diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 354e3a7..b3fd296 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -19,16 +19,16 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up Rust toolchain - uses: actions-rust-lang/setup-rust-toolchain@v1 + uses: actions-rust-lang/setup-rust-toolchain@2b1f5e9b395427c92ee4e3331786ca3c37afe2d7 # v1.16.0 with: components: clippy, rustfmt target: wasm32-unknown-unknown - name: Install Cargo Binary Install - uses: cargo-bins/cargo-binstall@main + uses: cargo-bins/cargo-binstall@dc19f1e48450eefe5a29b8da6c6b00a87d730b37 # v1.18.1 - name: Install crates run: cargo binstall -y --force cargo-deny cargo-machete cargo-sort @@ -54,10 +54,10 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up Rust toolchain - uses: actions-rust-lang/setup-rust-toolchain@v1 + uses: actions-rust-lang/setup-rust-toolchain@2b1f5e9b395427c92ee4e3331786ca3c37afe2d7 # v1.16.0 with: components: clippy, rustfmt target: wasm32-unknown-unknown diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml new file mode 100644 index 0000000..842a76b --- /dev/null +++ b/.github/workflows/publish.yml @@ -0,0 +1,37 @@ +name: Publish + +on: + release: + types: [published] + +jobs: + publish: + name: Publish + runs-on: ubuntu-latest + + permissions: + contents: read + id-token: write + + steps: + - name: Checkout + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + + - name: Set up Rust toolchain + uses: actions-rust-lang/setup-rust-toolchain@2b1f5e9b395427c92ee4e3331786ca3c37afe2d7 # v1.16.0 + with: + target: wasm32-unknown-unknown + + - name: Install Cargo Binary Install + uses: cargo-bins/cargo-binstall@dc19f1e48450eefe5a29b8da6c6b00a87d730b37 # v1.18.1 + + - name: Install crates + run: cargo binstall --force -y cargo-workspaces + + - uses: rust-lang/crates-io-auth-action@bbd81622f20ce9e2dd9622e3218b975523e45bbe # v1.0.4 + id: auth + + - name: Publish + run: cargo workspaces publish --publish-as-is + env: + CARGO_REGISTRY_TOKEN: ${{ steps.auth.outputs.token }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 93ac644..5dd8fe5 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -23,21 +23,21 @@ jobs: steps: - name: Generate GitHub App token id: app-token - uses: getsentry/action-github-app-token@v3 + uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1 with: - app_id: ${{ secrets.APP_ID }} - private_key: ${{ secrets.APP_PRIVATE_KEY }} + client-id: ${{ secrets.APP_ID }} + private-key: ${{ secrets.APP_PRIVATE_KEY }} - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up Rust toolchain - uses: actions-rust-lang/setup-rust-toolchain@v1 + uses: actions-rust-lang/setup-rust-toolchain@2b1f5e9b395427c92ee4e3331786ca3c37afe2d7 # v1.16.0 with: target: wasm32-unknown-unknown - name: Install Cargo Binary Install - uses: cargo-bins/cargo-binstall@main + uses: cargo-bins/cargo-binstall@dc19f1e48450eefe5a29b8da6c6b00a87d730b37 # v1.18.1 - name: Install crates run: cargo binstall --force -y cargo-workspaces toml-cli @@ -52,29 +52,34 @@ jobs: - name: Add changes run: git add . - - name: Reset and pull - run: git reset --hard && git pull - - name: Commit - uses: dsanders11/github-app-commit-action@v2 + id: commit + uses: dsanders11/github-app-commit-action@2bbcd331016d8c950b05a24b56e7eb9cb50d545e # v2.1.0 with: message: ${{ steps.extract-version.outputs.VERSION }} token: ${{ steps.app-token.outputs.token }} + - name: Reset and pull + run: git reset --hard && git pull + - name: Tag - uses: bruno-fs/repo-tagger@1.0.0 - with: - tag: ${{ steps.extract-version.outputs.VERSION }} + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 env: - GITHUB_TOKEN: ${{ steps.app-token.outputs.token }} + GIT_TAG: ${{ steps.extract-version.outputs.VERSION }} + GIT_SHA: ${{ steps.commit.outputs.sha }} + with: + script: | + github.rest.git.createRef({ + owner: context.repo.owner, + repo: context.repo.repo, + ref: `refs/tags/${process.env.GIT_TAG}`, + sha: process.env.GIT_SHA + }) - name: Release - uses: softprops/action-gh-release@v3 + uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v3.0.0 with: generate_release_notes: true make_latest: true tag_name: ${{ steps.extract-version.outputs.VERSION }} token: ${{ steps.app-token.outputs.token }} - - - name: Publish - run: cargo workspaces publish --publish-as-is --token "${{ secrets.CRATES_IO_TOKEN }}"