Skip to content

Commit 6a225cc

Browse files
aborgna-qaborgna-q
authored
ci: Setup trusted Crates.io publishing (#986)
Includes the changes from CQCL/hugr#2472 to avoid release-plz closing release PRs due to dataraces.
1 parent e12c9b2 commit 6a225cc

File tree

1 file changed

+45
-3
lines changed

1 file changed

+45
-3
lines changed

.github/workflows/release-plz.yml

Lines changed: 45 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -7,9 +7,45 @@ on:
77
- main
88

99
jobs:
10+
release-plz-pr:
11+
name: Create release-plz PR
12+
runs-on: ubuntu-latest
13+
14+
# Ensure only one release-plz tries to create a PR at a time.
15+
#
16+
# If two instances update the PR simultaneously, one will see an outdated git ref
17+
# and end up recreating the PR unnecessarily.
18+
concurrency:
19+
group: ${{ github.workflow }}-${{ github.ref }}-pr
20+
cancel-in-progress: true
21+
22+
steps:
23+
- name: Checkout repository
24+
uses: actions/checkout@v4
25+
with:
26+
fetch-depth: 0
27+
token: ${{ secrets.HUGRBOT_PAT }}
28+
- name: Install Rust toolchain
29+
uses: dtolnay/rust-toolchain@stable
30+
31+
- name: Create release PR
32+
uses: MarcoIeni/release-plz-action@v0.5
33+
env:
34+
GITHUB_TOKEN: ${{ secrets.HUGRBOT_PAT }}
35+
with:
36+
command: release-pr
37+
38+
# This job triggers the release to crates.io if the current crate version is higher than the
39+
# ones in the registry.
40+
#
41+
# Release-plz will only run on commits originating from a PR whose source branch started with
42+
# `release-plz-` (see `release-always=false` in the config).
1043
release-plz:
11-
name: Release-plz
44+
name: Release the crates
1245
runs-on: ubuntu-latest
46+
environment: crate-release
47+
permissions:
48+
id-token: write # Required for OIDC token exchange
1349
steps:
1450
- name: Checkout repository
1551
uses: actions/checkout@v4
@@ -18,8 +54,14 @@ jobs:
1854
token: ${{ secrets.HUGRBOT_PAT }}
1955
- name: Install Rust toolchain
2056
uses: dtolnay/rust-toolchain@stable
57+
58+
- uses: rust-lang/crates-io-auth-action@v1
59+
id: auth
60+
2161
- name: Run release-plz
2262
uses: MarcoIeni/release-plz-action@v0.5
2363
env:
24-
GITHUB_TOKEN: ${{ secrets.HUGRBOT_PAT }}
25-
CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }}
64+
GITHUB_TOKEN: ${{ secrets.HUGRBOT_PAT }}
65+
CARGO_REGISTRY_TOKEN: ${{ steps.auth.outputs.token }}
66+
with:
67+
command: release

0 commit comments

Comments
 (0)