From 17872abf33af792531b6efa35fd9f1711e2be996 Mon Sep 17 00:00:00 2001 From: Robin Krahl Date: Mon, 9 Mar 2026 10:24:27 +0100 Subject: [PATCH] Add trusted publishing for trussed-core --- .github/workflows/cd-test.yml | 16 ++++++++++++++++ .github/workflows/cd.yml | 20 ++++++++++++++++++++ 2 files changed, 36 insertions(+) create mode 100644 .github/workflows/cd-test.yml create mode 100644 .github/workflows/cd.yml diff --git a/.github/workflows/cd-test.yml b/.github/workflows/cd-test.yml new file mode 100644 index 00000000000..46770f2f76e --- /dev/null +++ b/.github/workflows/cd-test.yml @@ -0,0 +1,16 @@ +name: Continuous delivery - test + +on: + pull_request: + # opened, reopenened, synchronize are the default types for pull_request + # labeled, unlabeled ensure this check is also run if a label is added or removed + types: [opened, reopened, synchronize, labeled, unlabeled] + +jobs: + test-publish: + runs-on: ubuntu-latest + if: ${{ !contains(github.event.pull_request.labels.*.name, 'skip-publish-check') }} + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - run: cargo publish --dry-run --package trussed-core + - run: cargo publish --dry-run --package trussed diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml new file mode 100644 index 00000000000..71a3f0734b4 --- /dev/null +++ b/.github/workflows/cd.yml @@ -0,0 +1,20 @@ +name: Continuous delivery - crates.io + +on: + release: + types: [published] + +jobs: + publish-trussed-core: + runs-on: ubuntu-latest + if: ${{ startsWith(github.event.release.tag_name, 'core-') }} + environment: crates.io + permissions: + id-token: write + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: rust-lang/crates-io-auth-action@b7e9a28eded4986ec6b1fa40eeee8f8f165559ec # v1.0.3 + id: auth + - run: cargo publish --package trussed-core + env: + CARGO_REGISTRY_TOKEN: ${{ steps.auth.outputs.token }}