ci: create release workflow that uses cargo release #110
Conversation
There was a problem hiding this comment.
Pull Request Overview
This PR adds automated release functionality to the repository by introducing a GitHub Actions workflow that uses cargo release for publishing releases. The changes also update several dependency versions in the Cargo.toml file.
- Creates a manual GitHub Actions workflow for automated releases with configurable release levels (patch, minor, major)
- Updates dependency versions for filecoin-proofs-v1, fr32, and storage-proofs-core packages
Reviewed Changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| .github/workflows/release.yml | Adds new release workflow with manual trigger and cargo release automation |
| Cargo.toml | Updates dependency versions to newer major/minor releases |
| run: cargo install --version 0.25.17 cargo-release | ||
| - name: Set git user | ||
| run: | | ||
| git config --global user.email "${GITHUB_TRIGGERING_ACTOR}@users.noreply.github.com>" |
There was a problem hiding this comment.
There is an extra closing angle bracket '>' at the end of the email address. It should be '${GITHUB_TRIGGERING_ACTOR}@users.noreply.github.com' without the trailing '>'.
| git config --global user.email "${GITHUB_TRIGGERING_ACTOR}@users.noreply.github.com>" | |
| git config --global user.email "${GITHUB_TRIGGERING_ACTOR}@users.noreply.github.com" |
Copilot uses AI. Check for mistakes.
| - name: Install required packages | ||
| run: sudo apt install --no-install-recommends --yes libhwloc-dev nvidia-cuda-toolkit ocl-icd-opencl-dev | ||
| - name: Install cargo release | ||
| run: cargo install --version 0.25.17 cargo-release |
There was a problem hiding this comment.
[nitpick] The cargo-release version is pinned to a specific version (0.25.17). Consider using a more recent version or document why this specific version is required, as newer versions may contain bug fixes and improvements.
| run: cargo install --version 0.25.17 cargo-release | |
| run: cargo install cargo-release |
Copilot uses AI. Check for mistakes.
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - name: Install required packages | ||
| run: sudo apt install --no-install-recommends --yes libhwloc-dev nvidia-cuda-toolkit ocl-icd-opencl-dev |
There was a problem hiding this comment.
Installing packages with sudo without specifying versions could introduce security risks. Consider pinning package versions or using a container image with pre-installed dependencies for more reproducible and secure builds.
| run: sudo apt install --no-install-recommends --yes libhwloc-dev nvidia-cuda-toolkit ocl-icd-opencl-dev | |
| run: sudo apt install --no-install-recommends --yes libhwloc-dev=2.4.1-1 nvidia-cuda-toolkit=11.5.2-1 ocl-icd-opencl-dev=2.2.12-2 |
Copilot uses AI. Check for mistakes.
This is in support of filecoin-project/rust-filecoin-proofs-api#110
There was a problem hiding this comment.
I added @FilOzzy to proofs-crate-owners.
I created a scoped token:
I added an organizational secret: https://github.com/organizations/filecoin-project/settings/secrets/actions/FILOZZY_CI_CARGO_PUBLISH_UPDATE_TOKEN
(It looks like there are some potential Copilot comments to look at too.)
| git config --global user.name "${GITHUB_TRIGGERING_ACTOR}" | ||
| - name: Run cargo release | ||
| env: | ||
| CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }} |
There was a problem hiding this comment.
| CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }} | |
| CARGO_REGISTRY_TOKEN: ${{ secrets.FILOZZY_CI_CARGO_PUBLISH_UPDATE_TOKEN }} |
I debated about the name here, but I thought best to make this an organizational token at which point CARGO_REGISTRY_TOKEN would be too broad for the organization.
|
@galargh did you see this recently from crates.io? https://crates.io/docs/trusted-publishing (mentioned here filecoin-project/ref-fvm#2185) |
Oh yeah! That's really cool :) Thank you for bringing this up! @rvagg would you be able to enable trusted publishing for https://crates.io/crates/filecoin-proofs-api ? It seems like it would be a good testing ground. The name of the workflow is |
|
OK, done, but it was a bit tricky so I'll document here:
But it resulted in: 
Which is a bit odd, I wonder if there's some auth thing that it's not getting right. But I decided not to tinker too much with that account since it's the only one supposedly with owner permission.
|
This adds
releaseworkflow that can be triggered manually which performs the release usingcargo release. It requiresCARGO_REGISTRY_TOKENto be set in the repository secrets. The token has to be for one of the users that belong to the proofs-crate-owners team or filecoin-crate-owner.