Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Automated releases #66

Open
gabibguti opened this issue Sep 27, 2023 · 0 comments
Open

Automated releases #66

gabibguti opened this issue Sep 27, 2023 · 0 comments

Comments

@gabibguti
Copy link

Automated releases can help keep your releases consistent, transparent for users and, save maintainance time. It also improves the security of the release by using a "trusted builder". A "trusted builder" provides a higher level of confidence, for example, that cargo command was not modified.

To do that, we could use GitHub workflows. We would need to store the crates.io API token in GitHub secrets, then create a workflow to publish cfg-if to crates.io. Here's a quick draft:

on:
  push:
    tags:
      - '*'
...
  - name: Checkout code
    uses: actions/checkout
  - name: Install rust toolchain
    uses: actions-rs/toolchain
  - name: Publish
    run: cargo publish --token ${CRATES_TOKEN}
Additional context

About me, I'm Gabriela and I work on behalf of Google and the OpenSSF suggesting supply-chain security changes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@gabibguti