name: publish
on:
push:
tags:
- 'v*'
workflow_dispatch:
permissions:
id-token: write
contents: read
jobs:
publish:
runs-on: ubuntu-latest
# NOTE: consider adding `environment: crates-io` once a matching GitHub
# environment is created and the crates.io trusted publisher is scoped to
# it. That adds another approval gate before cargo publish runs.
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
- uses: Swatinem/rust-cache@v2
- uses: rust-lang/crates-io-auth-action@v1
id: auth
- run: cargo publish
env:
CARGO_REGISTRY_TOKEN: ${{ steps.auth.outputs.token }}