From 2ce86d29066fee303cee1ad64731845e7ebaba36 Mon Sep 17 00:00:00 2001 From: kanarus Date: Sat, 13 Sep 2025 23:36:45 +0900 Subject: [PATCH 1/2] chore(workflow): switch to Trusted Publish --- .github/CODEOWNERS | 1 + .github/workflows/CI.yml | 4 ++-- .github/workflows/Publish.yml | 39 ++++++++++++++++++++++------------- 3 files changed, 28 insertions(+), 16 deletions(-) create mode 100644 .github/CODEOWNERS diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 0000000..6a53119 --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1 @@ +* @kanarus diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml index a5872a2..f10095c 100644 --- a/.github/workflows/CI.yml +++ b/.github/workflows/CI.yml @@ -3,7 +3,7 @@ name: CI on: pull_request: push: - branches: [main, v*] + branches: ['main', 'v*'] jobs: build: @@ -14,7 +14,7 @@ jobs: toolchain: [stable, nightly] steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - run: | rustup update diff --git a/.github/workflows/Publish.yml b/.github/workflows/Publish.yml index a1c96d1..a84e863 100644 --- a/.github/workflows/Publish.yml +++ b/.github/workflows/Publish.yml @@ -2,45 +2,56 @@ name: Publish on: push: - tags: [v*] - -permissions: - contents: write + tags: ['v*'] jobs: publish: runs-on: ubuntu-latest + environment: + name: publishing + + permissions: + contents: write # for creating GitHub Release + id-token: write # for OIDC authentication + steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 with: ref: main fetch-depth: 0 - - - run: | + + - name: Ensure main branch + run: | BRANCHS=$(git branch --contains ${{ github.ref_name }}) set -- $BRANCHS - for BRANCH in $BRANCHS ; do + for BRANCH in $BRANCHS; do if [[ "$BRANCH" == "main" ]]; then exit 0 fi done exit 1 - - - name: (for compiling to pass) install mujoco and set MUJOCO_DIR + + - name: install MuJoCo and set MUJOCO_DIR (for compiling to pass) run: | mkdir -p $HOME/.mujoco && cd $HOME/.mujoco wget https://github.com/google-deepmind/mujoco/releases/download/3.3.2/mujoco-3.3.2-linux-x86_64.tar.gz tar -xzf mujoco-3.3.2-linux-x86_64.tar.gz echo "MUJOCO_DIR=$HOME/.mujoco/mujoco-3.3.2" >> $GITHUB_ENV - - name: Publish packages + - uses: rust-lang/crates-io-auth-action@v1 + id: cratesio_auth + + - name: Trusted Publish to crates.io env: - CARGO_REGISTRY_TOKEN: ${{ secrets.CRATES_IO_TOKEN }} + CARGO_REGISTRY_TOKEN: ${{ steps.cratesio_auth.outputs.token }} run: | - cargo publish -p rusty_mujoco + cargo publish --package ohkami_openapi + cargo publish --package ohkami_macros + cargo publish --package ohkami_lib + cargo publish --package ohkami - - name: Create release + - name: Create GitHub Release env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | From bd663523dcb3b07bc3310f79372fd2b2d18aafc3 Mon Sep 17 00:00:00 2001 From: kanarus Date: Sat, 13 Sep 2025 23:41:25 +0900 Subject: [PATCH 2/2] fix package name --- .github/workflows/Publish.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/.github/workflows/Publish.yml b/.github/workflows/Publish.yml index a84e863..8102ca3 100644 --- a/.github/workflows/Publish.yml +++ b/.github/workflows/Publish.yml @@ -46,10 +46,7 @@ jobs: env: CARGO_REGISTRY_TOKEN: ${{ steps.cratesio_auth.outputs.token }} run: | - cargo publish --package ohkami_openapi - cargo publish --package ohkami_macros - cargo publish --package ohkami_lib - cargo publish --package ohkami + cargo publish --package rusty_mujoco - name: Create GitHub Release env: