You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Automated releases can help keep your releases consistent, transparent for users and, save maintainance time. It also improves the security of the release by using a "trusted builder". A "trusted builder" provides a higher level of confidence, for example, that cargo command was not modified.
To do that, we could use GitHub workflows. We would need to store the crates.io API token in GitHub secrets, then create a workflow to publish cfg-if to crates.io. Here's a quick draft:
Automated releases can help keep your releases consistent, transparent for users and, save maintainance time. It also improves the security of the release by using a "trusted builder". A "trusted builder" provides a higher level of confidence, for example, that
cargo
command was not modified.To do that, we could use GitHub workflows. We would need to store the
crates.io
API token in GitHub secrets, then create a workflow to publishcfg-if
tocrates.io
. Here's a quick draft:Additional context
About me, I'm Gabriela and I work on behalf of Google and the OpenSSF suggesting supply-chain security changes.
The text was updated successfully, but these errors were encountered: