Skip to content

ci: cargo release pin version #51

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 29, 2025
Merged

ci: cargo release pin version #51

merged 1 commit into from
Apr 29, 2025

Conversation

@buffalojoec
Copy link
Contributor

@buffalojoec buffalojoec commented Apr 28, 2025
edited
Loading

Patching this for now:

error: cannot install package `cargo-release 0.25.18`, it requires rustc 1.85 or newer, while the currently active rustc version is 1.84.0-nightly
`cargo-release 0.25.17` supports rustc 1.82

@buffalojoec buffalojoec requested a review from joncinque April 28, 2025 16:31
joncinque
joncinque reviewed Apr 28, 2025
View reviewed changes
Copy link
Contributor

@joncinque joncinque left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Up to you, but it would probably be easier to just use https://github.com/taiki-e/cache-cargo-install-action to install cargo-release -- what do you think?

@buffalojoec
Copy link
Contributor Author

buffalojoec commented Apr 28, 2025

Up to you, but it would probably be easier to just use https://github.com/taiki-e/cache-cargo-install-action to install cargo-release -- what do you think?

Has anyone audited that plugin yet? (I also could). It doesn't appear very widely-adopted yet. 15 stars.

@joncinque
Copy link
Contributor

joncinque commented Apr 28, 2025

If you want more stars, you can use https://github.com/taiki-e/install-action instead 😅

@buffalojoec
Copy link
Contributor Author

buffalojoec commented Apr 29, 2025

If you want more stars, you can use https://github.com/taiki-e/install-action instead 😅

It's not that I specifically want more stars, I am just generally apprehensive about introducing third-party actions that can access publishing secrets without good reason. Even adding cargo-publish should be done with caution, but it was already here.

Is there some major drawback to just pinning the installation version for now?

joncinque
joncinque approved these changes Apr 29, 2025
View reviewed changes
Copy link
Contributor

@joncinque joncinque left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am just generally apprehensive about introducing third-party actions that can access publishing secrets without good reason

Note that the action doesn't have access to publishing secrets, that's only added to the steps that need it.

Is there some major drawback to just pinning the installation version for now?

No big drawbacks, it's just easier (we don't have to remember to bump the version in the future) and faster (downloading a binary vs compiling it).

But again, it's not a big deal, and it's totally up to you

@buffalojoec buffalojoec merged commit a3bd8fa into main Apr 29, 2025
10 checks passed
@buffalojoec buffalojoec deleted the cargo-release-pin branch April 29, 2025 10:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@joncinque joncinque joncinque approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@buffalojoec @joncinque