Add trusted publishing

This commit is contained in:
Robin Krahl
2026-03-20 15:59:51 +01:00
parent dd8d25232b
commit 4c4c00f2b2
2 changed files with 51 additions and 0 deletions
+18
View File
@@ -0,0 +1,18 @@
name: Continuous delivery - test
on:
pull_request:
# opened, reopenened, synchronize are the default types for pull_request
# labeled, unlabeled ensure this check is also run if a label is added or removed
types: [opened, reopened, synchronize, labeled, unlabeled]
jobs:
test-publish:
runs-on: ubuntu-latest
if: ${{ !contains(github.event.pull_request.labels.*.name, 'skip-publish-check') }}
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- run: cargo publish --dry-run --package ctaphid-app
if: ${{ !contains(github.event.pull_request.labels.*.name, 'skip-publish-check-ctaphid-app') }}
- run: cargo publish --dry-run --package ctaphid-dispatch
if: ${{ !contains(github.event.pull_request.labels.*.name, 'skip-publish-check-ctaphid-dispatch') }}
+33
View File
@@ -0,0 +1,33 @@
name: Continuous delivery - crates.io
on:
release:
types: [published]
jobs:
publish-ctaphid-app:
runs-on: ubuntu-latest
if: ${{ startsWith(github.event.release.tag_name, 'app-') }}
environment: crates.io
permissions:
id-token: write
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: rust-lang/crates-io-auth-action@b7e9a28eded4986ec6b1fa40eeee8f8f165559ec # v1.0.3
id: auth
- run: cargo publish --package ctaphid-app
env:
CARGO_REGISTRY_TOKEN: ${{ steps.auth.outputs.token }}
publish-ctaphid-dispatch:
runs-on: ubuntu-latest
if: ${{ startsWith(github.event.release.tag_name, 'dispatch-') }}
environment: crates.io
permissions:
id-token: write
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: rust-lang/crates-io-auth-action@b7e9a28eded4986ec6b1fa40eeee8f8f165559ec # v1.0.3
id: auth
- run: cargo publish --package ctaphid-dispatch
env:
CARGO_REGISTRY_TOKEN: ${{ steps.auth.outputs.token }}