ci: remove GitHub release job #50
Conversation
dhardy
left a comment
dhardy
left a comment
There was a problem hiding this comment.
👍
Just checked, and it's still enabled on the crates.io side, so not clear why it failed:
Failed to retrieve token from Cargo registry. Status: 400. Error: No Trusted Publishing config found for repository `rust-random/rand_core`.
A shame because for multi-crate repos with shared versions it could actually save time if it worked.
|
Could you try to re-create the environment and crates.io settings from scratch? The problem may be caused by me deleting and creating new enviroment with the same name during previous experiments, i.e. crates.io may see the "old" environment which no longer exists on the GH side. |
|
I had to do this last time we made a release... no, I think that was for getrandom. Okay, done. |
Were you intending to revert this PR? So far it seems that this type of "automation" is more trouble than it's worth. It's also not fully automated since I have to approve a GH notification for each release. |
No? The environment is relevant for the
The main advantage is that we no longer need to store long-term crates.io secrets on a local machine (I remind you that they are stored in plaintext in your home folder) which makes potential attacks more difficult.
We can configure more complex rules or remove it completely. But in the latter case anyone who is able to push tags would be able to publish crates. |
Right. Deployment succeeded this time.
I respect the aim. More work is needed to realise this since crates.io tokens do not limit their permissions to a project or crate. |
|
@dhardy |
|
Enabled for rand_core and getrandom. |
No description provided.