sealable 0.0.1

Pluggable password-to-sealed-string encryption for secrets
Documentation
name: Publish to crates.io

on:
  push:
    tags:
      - 'v*.*.*'
  workflow_dispatch:

env:
  CARGO_TERM_COLOR: always
  CARGO_REGISTRY_TOKEN: ${{ secrets.CRATES_IO_TOKEN }}

jobs:
  test:
    name: Test
    runs-on: ubuntu-latest
    strategy:
      matrix:
        toolchain: [stable]
    steps:
      - uses: actions/checkout@v4
      
      - name: Install Rust toolchain
        uses: dtolnay/rust-toolchain@master
        with:
          toolchain: ${{ matrix.toolchain }}
      
      - name: Run tests
        run: cargo test --all-features

  publish:
    name: Publish
    needs: test
    if: startsWith(github.ref, 'refs/tags/v')
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      
      - name: Install Rust toolchain
        uses: dtolnay/rust-toolchain@master
        with:
          toolchain: stable
      
      - name: Verify version matches tag
        run: |
          TAG_VERSION=${GITHUB_REF#refs/tags/v}
          CARGO_VERSION=$(sed -n '/^\[package\]/,/^\[/p' Cargo.toml | grep '^version' | head -1 | cut -d'"' -f2)
          echo "Tag: $TAG_VERSION"
          echo "Cargo.toml (package): $CARGO_VERSION"
          if [ "$TAG_VERSION" != "$CARGO_VERSION" ]; then
            echo "ERROR: Version mismatch!"
            exit 1
          fi
          echo "✓ Versions match: $TAG_VERSION"
      
      - name: Publish to crates.io
        run: cargo publish --allow-dirty