release: Add job to publish to crates.io#43972
Conversation
|
It looks like we would indeed need to implement our own wrapper around
|
This is a PR to test the changes from #43972. Publishing happens on a protected branch, so we need to merge the changes to the protected branch (crates-io-release-testing) first, in order to test that the script here works. ------------- Add a no dependencies python script (besides cargo metadata), to work around current limitations of `cargo publish --workspace` (which can't resume publishing after an error). We could also use 3rd party solutions like cargo workspaces or cargo release, but that would require auditing their source code, and hence writing a small self-contained script for our use seems preferable. Hopefully `cargo publish --workspace` will become more useful in the future, allowing us to eliminate the script again. Testing: This will be tested after merging to the feature branch. --------- Signed-off-by: Jonathan Schwender <schwenderjonathan@gmail.com>
Signed-off-by: Jonathan Schwender <schwenderjonathan@gmail.com>
Add a no dependencies python script (besides cargo metadata), to work around current limitations of cargo publish --workspace. We could also use 3rd party solutions like cargo workspaces or cargo release, but that would require auditing their source code, and hence writing a small self-contained script for our use seems preferable. Hopefully `cargo publish --workspace` will become more useful in the future, allowing us to eliminate the script again. Signed-off-by: Jonathan Schwender <schwenderjonathan@gmail.com>
python stdout is apparently block-buffered by default when writing to files, which is what Github actions apparently appears like. Let's avoid this by using a log helper, printing to stderr and also flushing for good measure. Signed-off-by: Jonathan Schwender <schwenderjonathan@gmail.com>
98c7996 to
3f5c529
Compare
mukilan
left a comment
There was a problem hiding this comment.
LGTM, but perhaps someone an admin who has published to crates.io previously and has access to the github environments configuration should also review this to make sure the environment correctly configured e.g, restricted to the release branches.
| help="Pass --no-verify to cargo publish.", | ||
| ) | ||
| parser.add_argument( | ||
| "--dry-run", |
There was a problem hiding this comment.
Is this intentionally not exposed as an input for the release workflow?
There was a problem hiding this comment.
This is mainly for local debugging of this script (to look at the order the crates will be published in and verify that it makes sense).
In the release workflow I don't see a use-case, we could also just run cargo publish --workspace --dry-run directly if we wanted to verify everything compiles, but for now I chose not to do that, since it takes very long time locally already, so it probably would take hours in CI.
Co-authored-by: Mukilan Thiyagarajan <mukilanthiagarajan@gmail.com> Signed-off-by: Jonathan Schwender <55576758+jschwe@users.noreply.github.com>
@jdm, since you helped configure the environment, perhaps you could also sign-off. |
|
I'll seed that list with the current set of administrators and turn off self-review, and we can discuss separately if we want to change that list. |
When triggering the release action on a non-protected branch in this repo, the job is rejected (as intended): <img width="1484" height="304" alt="image" src="https://github.com/user-attachments/assets/236d3a41-2765-4652-8709-93110e03c77b" /> When triggering the action on a protected branch in this repository, the publish-crates-io job will be pending, until explicitly approved by one of the required approvers (thanks to the `environment` settings). This allows us to publish all of our packages in one go. Testing: Tested by manually [triggering](https://github.com/servo/servo/actions/runs/24119955943/job/70371705395) a release for `0.1.0-rc2`, which got successfully published to crates.io. This was also a resume-after-cancellation test, since the first ~30 crates of the release had already been published via `cargo publish --workspace`, before running into the issue that `cargo publish --workspace` can't resume after intermediate failures. The last commit "Fix buffering issue in CI" is untested, and was added after observing the stdout log messages only appearing at the end of the script. That commit is trivial though, and probably does not justify using crates.io resources for another test release. --------- Signed-off-by: Jonathan Schwender <schwenderjonathan@gmail.com> Signed-off-by: Jonathan Schwender <55576758+jschwe@users.noreply.github.com> Co-authored-by: Mukilan Thiyagarajan <mukilanthiagarajan@gmail.com> (cherry picked from commit c3d2df2)
This applies #43972 to the release/v0.1 branch in preparation for the release. When triggering the release action on a non-protected branch in this repo, the job is rejected (as intended): <img width="1484" height="304" alt="image" src="https://github.com/user-attachments/assets/236d3a41-2765-4652-8709-93110e03c77b" /> When triggering the action on a protected branch in this repository, the publish-crates-io job will be pending, until explicitly approved by one of the required approvers (thanks to the `environment` settings). This allows us to publish all of our packages in one go. Testing: Tested by manually [triggering](https://github.com/servo/servo/actions/runs/24119955943/job/70371705395) a release for `0.1.0-rc2`, which got successfully published to crates.io. This was also a resume-after-cancellation test, since the first ~30 crates of the release had already been published via `cargo publish --workspace`, before running into the issue that `cargo publish --workspace` can't resume after intermediate failures. The last commit "Fix buffering issue in CI" is untested, and was added after observing the stdout log messages only appearing at the end of the script. That commit is trivial though, and probably does not justify using crates.io resources for another test release. --------- (cherry picked from commit c3d2df2) Signed-off-by: Jonathan Schwender <schwenderjonathan@gmail.com> Signed-off-by: Jonathan Schwender <55576758+jschwe@users.noreply.github.com> Co-authored-by: Mukilan Thiyagarajan <mukilanthiagarajan@gmail.com>
When triggering the release action on a non-protected branch in this repo, the job is rejected (as intended):
When triggering the action on a protected branch in this repository, the publish-crates-io job will be pending, until explicitly approved by one of the required approvers (thanks to the
environmentsettings).This allows us to publish all of our packages in one go.
Testing: Tested by manually triggering a release for
0.1.0-rc2, which got successfully published to crates.io. This was also a resume-after-cancellation test, since the first ~30 crates of the release had already been published viacargo publish --workspace, before running into the issue thatcargo publish --workspacecan't resume after intermediate failures. The last commit "Fix buffering issue in CI" is untested, and was added after observing the stdout log messages only appearing at the end of the script. That commit is trivial though, and probably does not justify using crates.io resources for another test release.