ci: publish crates to crates.io on release published

[sdbondi]

Summary

• Adds .github/workflows/publish-crates.yml, triggered by release: published (and workflow_dispatch for manual reruns).
• Publishes the workspace crates in dependency order: tari_ootle_publish_lib first, then tari-ootle-cli.
• Authenticates with secrets.CARGO_REGISTRY_TOKEN.

Prerequisite

• Add a CARGO_REGISTRY_TOKEN repository secret with a crates.io API token scoped to publish these crates. Without it the job will fail with an auth error on first run.

Notes

• cargo publish (Cargo 1.66+) waits for the new version to be queryable on the index before exiting, so the second step can resolve the just-published lib.
• Reuses the same system deps (libdbus-1-dev, pkg-config) as the PR-check workflow so the build environment matches.

Test plan

• Once merged and the CARGO_REGISTRY_TOKEN secret is set, trigger the workflow via workflow_dispatch against a pre-release tag (or wait for the next published release) and confirm both crates appear on crates.io.

[gemini-code-assist]

Note

Gemini is unable to generate a review for this pull request due to the file types involved not being currently supported.

[Copilot]

Pull request overview

Adds an automated GitHub Actions workflow to publish the repository’s Rust workspace crates to crates.io when a GitHub Release is published (with a manual workflow_dispatch option for reruns), using a CARGO_REGISTRY_TOKEN secret for authentication.

Changes:

• Introduces .github/workflows/publish-crates.yml triggered on release: published and workflow_dispatch.
• Publishes workspace crates in dependency order (tari_ootle_publish_lib then tari-ootle-cli).
• Sets up Rust tooling, caching, and required system dependencies for the publish environment.

Comments suppressed due to low confidence (2)

.github/workflows/publish-crates.yml:35

• Consider adding --locked to the cargo publish commands so CI does not implicitly update Cargo.lock (which can cause publish failures due to a dirty working tree) and to ensure the published crate is built against the exact dependency set committed in the lockfile.

      - name: Publish tari_ootle_publish_lib
        run: cargo publish -p tari_ootle_publish_lib
        env:
          CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }}

      - name: Publish tari-ootle-cli
        run: cargo publish -p tari-ootle-cli
        env:

.github/workflows/publish-crates.yml:36

• CARGO_REGISTRY_TOKEN is repeated in both publish steps. To reduce duplication and avoid accidentally publishing without the token in future edits, consider setting this env var once at the job (or workflow) level and letting both steps inherit it.

      - name: Publish tari_ootle_publish_lib
        run: cargo publish -p tari_ootle_publish_lib
        env:
          CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }}

      - name: Publish tari-ootle-cli
        run: cargo publish -p tari-ootle-cli
        env:
          CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }}

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.