@@ -15,10 +15,12 @@ jobs:
1515 release-plz-release :
1616 name : Release-plz release
1717 runs-on : ubuntu-latest
18+ permissions :
19+ id-token : write
1820 if : ${{ github.event.workflow_run.conclusion == 'success' }}
1921 env :
20- clang : ' 17 '
21- php_version : ' 8.2'
22+ clang : " 17 "
23+ php_version : " 8.2"
2224 steps :
2325 - name : Checkout repository
2426 uses : actions/checkout@v5
@@ -50,17 +52,22 @@ jobs:
5052 echo "LIBCLANG_PATH=${{ runner.temp }}/llvm-${{ env.clang }}/lib" >> $GITHUB_ENV
5153 echo "LLVM_VERSION=${{ steps.clang.outputs.version }}" >> $GITHUB_ENV
5254 echo "LLVM_CONFIG_PATH=${{ runner.temp }}/llvm-${{ env.clang }}/bin/llvm-config" >> $GITHUB_ENV
55+ name : Authenticate to crates.io
56+ uses : rust-lang/crates-io-auth-action@v1
57+ id : auth
5358 - name : Run release-plz
5459 uses :
release-plz/[email protected] 5560 with :
5661 command : release
5762 env :
5863 GITHUB_TOKEN : ${{ secrets.RELEASE_PLZ_TOKEN }}
59- CARGO_REGISTRY_TOKEN : ${{ secrets.CARGO_REGISTRY_TOKEN }}
64+ CARGO_REGISTRY_TOKEN : ${{ steps.auth.outputs.token }}
6065
6166 release-plz-pr :
6267 name : Release-plz PR
6368 runs-on : ubuntu-latest
69+ permissions :
70+ id-token : write
6471 if : ${{ github.event.workflow_run.conclusion == 'success' }}
6572 concurrency :
6673 group : release-plz-${{ github.ref }}
@@ -72,10 +79,13 @@ jobs:
7279 fetch-depth : 0
7380 - name : Install Rust toolchain
7481 uses : dtolnay/rust-toolchain@stable
82+ - name : Authenticate to crates.io
83+ uses : rust-lang/crates-io-auth-action@v1
84+ id : auth
7585 - name : Run release-plz
7686 uses :
release-plz/[email protected] 7787 with :
7888 command : release-pr
7989 env :
8090 GITHUB_TOKEN : ${{ secrets.RELEASE_PLZ_TOKEN }}
81- CARGO_REGISTRY_TOKEN : ${{ secrets.CARGO_REGISTRY_TOKEN }}
91+ CARGO_REGISTRY_TOKEN : ${{ steps.auth.outputs.token }}
0 commit comments