Rust (crates.io)
The Rust target publishes to crates.io. The crate name is the target's packageName. See the Rust configuration for options.
Authenticate the release with OIDC trusted publishing (recommended) or a crates.io API token.
Enable publishing
{
"targets": {
"rust": {
"packageName": "acme",
"publish": { "cargo": true }
}
}
}
Trusted publishing (OIDC)
Recommended. The release workflow uses rust-lang/crates-io-auth-action to exchange the workflow's identity token for a short-lived crates.io token, so no secret is stored.
Add a trusted publisher on crates.io
On crates.io, open the crate's Settings → Trusted Publishing and add a GitHub publisher:
-
Repository owner and name: your linked repository
-
Workflow filename:
sdk-release.yml -
Environment: leave blank (unless you set
releaseEnvironment)
Keep the default config
{ "targets": { "rust": { "publish": { "cargo": true } } } }
Publishing with a crates.io token
Create a crates.io token
On crates.io, go to Account Settings → API Tokens → New Token and grant it the publish-update scope.
Add it to the repository
Add the token as a repository secret named CARGO_REGISTRY_TOKEN. See Adding repository secrets.
Switch the target to token auth
{
"targets": {
"rust": {
"publish": { "cargo": { "authMethod": "access-token" } }
}
}
}
Notes
- Before
cargo publish, the workflow queries the crates.io API for the version and skips it if it already exists, so re-merges are safe.