Report if not logged in before confirmation prompt

[Rustin170506]

Cargo release will publish the same package twice if users haven't logged in.

1. clone https://github.com/hi-rustin/cargo-information
2. Unlogin your cargo
3. Try cargo release minor --execute
4. It will tell you that you haven't logged in yet
5. Try cargo release minor --execute
6. It will bump your version twice and only publish the latest one on creates.io

I am not sure if there is any way to check if users log in before we suggest --execute or do the real publish.

[Rustin170506]

Logs:

❯ cargo release minor --execute
Release cargo-information 0.5.0? [y/N] 
y
   Upgrading cargo-information from 0.4.2 to 0.5.0
[main 07d415f] chore: Release cargo-information version 0.5.0
 3 files changed, 4 insertions(+), 2 deletions(-)
  Publishing cargo-information
    Updating crates.io index
error: no token found, please run `cargo login`
or use environment variable CARGO_REGISTRY_TOKEN

cargo-information on  main [$⇡] is 📦 v0.5.0 via 🦀 v1.77.2 took 5s 
❯ cargo login
please paste the token found on https://crates.io/me below
       Login token for `crates-io` saved

cargo-information on  main [$⇡] is 📦 v0.5.0 via 🦀 v1.77.2 took 42s 
❯ cargo release minor --execute 
Release cargo-information 0.6.0? [y/N] 
y
   Upgrading cargo-information from 0.5.0 to 0.6.0
[main 2227f71] chore: Release cargo-information version 0.6.0
 3 files changed, 4 insertions(+), 2 deletions(-)
  Publishing cargo-information
    Updating crates.io index
   Packaging cargo-information v0.6.0 (/Volumes/t7/code/cargo-information)
    Updating crates.io index
   Verifying cargo-information v0.6.0 (/Volumes/t7/code/cargo-information)
   Compiling cargo-information v0.6.0 (/Volumes/t7/code/cargo/target/tmp1/package/cargo-information-0.6.0)
    Finished dev [unoptimized + debuginfo] target(s) in 8.30s
    Packaged 118 files, 175.6KiB (43.4KiB compressed)
   Uploading cargo-information v0.6.0 (/Volumes/t7/code/cargo-information)
    Uploaded cargo-information v0.6.0 to registry `crates-io`
note: Waiting for `cargo-information v0.6.0` to be available at registry `crates-io`.
You may press ctrl-c to skip waiting; the crate should be available shortly.
   Published cargo-information v0.6.0 at registry `crates-io`
     Pushing Pushing main, v0.6.0 to origin
Enumerating objects: 15, done.
Counting objects: 100% (15/15), done.
Delta compression using up to 8 threads
Compressing objects: 100% (11/11), done.
Writing objects: 100% (11/11), 1.08 KiB | 1.08 MiB/s, done.
Total 11 (delta 8), reused 0 (delta 0), pack-reused 0
remote: Resolving deltas: 100% (8/8), completed with 4 local objects.
remote: Bypassed rule violations for refs/heads/main:
remote: 
remote: - Changes must be made through a pull request.
remote: 
remote: - 9 of 9 required status checks are expected.
remote: 
To https://github.com/hi-rustin/cargo-information
   a263494..2227f71  main -> main
 * [new tag]         v0.6.0 -> v0.6.0

[epage]

To confirm my understanding,

• You told cargo release to bump the version and release
• it errored
• Once you resolved the error, you told it to bump the version and release

There are a lot of failure modes within the release process and we don't try to revert the process. This means the commit we made for bumping the version is still there. In the confirmation prompt for the second release, it told you it was releasing 0.6 instead of 0.5.

There are two ways to recover in this situation

• Revert the commit first
• Perform the release without a version bump ... I think. I can't remember if replacements will still run or not

[Rustin170506]

Do we have any way to check it before we suggest --execute to users? It seems the answer is no. Cargo seems doesn't provide a CLI interface to let us grab that information.

[epage]

I don't think cargo does but it would be interesting to explore how it could expose that information