Merge pull request #48 from SaschaOnTour/fix/ci-hardening #11

Workflow file for this run

.github/workflows/release.yml at 17da4df

	name: Release

	on:
	push:
	branches: [main]

	permissions:
	contents: read

	env:
	CARGO_TERM_COLOR: always

	jobs:
	version-check:
	name: Check version change
	runs-on: ubuntu-latest
	outputs:
	changed: ${{ steps.check.outputs.changed }}
	version: ${{ steps.check.outputs.version }}
	steps:
	- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4

	- name: Detect version change
	id: check
	run: \|
	CRATE_NAME=$(cargo metadata --no-deps --format-version 1 \| jq -r '.packages[0].name')
	CURRENT=$(cargo metadata --no-deps --format-version 1 \| jq -r '.packages[0].version')
	echo "version=$CURRENT" >> "$GITHUB_OUTPUT"
	# Compare against crates.io instead of git history
	PUBLISHED=$(curl -s -H "User-Agent: turboquant-ci (github.com/SaschaOnTour/turboquant)" "https://crates.io/api/v1/crates/$CRATE_NAME" \| jq -r '.crate.max_version // "0.0.0"')
	if [ "$PUBLISHED" = "null" ] \|\| [ "$PUBLISHED" = "0.0.0" ] \|\| [ "$CURRENT" != "$PUBLISHED" ]; then
	echo "changed=true" >> "$GITHUB_OUTPUT"
	echo "Local $CURRENT vs crates.io $PUBLISHED — publishing"
	else
	echo "changed=false" >> "$GITHUB_OUTPUT"
	echo "Version $CURRENT already on crates.io, skipping"
	fi

	publish:
	name: Publish to crates.io
	needs: version-check
	if: needs.version-check.outputs.changed == 'true'
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
	- uses: dtolnay/rust-toolchain@3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9 # stable
	with:
	toolchain: stable
	components: rustfmt, clippy
	- uses: Swatinem/rust-cache@23869a5bd66c73db3c0ac40331f3206eb23791dc # v2.9.1

	- name: Format check
	run: cargo fmt --check

	- name: Clippy
	run: cargo clippy --all-targets
	env:
	RUSTFLAGS: "-Dwarnings"

	- name: Test
	run: cargo test

	- name: Security audit
	run: cargo install cargo-audit --locked && cargo audit

	- name: Install rustqual
	run: cargo install rustqual

	- name: Quality analysis
	run: rustqual src/ --fail-on-warnings

	- name: Publish
	run: cargo publish
	env:
	CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }}

	tag-and-release:
	name: Tag & GitHub Release
	needs: [version-check, publish]
	if: needs.version-check.outputs.changed == 'true'
	runs-on: ubuntu-latest
	permissions:
	contents: write
	steps:
	- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4

	- name: Create git tag
	run: \|
	TAG="v${{ needs.version-check.outputs.version }}"
	git tag "$TAG"
	git push origin "$TAG"

	- name: GitHub Release
	uses: softprops/action-gh-release@153bb8e04406b158c6c84fc1615b65b24149a1fe # v2
	with:
	tag_name: v${{ needs.version-check.outputs.version }}
	generate_release_notes: true

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Merge pull request #48 from SaschaOnTour/fix/ci-hardening #11

Workflow file

Merge pull request #48 from SaschaOnTour/fix/ci-hardening #11

Uh oh!

Workflow file for this run