1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
# Publish to crates.io on a version tag.
#
# Kept separate from the cargo-dist-generated release.yml (which dist owns and
# regenerates). This handles the `cargo install dotprot` channel.
#
# Requires a repository secret CARGO_REGISTRY_TOKEN (a crates.io API token).
name: Publish to crates.io
on:
push:
tags:
- "v*.*.*"
jobs:
publish:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@stable
- name: Verify tag matches Cargo.toml version
env:
# Pass the (semi-trusted) tag name via env, never inline ${{ }} in run.
TAG_NAME: ${{ github.ref_name }}
run: |
tag="${TAG_NAME#v}"
crate="$(cargo metadata --no-deps --format-version 1 \
| grep -m1 '"version":' | sed -E 's/.*"version": *"([^"]+)".*/\1/')"
if [ "$tag" != "$crate" ]; then
echo "Tag v$tag does not match Cargo.toml version $crate" >&2
exit 1
fi
- name: Publish
env:
# cargo reads the token from this env var; keeps it off the command line.
CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }}
run: cargo publish