-
Notifications
You must be signed in to change notification settings - Fork 304
Add another "crates.io: development update" blog post #1660
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Open
Turbo87
wants to merge
1
commit into
rust-lang:master
Choose a base branch
from
Turbo87:crates-io-update
base: master
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
+95
−0
Open
Changes from all commits
Commits
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
Binary file added
BIN
+169 KB
content/crates-io-development-update-2025-07/docs-rebuild-confirmation.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,95 @@ | ||
| +++ | ||
| path = "2025/07/11/crates-io-development-update-2025-07" | ||
| title = "crates.io: development update" | ||
| authors = ["Tobias Bieniek"] | ||
|
|
||
| [extra] | ||
| team = "the crates.io team" | ||
| team_url = "https://www.rust-lang.org/governance/teams/crates-io" | ||
| +++ | ||
|
|
||
| Since our last development update in [February 2025](https://blog.rust-lang.org/2025/02/05/crates-io-development-update.html), we have continued to make significant improvements to [crates.io](https://crates.io/). In this blog post, we want to give you an update on the latest changes that we have made to crates.io over the past few months. | ||
|
|
||
| ## Trusted Publishing | ||
|
|
||
| We are excited to announce that we have implemented "Trusted Publishing" support on crates.io, as described in [RFC #3691](https://rust-lang.github.io/rfcs/3691-trusted-publishing-cratesio.html). This feature was inspired by the PyPI team's excellent work in this area, and we want to thank them for the inspiration! | ||
|
|
||
| Trusted Publishing eliminates the need for GitHub Actions secrets when publishing crates from your CI/CD pipeline. Instead of managing API tokens, you can now configure which GitHub repository you trust directly on crates.io. That repository is then allowed to request a short-lived API token for publishing in a secure way using OpenID Connect (OIDC). While Trusted Publishing is currently limited to GitHub Actions, we have built it in a way that allows other CI/CD providers like GitLab CI to be supported in the future. | ||
|
|
||
| To get started with Trusted Publishing, you'll need to publish your first release manually. After that, you can set up trusted publishing for future releases. The detailed documentation is available at [https://crates.io/docs/trusted-publishing](https://crates.io/docs/trusted-publishing). | ||
|
|
||
|  | ||
|
|
||
| Here's an example of how to set up GitHub Actions to use Trusted Publishing: | ||
|
|
||
| ```yaml | ||
| name: Publish to crates.io | ||
|
|
||
| on: | ||
| push: | ||
| tags: ['v*'] # Triggers when pushing tags starting with 'v' | ||
|
|
||
| jobs: | ||
| publish: | ||
| runs-on: ubuntu-latest | ||
|
|
||
| environment: release # Optional: for enhanced security | ||
| permissions: | ||
| id-token: write # Required for OIDC token exchange | ||
|
|
||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - uses: rust-lang/crates-io-auth-action@v1 | ||
| id: auth | ||
| - run: cargo publish | ||
| env: | ||
| CARGO_REGISTRY_TOKEN: ${{ steps.auth.outputs.token }} | ||
| ``` | ||
| ## OpenGraph Images | ||
| Previously, crates.io used a single OpenGraph image for all pages. We have now implemented dynamic OpenGraph image generation, where each crate has a dedicated image that is regenerated when new versions are published. | ||
| These images include the crate name, keywords, description, latest version (or rather the default version that we show for the crate), number of releases, license, and crate size. This provides much more useful information when crates.io links are shared on social media platforms or in chat applications. | ||
|  | ||
| The image generation has been extracted to a dedicated crate: [crates_io_og_image](https://crates.io/crates/crates_io_og_image) ([GitHub](https://github.com/rust-lang/crates_io_og_image)). We're also adding basic theming support in [PR #3](https://github.com/rust-lang/crates_io_og_image/pull/3) to allow docs.rs to reuse the code for their own OpenGraph images. | ||
| Under the hood, the image generation uses two other excellent Rust projects: [Typst](https://typst.app/) for layout and text rendering, and [oxipng](https://github.com/oxipng/oxipng) for PNG optimization. | ||
| ## docs.rs rebuilds | ||
| Crate owners can now trigger documentation rebuilds for docs.rs directly from the crate's version list on crates.io. This can be useful when docs.rs builds have failed or when you want to take advantage of new docs.rs features without having to publish a new release just for that. | ||
|  | ||
| We would like to thank our crates.io team member [@eth3lbert](https://github.com/eth3lbert) for implementing the initial version of this feature in [PR #11422](https://github.com/rust-lang/crates.io/pull/11422). | ||
| ## README alert support | ||
| We've added support for rendering GitHub-style alerts in README files. This feature allows crate authors to use alert blocks like `> [!NOTE]`, `> [!WARNING]`, and `> [!CAUTION]` in their README markdown, which will now be properly styled and displayed on crates.io. | ||
|
|
||
|  | ||
Turbo87 marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
|
||
| This enhancement was also implemented by [@eth3lbert](https://github.com/eth3lbert) in [PR #11441](https://github.com/rust-lang/crates.io/pull/11441), building on initial work by [@kbdharun](https://github.com/kbdharun). | ||
|
|
||
| ## Miscellaneous | ||
|
|
||
| These were some of the more visible changes to crates.io over the past couple of months, but a lot has happened "under the hood" as well. Here are a couple of examples: | ||
|
|
||
| ### Email system refactoring | ||
|
|
||
| Previously, we used the `format!()` macro and string concatenation to create emails, which made them hard to maintain and inconsistent in styling. We have migrated to the [minijinja](https://github.com/mitsuhiko/minijinja) crate and now use templates instead. | ||
|
|
||
| The new system includes a template inheritance system for consistent branding across all emails. This change also enables us to support HTML emails in the future. | ||
|
|
||
| ### SemVer sorting optimization | ||
|
|
||
| Previously, we had to load all versions from the database and sort them by [SemVer](https://semver.org/) on the API server, which was inefficient for crates with many versions. Our PostgreSQL provider did not support the [semver extension](https://pgxn.org/dist/semver/), so we had to implement sorting in application code. | ||
|
|
||
| [PR #10763](https://github.com/rust-lang/crates.io/pull/10763) takes advantage of JSONB support in PostgreSQL and their btree ordering specification to implement SemVer sorting on the database side. This reduces the load on our API servers and improves response times for crates with many versions. | ||
|
|
||
| ## Feedback | ||
|
|
||
| We hope you enjoyed this update on the development of crates.io. If you have any feedback or questions, please let us know on [Zulip](https://rust-lang.zulipchat.com/#narrow/stream/318791-t-crates-io) or [GitHub](https://github.com/rust-lang/crates.io/discussions). We are always happy to hear from you and are looking forward to your feedback! | ||
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.