1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
name: Auto Release
# Releasing is now automated by design: a release is whatever lands on `main`
# with a bumped `Cargo.toml` version. The old manual "push the vX.Y.Z tag after
# merging" step is gone — this workflow performs it.
#
# Flow on every push to `main` that touches `Cargo.toml`:
# 1. detect — read the package version; release only if no `v<version>` tag
# exists yet (idempotent: dependency-only edits don't release).
# 2. tag — create and push `v<version>`.
# 3. publish — call publish.yml (crates.io) directly via `workflow_call`.
# 4. release — call release.yml (GitHub Release) directly via `workflow_call`.
#
# Why call publish/release directly instead of letting the tag push trigger
# their `on: push: tags` listeners: a tag pushed with the default GITHUB_TOKEN
# does NOT trigger other workflows (GitHub's loop-guard), so we invoke them
# here. Manual `v*` tag pushes (by a human) still trigger those workflows as an
# escape hatch.
on:
push:
branches:
paths:
- 'Cargo.toml'
permissions:
contents: write
concurrency:
group: auto-release
cancel-in-progress: false
jobs:
detect:
name: Detect version bump
runs-on: ubuntu-latest
outputs:
release: ${{ steps.v.outputs.release }}
tag: ${{ steps.v.outputs.tag }}
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
fetch-depth: 0 # need all tags to check existence
- id: v
run: |
VERSION=$(grep '^version' Cargo.toml | head -1 | sed 's/version = "\(.*\)"/\1/')
TAG="v$VERSION"
echo "tag=$TAG" >> "$GITHUB_OUTPUT"
if git rev-parse -q --verify "refs/tags/$TAG" >/dev/null; then
echo "Tag $TAG already exists — nothing to release."
echo "release=false" >> "$GITHUB_OUTPUT"
else
echo "New version $VERSION — will tag and release."
echo "release=true" >> "$GITHUB_OUTPUT"
fi
tag:
name: Push tag
needs: detect
if: needs.detect.outputs.release == 'true'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- name: Create and push tag
run: |
git config user.name "github-actions[bot]"
git config user.email "github-actions[bot]@users.noreply.github.com"
git tag "${{ needs.detect.outputs.tag }}"
git push origin "${{ needs.detect.outputs.tag }}"
publish:
needs:
if: needs.detect.outputs.release == 'true'
uses: ./.github/workflows/publish.yml
with:
tag: ${{ needs.detect.outputs.tag }}
secrets: inherit
release:
needs:
if: needs.detect.outputs.release == 'true'
uses: ./.github/workflows/release.yml
with:
tag: ${{ needs.detect.outputs.tag }}