cap_access 0.3.0

Provide basic capability-based access control to objects
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144

name: Release

on:
  push:
    tags:
      - 'v*.*.*'
      - 'v*.*.*-pre.*'

permissions:
  contents: write

jobs:
  check:
    uses: ./.github/workflows/check.yml

  test:
    uses: ./.github/workflows/test.yml

  create-release:
    name: Create GitHub Release
    runs-on: ubuntu-latest
    needs: [check, test]

    steps:
      - name: Checkout code
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Validate tag is on main branch
        shell: bash
        run: |
          set -e

          TAG="${{ github.ref_name }}"
          TAG_COMMIT=$(git rev-list -n 1 "$TAG")

          git fetch origin main

          MAIN_HEAD=$(git rev-parse origin/main)

          echo "Tag:        $TAG"
          echo "Tag commit: $TAG_COMMIT"
          echo "main HEAD:  $MAIN_HEAD"

          if [ "$TAG_COMMIT" != "$MAIN_HEAD" ]; then
            echo "❌ release tag must be created from main HEAD"
            exit 1
          fi
          echo "✅ release tag validated on main"

      - name: Validate version consistency
        shell: bash
        run: |
          set -e

          TAG="${{ github.ref_name }}"
          # Remove 'v' prefix from tag
          TAG_VERSION="${TAG#v}"

          # Get version from Cargo.toml
          CARGO_VERSION=$(grep '^version' Cargo.toml | head -1 | sed 's/.*"\(.*\)".*/\1/')

          echo "Tag version:   $TAG_VERSION"
          echo "Cargo version: $CARGO_VERSION"

          if [ "$TAG_VERSION" != "$CARGO_VERSION" ]; then
            echo "❌ Tag version ($TAG_VERSION) does not match Cargo.toml version ($CARGO_VERSION)"
            exit 1
          fi
          echo "✅ Version consistency validated"

      - name: Create GitHub Release
        uses: softprops/action-gh-release@v2
        with:
          draft: false
          prerelease: ${{ contains(github.ref_name, '-pre.') }}
          body: |
            ## ${{ github.ref_name }}

            - [Documentation](https://docs.rs/cap_access)
            - [crates.io](https://crates.io/crates/cap_access)
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

  publish-crates:
    name: Publish to crates.io
    runs-on: ubuntu-latest
    needs: [check, test]

    steps:
      - name: Checkout code
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Validate tag is on main branch
        shell: bash
        run: |
          set -e

          TAG="${{ github.ref_name }}"
          TAG_COMMIT=$(git rev-list -n 1 "$TAG")

          git fetch origin main

          MAIN_HEAD=$(git rev-parse origin/main)

          echo "Tag:        $TAG"
          echo "Tag commit: $TAG_COMMIT"
          echo "main HEAD:  $MAIN_HEAD"

          if [ "$TAG_COMMIT" != "$MAIN_HEAD" ]; then
            echo "❌ release tag must be created from main HEAD"
            exit 1
          fi
          echo "✅ release tag validated on main"

      - name: Validate version consistency
        shell: bash
        run: |
          set -e

          TAG="${{ github.ref_name }}"
          # Remove 'v' prefix from tag
          TAG_VERSION="${TAG#v}"

          # Get version from Cargo.toml
          CARGO_VERSION=$(grep '^version' Cargo.toml | head -1 | sed 's/.*"\(.*\)".*/\1/')

          echo "Tag version:   $TAG_VERSION"
          echo "Cargo version: $CARGO_VERSION"

          if [ "$TAG_VERSION" != "$CARGO_VERSION" ]; then
            echo "❌ Tag version ($TAG_VERSION) does not match Cargo.toml version ($CARGO_VERSION)"
            exit 1
          fi
          echo "✅ Version consistency validated"

      - name: Install Rust toolchain
        uses: dtolnay/rust-toolchain@nightly

      - name: Publish to crates.io
        run: cargo publish --token ${{ secrets.CARGO_REGISTRY_TOKEN }}