Release #18
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| dry-run: | |
| type: boolean | |
| default: true | |
| permissions: {} | |
| # zizmor: ignore[concurrency-limits] caller workflow is responsible for the concurrency | |
| jobs: | |
| verify-triggering-actor: | |
| name: release/verify-triggering-actor | |
| if: startsWith(github.ref, 'refs/tags/') | |
| uses: ./.github/workflows/verify_triggering_actor.yml | |
| secrets: | |
| ALLOWED_TEAM: ${{ secrets.ALLOWED_TEAM }} | |
| READ_ORG_TOKEN: ${{ secrets.READ_ORG_TOKEN }} | |
| publish_release: | |
| name: release/publish-release | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write # Needed for OIDC token exchange on crates.io | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| fetch-depth: 0 | |
| persist-credentials: 'false' | |
| token: ${{ secrets.REPO_CHECKOUT_TOKEN }} | |
| - name: Authenticate on registry | |
| uses: rust-lang/crates-io-auth-action@b7e9a28eded4986ec6b1fa40eeee8f8f165559ec # v1.0.3 | |
| id: auth | |
| - name: Publish crate.io package | |
| env: | |
| CARGO_REGISTRY_TOKEN: ${{ steps.auth.outputs.token }} | |
| DRY_RUN: ${{ inputs.dry-run && '--dry-run' || '' }} | |
| run: | | |
| # DRY_RUN expansion cannot be double quoted when variable contains empty string otherwise cargo publish | |
| # would fail. This is safe since DRY_RUN is handled in the env section above. | |
| # shellcheck disable=SC2086 | |
| cargo publish --workspace ${DRY_RUN} |