{ github.event.workflow_run.conclusion == 'success' }} env: clang: '17' @@ -50,17 +52,22 @@ jobs: echo "LIBCLANG_PATH=${{ runner.temp }}/llvm-${{ env.clang }}/lib" >> $GITHUB_ENV echo "LLVM_VERSION=${{ steps.clang.outputs.version }}" >> $GITHUB_ENV echo "LLVM_CONFIG_PATH=${{ runner.temp }}/llvm-${{ env.clang }}/bin/llvm-config" >> $GITHUB_ENV + - name: Authenticate to crates.io + uses: rust-lang/crates-io-auth-action@v1 + id: auth - name: Run release-plz uses: release-plz/action@v0.5 with: command: release env: GITHUB_TOKEN: ${{ secrets.RELEASE_PLZ_TOKEN }} - CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }} + CARGO_REGISTRY_TOKEN: ${{ steps.auth.outputs.token }} release-plz-pr: name: Release-plz PR runs-on: ubuntu-latest + permissions: + id-token: write if: ${{ github.event.workflow_run.conclusion == 'success' }} concurrency: group: release-plz-${{ github.ref }} @@ -72,10 +79,13 @@ jobs: fetch-depth: 0 - name: Install Rust toolchain uses: dtolnay/rust-toolchain@stable + - name: Authenticate to crates.io + uses: rust-lang/crates-io-auth-action@v1 + id: auth - name: Run release-plz uses: release-plz/action@v0.5 with: command: release-pr env: GITHUB_TOKEN: ${{ secrets.RELEASE_PLZ_TOKEN }} - CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }} + CARGO_REGISTRY_TOKEN: ${{ steps.auth.outputs.token }}