search

trishume / syntect

Rust library for syntax highlighting using Sublime Text syntax definitions.
https://docs.rs/syntect
MIT License
1.89k stars 132 forks source link

Automate the release process with a GitHub Actions workflow #514

Closed Enselic closed 8 months ago

Enselic commented 9 months ago

To make it easy to make releases (and we need a release to unblock https://github.com/sharkdp/bat/pull/2815), automate the process via GitHub Actions.

Create a workflow that:

  1. Runs cargo publish
  2. Pushes a git tag, but only if the publish was successful.
  3. Creates a GitHub Release with release notes from CHANGELOG.md, but only if creating the tag was successful.

I've been using a variant of this workflow for my own projects for quite a while now, and find that it works well.

New release process

After this lands, this will be the new release process:

  1. Update Cargo.toml version and CHANGELOG.md on master
  2. Run workflow https://github.com/trishume/syntect/actions/workflows/Release.yml on master
  3. Done!

Help needed to setup

Hi @trishume ! Would be great if you could help set up an automated release process. I only need your help with this:

Create a crates.io token

  1. https://crates.io/settings/tokens/new
  2. For expiration, I recommend 'No expiration' so we don't have to keep updating it.
  3. For 'Scopes', select 'publish-update'. That way, if the token leaks, it can't be used to remove us as owners on crates.io.
  4. For 'Crates', limit it to syntect.
  5. Click 'Generate token'

If you prefer me to use a token belonging to my account, that's perfectly fine with me, just let me know. I'll then share it with you through gpg.

Create a GitHub Actions secret

  1. https://github.com/trishume/syntect/settings/environments/new and call it crates.io
  2. Add secret and call it CARGO_REGISTRY_TOKEN and paste the above token
  3. In 'Deployment branches and tags', make it available only to the branch 'master' by selecting "Protected branches only" on the dropbox to the right, to minimize risk of it leaking

Done! Once that is done (which only you can do) I will release syntect 5.2.0 using the new process. I have confirmed that this process works with the changelog format of syntect by verifying with a toy project of mine.

Enselic commented 8 months ago

@trishume Friendly one-month ping. Collaborators can't access repo secrets, so you are the only one that can add one. Doing the steps above shouldn't take many minutes.

If you are uncomfortable with storing the secret on GitHub, I could make it a one-time masked input secret that is inputted each run, if you prefer. That way no secrets are stored anywhere.

But the risk of the secret leaking by GitHub is low (I have never heard of it happening), and if it happens it is not a super big deal, since it can't be used to remove us as owners from crates.io.

Enselic commented 8 months ago

Closing in favor of https://github.com/trishume/syntect/pull/517 that does not require storing secrets on GitHub.