Rust (crates.io)

The Rust target publishes to crates.io. The crate name is the target's packageName. See the Rust configuration for options.

Authenticate the release with OIDC trusted publishing (recommended) or a crates.io API token.

Enable publishing

{
  "targets": {
    "rust": {
      "packageName": "acme",
      "publish": { "cargo": true }
    }
  }
}

Trusted publishing (OIDC)

Recommended. The release workflow uses rust-lang/crates-io-auth-action to exchange the workflow's identity token for a short-lived crates.io token, so no secret is stored.

Add a trusted publisher on crates.io

On crates.io, open the crate's Settings → Trusted Publishing and add a GitHub publisher:

  • Repository owner and name: your linked repository

  • Workflow filename: sdk-release.yml

  • Environment: leave blank (unless you set releaseEnvironment)

Keep the default config
{ "targets": { "rust": { "publish": { "cargo": true } } } }

Publishing with a crates.io token

Create a crates.io token

On crates.io, go to Account Settings → API Tokens → New Token and grant it the publish-update scope.

Add it to the repository

Add the token as a repository secret named CARGO_REGISTRY_TOKEN. See Adding repository secrets.

Switch the target to token auth
{
  "targets": {
    "rust": {
      "publish": { "cargo": { "authMethod": "access-token" } }
    }
  }
}

Notes

  • Before cargo publish, the workflow queries the crates.io API for the version and skips it if it already exists, so re-merges are safe.