From e0371fd5628d49ce062e1ac41eb26d062a115372 Mon Sep 17 00:00:00 2001 From: James Sturtevant Date: Mon, 2 Feb 2026 15:54:26 -0800 Subject: [PATCH 1/2] Split workflows Signed-off-by: James Sturtevant --- .github/workflows/build_and_test.yaml | 47 --------------------------- .github/workflows/ci.yaml | 26 +++++++++++++++ .github/workflows/release.yaml | 29 +++++++++++++++++ 3 files changed, 55 insertions(+), 47 deletions(-) delete mode 100644 .github/workflows/build_and_test.yaml create mode 100644 .github/workflows/ci.yaml create mode 100644 .github/workflows/release.yaml diff --git a/.github/workflows/build_and_test.yaml b/.github/workflows/build_and_test.yaml deleted file mode 100644 index f9d8694..0000000 --- a/.github/workflows/build_and_test.yaml +++ /dev/null @@ -1,47 +0,0 @@ -name: Build - -on: - push: - branches: [ "main" ] - tags: - - 'v*' - pull_request: - branches: [ "main" ] - -env: - CARGO_TERM_COLOR: always - -jobs: - build: - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v4 - - name: Install latest Rust stable toolchain - uses: dtolnay/rust-toolchain@stable - with: - toolchain: stable - - name: Build - run: cargo build --verbose - - name: Run tests - run: cargo test --tests - - release: - name: Publish crate - runs-on: ubuntu-latest - if: startsWith(github.ref, 'refs/tags/v') - needs: build - steps: - - uses: actions/checkout@v4 - - name: Install latest Rust stable toolchain - uses: dtolnay/rust-toolchain@stable - with: - toolchain: stable - - - name: Cargo login - run: cargo login ${{ secrets.CRATES_TOKEN }} - shell: bash - - - name: Cargo publish - run: cargo publish - shell: bash diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml new file mode 100644 index 0000000..93fbd8c --- /dev/null +++ b/.github/workflows/ci.yaml @@ -0,0 +1,26 @@ +name: CI + +on: + push: + branches: [ "main" ] + pull_request: + branches: [ "main" ] + workflow_call: + +env: + CARGO_TERM_COLOR: always + +jobs: + build: + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + - name: Install latest Rust stable toolchain + uses: dtolnay/rust-toolchain@stable + with: + toolchain: stable + - name: Build + run: cargo build --verbose + - name: Run tests + run: cargo test --tests diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml new file mode 100644 index 0000000..ae6fa5d --- /dev/null +++ b/.github/workflows/release.yaml @@ -0,0 +1,29 @@ +name: Release + +on: + push: + tags: + - 'v*' + +jobs: + ci: + uses: ./.github/workflows/ci.yaml + + release: + name: Publish crate + runs-on: ubuntu-latest + needs: ci + steps: + - uses: actions/checkout@v4 + - name: Install latest Rust stable toolchain + uses: dtolnay/rust-toolchain@stable + with: + toolchain: stable + + - name: Cargo login + run: cargo login ${{ secrets.CRATES_TOKEN }} + shell: bash + + - name: Cargo publish + run: cargo publish + shell: bash From edadf9c3479d5d296b1462d1686369ff6f85909e Mon Sep 17 00:00:00 2001 From: James Sturtevant Date: Mon, 2 Feb 2026 15:59:24 -0800 Subject: [PATCH 2/2] Add trusted publish Signed-off-by: James Sturtevant --- .github/workflows/release.yaml | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index ae6fa5d..dd95acb 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -13,6 +13,9 @@ jobs: name: Publish crate runs-on: ubuntu-latest needs: ci + permissions: + id-token: write + contents: read steps: - uses: actions/checkout@v4 - name: Install latest Rust stable toolchain @@ -20,10 +23,12 @@ jobs: with: toolchain: stable - - name: Cargo login - run: cargo login ${{ secrets.CRATES_TOKEN }} - shell: bash + - name: Authenticate with crates.io + uses: rust-lang/crates-io-auth-action@v1 + id: crates-io-auth - name: Cargo publish run: cargo publish shell: bash + env: + CARGO_REGISTRY_TOKEN: ${{ steps.crates-io-auth.outputs.token }}