Skip to content

fix(release): publish crates.io releases via trusted GitHub Actions flow#883

Merged
mstykow merged 4 commits into
mainfrom
fix/release-trusted-publishing
May 21, 2026
Merged

fix(release): publish crates.io releases via trusted GitHub Actions flow#883
mstykow merged 4 commits into
mainfrom
fix/release-trusted-publishing

Conversation

@mstykow
Copy link
Copy Markdown
Owner

@mstykow mstykow commented May 21, 2026
edited
Loading

Summary

  • move crates.io publish from local cargo-release execution into the tag-triggered GitHub Actions release workflow
  • add release verification gates for version sync, tag/version alignment, origin/main reachability, crate size, and publish dry-run packaging
  • document the two-phase maintainer release flow and the trusted publishing setup for provenant-cli

Issues

  • Covers: release automation hardening and trusted publishing migration

Scope and exclusions

  • Included: workflow/job wiring, cargo-release config updates, release script changes, new tag sync helper, and maintainer documentation updates
  • Explicit exclusions: no runtime scanner behavior changes, no parser changes, no expected-output fixture updates

Follow-up work

  • Created or intentionally deferred: validate the GitHub crates-io environment reviewers and crates.io trusted publisher settings before the first tagged release using this flow

Expected-output fixture changes

  • Files changed: none
  • Why the new expected output is correct: no golden or expected-output fixtures changed in this branch

@mstykow mstykow changed the title fix(release): move publish flow to GitHub Actions fix(release): publish crates.io releases via trusted GitHub Actions flow May 21, 2026
mstykow and others added 4 commits May 21, 2026 22:55
@mstykow @sisyphus-dev-ai
fix(release): move publish flow to GitHub Actions
308306e 
Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent)

Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
Signed-off-by: Maxim Stykow <maxim.stykow@gmail.com>
@mstykow @sisyphus-dev-ai
docs(release): document trusted publishing flow
38657ec 
Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent)

Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
Signed-off-by: Maxim Stykow <maxim.stykow@gmail.com>
@mstykow @sisyphus-dev-ai
fix(release): remove trusted publishing approval gate
a773c80 
Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent)

Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
Signed-off-by: Maxim Stykow <maxim.stykow@gmail.com>
@mstykow @sisyphus-dev-ai
docs(release): tighten maintainer release guide
a96b325 
Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent)

Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
Signed-off-by: Maxim Stykow <maxim.stykow@gmail.com>
@mstykow mstykow force-pushed the fix/release-trusted-publishing branch from fb52230 to a96b325 Compare May 21, 2026 20:56
@mstykow mstykow merged commit 3b3fa2c into main May 21, 2026
16 checks passed
@mstykow mstykow deleted the fix/release-trusted-publishing branch May 21, 2026 22:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mstykow