1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
name: Release
# Publishing is GATED behind manual trigger to honor the explicit
# stop-before-publish boundary. Tag pushes do NOT auto-publish.
#
# To release a new version:
# 1. Tag a commit on `main` (e.g. `git tag -a v0.2.0 -m "..."`)
# 2. Push the tag (`git push origin v0.2.0`)
# 3. Trigger this workflow manually from the Actions tab, picking the
# tag as the ref.
# 4. Confirm the dry-run output before authorising the actual publish.
#
# `secrets.CARGO_REGISTRY_TOKEN` must be configured in repo settings
# before this workflow can publish.
on:
workflow_dispatch:
inputs:
dry_run:
description: "Run cargo publish --dry-run only (no actual publish)"
type: boolean
default: true
jobs:
publish:
name: Publish to crates.io
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- run: sudo apt-get update && sudo apt-get install -y perl
- uses: dtolnay/rust-toolchain@stable
- uses: Swatinem/rust-cache@v2
- name: Verify build before publish
run: cargo build --release --locked
- name: Verify tests pass before publish
run: cargo test --locked
- name: Publish anvil-ssh (dry-run)
if: ${{ inputs.dry_run }}
run: cargo publish --dry-run --locked
- name: Publish anvil-ssh (real)
if: ${{ !inputs.dry_run }}
env:
CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }}
run: cargo publish --locked