From 2008418f27ad7b92ad3c59668775fda44f0998da Mon Sep 17 00:00:00 2001 From: shikhar Date: Mon, 26 Jan 2026 19:55:16 -0500 Subject: [PATCH] fix: have release-plz publish to crates.io directly - Pass CARGO_REGISTRY_TOKEN to release-plz for crates.io publishing - Trigger release.yml on PR merge instead of tag push - Explicitly enable git tagging and releases in release-plz config GITHUB_TOKEN-created tags don't trigger other workflows, so we now trigger on release PR merge directly. Co-Authored-By: Claude Opus 4.5 --- .github/workflows/release-tag.yml | 27 -------- .github/workflows/release.yml | 105 +++++++++++++++++------------- release-plz.toml | 3 +- 3 files changed, 61 insertions(+), 74 deletions(-) delete mode 100644 .github/workflows/release-tag.yml diff --git a/.github/workflows/release-tag.yml b/.github/workflows/release-tag.yml deleted file mode 100644 index 02c32f7..0000000 --- a/.github/workflows/release-tag.yml +++ /dev/null @@ -1,27 +0,0 @@ -name: release-tag - -on: - pull_request: - types: [closed] - -jobs: - release-tag: - if: github.event.pull_request.merged == true && contains(github.event.pull_request.labels.*.name, 'release') - runs-on: ubuntu-latest - permissions: - contents: write - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - - name: Install Rust - uses: dtolnay/rust-toolchain@stable - - - name: Run release-plz release - uses: release-plz/action@v0.5 - with: - command: release - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 5116b1d..3713e33 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,10 +1,37 @@ name: release -on: - push: - tags: ["[0-9]+.[0-9]+.[0-9]+*"] + +on: + pull_request: + types: [closed] workflow_dispatch: + jobs: + release_plz: + if: | + github.event_name == 'workflow_dispatch' || + (github.event.pull_request.merged == true && contains(github.event.pull_request.labels.*.name, 'release')) + runs-on: ubuntu-latest + permissions: + contents: write + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Install Rust + uses: dtolnay/rust-toolchain@stable + + - name: Run release-plz release + uses: release-plz/action@v0.5 + with: + command: release + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + CARGO_REGISTRY_TOKEN: ${{ secrets.CRATES_IO_TOKEN }} + build_binaries: + needs: release_plz name: ${{ matrix.target }} runs-on: ${{ matrix.os }} strategy: @@ -37,8 +64,8 @@ jobs: - os: windows-latest target: aarch64-pc-windows-msvc steps: - - name: checkout - uses: actions/checkout@v4 + - name: Checkout + uses: actions/checkout@v4 - uses: actions-rust-lang/setup-rust-toolchain@v1 with: rustflags: "" @@ -59,7 +86,7 @@ jobs: if: matrix.os == 'macos-latest' run: | echo "${{ secrets.MACOS_PEM }}" | base64 -d -o macos.pem - echo "${{ secrets.MACOS_CERTIFICATE_DER }}" | base64 -d -o certificate.der + echo "${{ secrets.MACOS_CERTIFICATE_DER }}" | base64 -d -o certificate.der - name: Sign macos binary if: matrix.os == 'macos-latest' uses: indygreg/apple-code-sign-action@v1 @@ -73,104 +100,92 @@ jobs: shell: bash run: | cd target/${{ matrix.target }}/release - - if [ "${{ matrix.os }}" = "windows-latest" ]; + + if [ "${{ matrix.os }}" = "windows-latest" ]; then 7z a ../../../s2-${{ matrix.target }}.zip s2.exe else zip -r ../../../s2-${{ matrix.target }}.zip s2 - fi + fi - name: App store connect api key if: matrix.os == 'macos-latest' run: echo "${{ secrets.APP_STORE_CONNECT_API_KEY }}" | base64 -d -o app_store_connect_api_key.json - - name: Notarize macos binary - if: matrix.os == 'macos-latest' + - name: Notarize macos binary + if: matrix.os == 'macos-latest' uses: indygreg/apple-code-sign-action@v1 - with: + with: input_path: s2-${{ matrix.target }}.zip sign: false notarize: true app_store_connect_api_key_json_file: app_store_connect_api_key.json - - name: upload artifacts + - name: Upload artifacts uses: actions/upload-artifact@v4 with: name: ${{ matrix.target }} - path: | + path: | *.zip if-no-files-found: error - create_release: + upload_release_artifacts: needs: build_binaries runs-on: ubuntu-22.04 - if: github.event_name != 'workflow_dispatch' permissions: contents: write steps: - - name: checkout + - name: Checkout uses: actions/checkout@v4 - - name: version + - name: Get version id: version uses: SebRollen/toml-action@v1.2.0 with: file: Cargo.toml field: package.version - - uses: mindsers/changelog-reader-action@v2 - id: changelog_reader - with: - version: ${{ steps.version.outputs.value }} - - name: install rust - uses: dtolnay/rust-toolchain@stable - - name: publish to crates.io - run: cargo publish --token ${{ secrets.CRATES_IO_TOKEN }} - - name: download artifacts + - name: Download artifacts uses: actions/download-artifact@v4 - - name: create release + - name: Upload to release uses: softprops/action-gh-release@v2 with: + tag_name: ${{ steps.version.outputs.value }} files: | - **/*.tar.gz **/*.zip - name: ${{ steps.version.outputs.value }} - body: ${{ steps.changelog_reader.outputs.changes }} update_homebrew: - needs: [create_release, build_binaries] + needs: build_binaries runs-on: ubuntu-22.04 - if: github.event_name != 'workflow_dispatch' steps: - - name: checkout + - name: Checkout uses: actions/checkout@v4 - - name: version + - name: Get version id: version uses: SebRollen/toml-action@v1.2.0 with: file: Cargo.toml field: package.version - name: Download artifacts - uses: actions/download-artifact@v4 - - name: sha256sum - run: | + uses: actions/download-artifact@v4 + - name: Calculate checksums + run: | LINUX_INTEL_SHA256=$(shasum -a 256 x86_64-unknown-linux-gnu/s2-x86_64-unknown-linux-gnu.zip | awk '{print $1}') - echo "LINUX_INTEL_SHA256=$LINUX_INTEL_SHA256" >> $GITHUB_ENV + echo "LINUX_INTEL_SHA256=$LINUX_INTEL_SHA256" >> $GITHUB_ENV LINUX_ARM_SHA256=$(shasum -a 256 aarch64-unknown-linux-gnu/s2-aarch64-unknown-linux-gnu.zip | awk '{print $1}') echo "LINUX_ARM_SHA256=$LINUX_ARM_SHA256" >> $GITHUB_ENV MAC_INTEL_SHA256=$(shasum -a 256 x86_64-apple-darwin/s2-x86_64-apple-darwin.zip | awk '{print $1}') echo "MAC_INTEL_SHA256=$MAC_INTEL_SHA256" >> $GITHUB_ENV MAC_ARM_SHA256=$(shasum -a 256 aarch64-apple-darwin/s2-aarch64-apple-darwin.zip | awk '{print $1}') - echo "MAC_ARM_SHA256=$MAC_ARM_SHA256" >> $GITHUB_ENV - - name: checkout into the formula repo + echo "MAC_ARM_SHA256=$MAC_ARM_SHA256" >> $GITHUB_ENV + - name: Checkout homebrew repo uses: actions/checkout@v4 with: repository: 's2-streamstore/homebrew-s2' token: ${{ secrets.HOMEBREW_PAT }} - - name: update formula - run: | + - name: Update formula + run: | sed -i.bak "s/^ version \".*\"$/ version \"${{ steps.version.outputs.value }}\"/" s2.rb sed -z -i -e 's/[0-9a-f]\{64\}/${{ env.MAC_INTEL_SHA256 }}/1' s2.rb sed -z -i -e 's/[0-9a-f]\{64\}/${{ env.MAC_ARM_SHA256 }}/2' s2.rb sed -z -i -e 's/[0-9a-f]\{64\}/${{ env.LINUX_INTEL_SHA256 }}/3' s2.rb - sed -z -i -e 's/[0-9a-f]\{64\}/${{ env.LINUX_ARM_SHA256 }}/4' s2.rb - - name: release + sed -z -i -e 's/[0-9a-f]\{64\}/${{ env.LINUX_ARM_SHA256 }}/4' s2.rb + - name: Push formula run: | git config --global user.email "mehul@s2.dev" git config --global user.name "Mehul Arora" diff --git a/release-plz.toml b/release-plz.toml index 2f0d4b3..cb8186a 100644 --- a/release-plz.toml +++ b/release-plz.toml @@ -1,7 +1,6 @@ [workspace] changelog_config = "cliff.toml" -publish = false git_tag_enable = true git_tag_name = "{{ version }}" -git_release_enable = false +git_release_enable = true pr_labels = ["release"]