diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 3598af181..c87879340 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -222,16 +222,30 @@ jobs: "id-token": "write" "packages": "write" + custom-publish-crates: + needs: + - plan + - host + if: ${{ !fromJson(needs.plan.outputs.val).announcement_is_prerelease || fromJson(needs.plan.outputs.val).publish_prereleases }} + uses: ./.github/workflows/publish-crates.yml + with: + plan: ${{ needs.plan.outputs.val }} + secrets: inherit + # publish jobs get escalated permissions + permissions: + "contents": "read" + # Create a GitHub Release while uploading all files to it announce: needs: - plan - host - custom-publish-pypi + - custom-publish-crates # use "always() && ..." to allow us to wait for all publish jobs while # still allowing individual publish jobs to skip themselves (for prereleases). # "host" however must run to completion, no skipping allowed! - if: ${{ always() && needs.host.result == 'success' && (needs.custom-publish-pypi.result == 'skipped' || needs.custom-publish-pypi.result == 'success') }} + if: ${{ always() && needs.host.result == 'success' && (needs.custom-publish-pypi.result == 'skipped' || needs.custom-publish-pypi.result == 'success') && (needs.custom-publish-crates.result == 'skipped' || needs.custom-publish-crates.result == 'success') }} runs-on: "depot-ubuntu-latest-4" permissions: "attestations": "write" diff --git a/dist-workspace.toml b/dist-workspace.toml index e3729d636..d6191b07a 100644 --- a/dist-workspace.toml +++ b/dist-workspace.toml @@ -57,7 +57,7 @@ build-local-artifacts = false # Local artifacts jobs to run in CI local-artifacts-jobs = ["./build-binaries", "./build-docker"] # Publish jobs to run in CI -publish-jobs = ["./publish-pypi"] +publish-jobs = ["./publish-pypi", "./publish-crates"] # Post-announce jobs to run in CI post-announce-jobs = ["./publish-docs"] # Custom permissions for GitHub Jobs