Automated releases can help keep your releases consistent, transparent for users and, save maintainance time. It also improves the security of the release by using a "trusted builder". A "trusted builder" provides a higher level of confidence, for example, that cargo command was not modified.
To do that, we could use GitHub workflows. We would need to store the crates.io API token in GitHub secrets, then create a workflow to publish cfg-if to crates.io. Here's a quick draft:
Automated releases can help keep your releases consistent, transparent for users and, save maintainance time. It also improves the security of the release by using a "trusted builder". A "trusted builder" provides a higher level of confidence, for example, that
cargo
command was not modified.To do that, we could use GitHub workflows. We would need to store the
crates.io
API token in GitHub secrets, then create a workflow to publishcfg-if
tocrates.io
. Here's a quick draft:Additional context
About me, I'm Gabriela and I work on behalf of Google and the OpenSSF suggesting supply-chain security changes.