ci: replace tag-triggered SDK publish with release-plz#691
Merged
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
Replaces the tag-triggered, two-step cargo publish workflow for the Rust SDK crates with a release-plz–driven PR workflow. release-plz opens a Release PR on each push to master that bumps versions and updates changelogs, then on merge tags and publishes dstack-sdk-types and dstack-sdk in dependency order via OIDC trusted publishing. A new release-plz.toml allowlists only the two public SDK crates so the ~30 internal workspace members cannot be accidentally published.
Changes:
- Add
release-plz.tomlwithworkspace.release = falseand explicitrelease = trueonly fordstack-sdkanddstack-sdk-types. - Add
.github/workflows/release-plz.ymlwithrelease-prandreleasejobs (latter scoped tosdk-releaseenvironment withid-token: writefor OIDC). - Remove the old
.github/workflows/rust-sdk-release.yml.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
release-plz.toml |
Allowlists the two public SDK crates and disables release for all other workspace members. |
.github/workflows/release-plz.yml |
Adds Release PR and release/publish jobs triggered on pushes to master. |
.github/workflows/rust-sdk-release.yml |
Removes the legacy tag-triggered serial publish workflow. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
The previous rust-sdk-release.yml triggered `cargo publish` on `rust-sdk-v*` tags, but the tag version (e.g. rust-sdk-v0.5.9) was decoupled from the actual crate version in Cargo.toml (0.1.2). Pushing a tag failed with "already exists on crates.io index", and there was no way to retry once one of the two serial publishes succeeded. release-plz manages this end-to-end: - on every push to master, opens/updates a single Release PR that bumps versions in Cargo.toml, updates workspace dependency pins, and regenerates per-crate CHANGELOGs based on commits since last release - merging the PR auto-tags each crate (dstack-sdk-v*, dstack-sdk-types-v*) and publishes to crates.io in dependency order, idempotently - semver-check warns if a change should bump major - OIDC trusted publishing (id-token: write) replaces the static token flow; no CARGO_REGISTRY_TOKEN secret needed release-plz.toml uses an allowlist: workspace defaults to release = false so only dstack-sdk and dstack-sdk-types are managed; all other internal crates are protected from accidental publish. Follow-up: crates.io trusted publisher entries need to be re-pointed from rust-sdk-release.yml to release-plz.yml for both crates (Settings → Trusted Publishers on each crate's page).
kvinwang
force-pushed
the
ci/release-plz-rust-sdk
branch
from
646223d to
45c1890
Compare
3 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Replaces the broken tag-triggered
cargo publishworkflow with release-plz, a PR-driven release manager for cargo workspaces.Why
The current
rust-sdk-release.ymltriggers onrust-sdk-v*tags and seriallycargo publishesdstack-sdk-typesthendstack-sdk. It's been awkward in practice:rust-sdk-v0.5.9) is decoupled from the actual crate version inCargo.toml(0.1.2). The last run failed withcrate dstack-sdk-types@0.1.2 already exists on crates.io index— no one had bumpedCargo.toml.typessucceeds butsdkfails, the next attempt fails immediately ontypes.0.1.1but the crate is0.1.2.How release-plz fixes this
master, opens/updates a single Release PR that bumps versions inCargo.toml, updates workspace dependency pins, and regenerates per-crateCHANGELOG.mdfrom commits since the last release.dstack-sdk-v*,dstack-sdk-types-v*), publishes to crates.io in dependency order, idempotently. Already-published versions are skipped.cargo semver-checksruns automatically and warns if a change should bump major.id-token: write) replaces the static token flow.Changes
release-plz.toml— allowlist config: workspace defaultrelease = false, onlydstack-sdkanddstack-sdk-typesare managed. All other ~30 internal crates are protected from accidental publish..github/workflows/rust-sdk-release.yml— two jobs:release-plz-pr(open/update Release PR),release-plz-release(publish on merge). Same filename andenvironment: sdk-releaseas before, so existing crates.io trusted publisher entries continue to work without changes.First release after merge
The first push to master will open a Release PR that:
0.1.1→ current).0.1.2.Review and merge that PR to publish.
Test plan
Release-plz PRjob runs and opens a Release PR