ci: automate crates.io + GitHub release publishing via release-plz#3308
Open
mvanhorn wants to merge 3 commits into
Open
ci: automate crates.io + GitHub release publishing via release-plz#3308mvanhorn wants to merge 3 commits into
mvanhorn wants to merge 3 commits into
Conversation
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
cargo publish runs verification builds that honor .cargo/config.toml, which
forces -fuse-ld=lld on x86_64-unknown-linux-gnu, so the publish runner needs
lld installed (matching benchmarks.yml). Also document that release-plz skips
a version whose v{version} tag already exists.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Motivation
Closes #3291. Ports Leo's automated crates.io-first publishing flow to snarkVM so that merging a workspace version-bump PR into
stagingpublishes allsnarkvm-*crates to crates.io and cuts a single GitHub release, with no manualcargo publishand no long-lived crates.io tokens (uses GitHub OIDC Trusted Publishing).This covers the in-repo pieces of the issue (steps 1, 2, 6):
release-plz.toml: disables tags/releases workspace-wide and re-enables them only on the umbrellasnarkvmcrate (git_tag_name = "v{{ version }}"), so there is exactly one git tag and one GitHub release per workspace version rather than release-plz's default per-crate tags. Every lockstep crate is assigned to a sharedversion_groupso they bump together.snarkvm-testchain-generatoris the one workspace member not on the lockstep4.7.3line (it is at0.1.0), so it is set torelease = falseand kept out of the version group; please confirm that matches your intent..github/workflows/publish-crates.yml: triggers on push tostaging(path-filtered toCargo.toml,**/Cargo.toml,release-plz.toml, and the workflow itself) plusworkflow_dispatchwith adry_runinput, aconcurrencygroup, a dry-run job (release-plz/action@v0.5,command: release,dry_run: true), and a publish job withcontents: write+id-token: writefor OIDC Trusted Publishing. Leo's binary-release dispatch is dropped (library workspace), and manual dispatch is guarded tostagingonly.RELEASING.md: documents the normal flow, dry-run, the one-time crates.io Trusted Publishing setup, the new-crate bootstrap, and the tag-collision caveat.The crates.io per-crate Trusted Publishing enrollment and new-crate bootstrap (issue steps 3-4) are operator-side on crates.io and cannot live in a PR;
RELEASING.mddocuments them.Test Plan
actionlint .github/workflows/publish-crates.ymlpasses.release-plz.tomlparses as valid TOML; all 65 referenced crate names were cross-checked against the actual workspaceCargo.tomlfiles (exact match, none missing, none invented).publish-crates.ymlparses as valid YAML.lldbefore publishing, becausecargo publishruns verification builds that honor.cargo/config.toml, which forces-fuse-ld=lldonx86_64-unknown-linux-gnu(matching the existingbenchmarks.yml).workflow_dispatchwithdry_run: trueis the recommended next validation step once the workflow is onstaging; it reports the planned singlev{version}tag and the crates release-plz would publish, without publishing.Documentation
RELEASING.mdis added in this PR. NoAleoNet/welcomedocs changes are needed.Backwards compatibility
No runtime or consensus behavior changes. This PR only adds release/CI configuration and docs; no Rust code is touched, so no
ConsensusVersionguarding is required.Fixes #3291