Skip to content

ci: add publish step to the release workflow #8

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Oct 31, 2025
Merged

ci: add publish step to the release workflow #8

merged 3 commits into from
Oct 31, 2025

Conversation

@newpavlov
Copy link
Member

@newpavlov newpavlov commented Oct 31, 2025

Bumps the crate version to v0.10.0-rc-2 for testing purposes.

@newpavlov newpavlov requested a review from dhardy October 31, 2025 15:48
@newpavlov
Copy link
Member Author

newpavlov commented Oct 31, 2025

It would be nice to also check that the tag corresponds to the version in Cargo.toml, but I am not sure how to do it and it's possible to add it later.

@dhardy
Copy link
Member

dhardy commented Oct 31, 2025
edited
Loading

Do we want this workflow? I.e.:

# <merge PR>
jj git fetch
jj new master
git tag v$VERSION
git push --tags

As opposed to

# <merge PR>
jj git fetch
jj new master
cargo publish
git tag $PUBLISHED_VERSION
git push --tags

Since $PUBLISHED_VERSION is just copy+paste the latter seems easier, but it may just be me.

Further, this permits publishing from GH actions. But that may not be much different from what we already had (GitHub already controls who has permissions to publish to crates.io).

@dhardy
Copy link
Member

dhardy commented Oct 31, 2025

Since we have a v in the tag name we need to modify RELEASEVERSION. See https://github.com/rust-random/getrandom/pull/740/files#diff-87db21a973eed4fef5f32b267aa60fcee5cbdf03c67fafdc2a9b553bb0b15f34R25

@newpavlov
Copy link
Member Author

newpavlov commented Oct 31, 2025

Do we want this workflow?

The idea is that it allows to remove crates.io credentials from your local machine where they can be vulnerable to malicious actors (which is especially bad considering that cargo stores them in plaintext...). You also could configure the environment rules for better protection of releases.

As you correctly noticed, GH already fully controls our access to crates.io, so security-wise trusted publishing is not worse than publishing manually.

@newpavlov newpavlov merged commit baf73ee into master Oct 31, 2025
13 checks passed
@newpavlov newpavlov deleted the ci/publish branch October 31, 2025 16:07
@newpavlov
Copy link
Member Author

newpavlov commented Oct 31, 2025

Damn, we get the following error:

(Line: 24, Col: 12): Unexpected symbol: '('. Located at position 22 within expression: github.ref_name.slice(1)

@dhardy
Copy link
Member

dhardy commented Oct 31, 2025

Looks like we can't run JavaScript expressions during variable expansion.

An alternative would be to remove the v using shell commands; I just didn't find a good way to do that. cut would work... I'm no bash guru.

@newpavlov
Copy link
Member Author

newpavlov commented Oct 31, 2025

Also, are you sure that the awk part works correctly? Running:

awk -v ver="0.9.2" '/^## / { if (p) { exit }; if ($2 == ver) { p=1; next } } p && NF' CHANGELOG.md

Outputs nothing for me.

@dhardy
Copy link
Member

dhardy commented Oct 31, 2025

Try ver="[0.9.2]".

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dhardy dhardy dhardy approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@newpavlov @dhardy