via-cli 0.2.0

Run commands and API requests with 1Password-backed credentials without exposing secrets to your shell
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103

name: Publish Crate

on:
  workflow_dispatch:
    inputs:
      tag:
        description: "v* tag to publish to crates.io"
        required: true
        type: string

permissions:
  contents: read

env:
  CARGO_TERM_COLOR: always

jobs:
  publish:
    name: Publish to crates.io
    runs-on: ubuntu-24.04
    environment: crates-io

    steps:
      - name: Validate requested tag
        if: ${{ github.event_name == 'workflow_dispatch' }}
        env:
          RELEASE_TAG: ${{ inputs.tag }}
        run: |
          case "$RELEASE_TAG" in
            v*) ;;
            *)
              echo "::error::tag must start with v"
              exit 1
              ;;
          esac

      - name: Checkout tag
        if: ${{ github.event_name == 'push' }}
        uses: actions/checkout@v4
        with:
          ref: ${{ github.ref }}

      - name: Checkout requested tag
        if: ${{ github.event_name == 'workflow_dispatch' }}
        uses: actions/checkout@v4
        with:
          ref: ${{ inputs.tag }}

      - name: Install Rust
        run: |
          rustup toolchain install stable --profile minimal
          rustup default stable

      - name: Validate crate version matches tag
        shell: bash
        env:
          RELEASE_TAG: ${{ github.event_name == 'workflow_dispatch' && inputs.tag || github.ref_name }}
        run: |
          case "$RELEASE_TAG" in
            v*) ;;
            *)
              echo "::error::tag must start with v"
              exit 1
              ;;
          esac

          CRATE_VERSION="${RELEASE_TAG#v}"
          case "$CRATE_VERSION" in
            ''|*[!0-9A-Za-z.+-]*)
              echo "::error::tag version may only contain ASCII letters, digits, '.', '+', or '-'"
              exit 1
              ;;
            [0-9]*) ;;
            *)
              echo "::error::tag version must start with a digit"
              exit 1
              ;;
          esac

          MANIFEST_VERSION="$(cargo pkgid --locked -p via-cli)"
          MANIFEST_VERSION="${MANIFEST_VERSION##*@}"
          if [ "$MANIFEST_VERSION" != "$CRATE_VERSION" ]; then
            echo "::error::tag $RELEASE_TAG requires via-cli $CRATE_VERSION, but Cargo.toml/Cargo.lock resolve to $MANIFEST_VERSION"
            echo "::error::Run the Prepare Release workflow, merge its version-bump PR, then tag the merge commit."
            exit 1
          fi

      - name: Test
        run: cargo test --locked

      - name: Dry-run package publish
        run: cargo publish --locked --dry-run

      - name: Publish
        env:
          CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }}
        run: |
          if [ -z "$CARGO_REGISTRY_TOKEN" ]; then
            echo "::error::Missing CARGO_REGISTRY_TOKEN repository secret"
            exit 1
          fi

          cargo publish --locked