# Publish the Rust crates to crates.io on a `v*` tag, via crates.io
# trusted publishing (OIDC) - no token is stored on GitHub, and a fork
# can't mint one (OIDC claims wouldn't match the registered publisher).
#
# One-time crates.io setup (per crate, in Settings -> Trusted Publishing):
# add GitHub owner SConsul, repo vor, workflow crates.yml, environment
# crates-io - for both `vor` and `vor-macros`.
name: crates.io
on:
push:
tags:
permissions:
contents: read
jobs:
publish:
runs-on: ubuntu-latest
environment: crates-io
permissions:
id-token: write # OIDC token minted per run; crates.io verifies it
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable # vor MSRV is 1.96
- uses: rust-lang/crates-io-auth-action@v1
id: auth
# vor depends on vor-macros, so publish that first; cargo waits for
# each upload to be queryable before the next resolves it.
- run: cargo publish -p vor-macros
env:
CARGO_REGISTRY_TOKEN: ${{ steps.auth.outputs.token }}
- run: cargo publish -p vor
env:
CARGO_REGISTRY_TOKEN: ${{ steps.auth.outputs.token }}