bump version to 0.8.0-alpha (#250) #14
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: publish event-scanner | |
| # This workflow publishes event-scanner on crates.io. | |
| permissions: | |
| contents: read | |
| on: | |
| push: | |
| tags: | |
| - v* | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} | |
| cancel-in-progress: true | |
| env: | |
| CARGO_TERM_COLOR: always | |
| jobs: | |
| check-publish: | |
| name: Publish event-scanner on crates.io | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 | |
| - name: Install rust | |
| uses: actions-rust-lang/setup-rust-toolchain@1780873c7b576612439a134613cc4cc74ce5538c # v1.15.2 | |
| - name: Verify tag matches crate version | |
| id: version-check | |
| run: | | |
| PKG_VERSION=$(cargo metadata --no-deps --format-version 1 \ | |
| | jq -r '.packages[] | select(.name=="event-scanner") | .version') | |
| TAG_VERSION="${GITHUB_REF_NAME#v}" | |
| echo "Package: ${PKG_VERSION}" | |
| echo "Tag: ${TAG_VERSION}" | |
| if [ -z "$PKG_VERSION" ]; then | |
| echo "Failed to determine package version via cargo metadata" >&2 | |
| exit 1 | |
| fi | |
| if [ "$PKG_VERSION" != "$TAG_VERSION" ]; then | |
| echo "Tag v${TAG_VERSION} does not match package version ${PKG_VERSION}" >&2 | |
| exit 1 | |
| fi | |
| - name: Check event-scanner | |
| run: cargo publish -p event-scanner --locked --dry-run | |
| # cargo automatically picks up CARGO_REGISTRY_TOKEN from environment variables | |
| - name: Publish event-scanner | |
| env: | |
| CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }} | |
| run: | | |
| if [ -z "${CARGO_REGISTRY_TOKEN:-}" ]; then | |
| echo "CARGO_REGISTRY_TOKEN is not set in repository secrets" >&2 | |
| exit 1 | |
| fi | |
| cargo publish -p event-scanner --locked |