From c52dc84e3b166ddb8d29d3646dd112bdb7bd7844 Mon Sep 17 00:00:00 2001
From: Jonathan Schwender <schwenderjonathan@gmail.com>
Date: Thu, 4 Dec 2025 17:20:38 +0100
Subject: [PATCH 1/2] Add CI job to publish to crates.io

Signed-off-by: Jonathan Schwender <schwenderjonathan@gmail.com>
---
 .github/workflows/publish.yml | 35 +++++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index eb2d2892f0..3b1cc8e4c4 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -1,5 +1,10 @@
+# Workflow to publish crates.io and GitHub releases
+# Changes to this workflow must be reviewed carefully!
 name: Publish
 
+# Workflow triggers should be strictly controlled,
+# as this will trigger publishing to crates.io.
+# We only want to publish on the main branch.
 on:
   push:
     branches: [main]
@@ -37,10 +42,14 @@ jobs:
           git fetch --tags --quiet
           if ! git show-ref --tags --verify --quiet "refs/tags/${RELEASE_TAG}" ; then
             gh release create ${RELEASE_TAG} ./*.tar.gz
+            echo "CREATE_RELEASE=true" >> ${GITHUB_OUTPUT}
+          else
+            echo "CREATE_RELEASE=false" >> ${GITHUB_OUTPUT}
           fi
           echo "RELEASE_TAG=${RELEASE_TAG}" >> ${GITHUB_OUTPUT}
     outputs:
       release-tag: ${{ steps.check-tag.outputs.RELEASE_TAG }}
+      create-release: ${{ steps.check-tag.outputs.CREATE_RELEASE }}
 
   verify-release:
     name: Verify release
@@ -50,3 +59,29 @@ jobs:
     with:
       release-tag: ${{ needs.publish-github-release.outputs.release-tag }}
       rust_version: stable
+
+  # Our CI testing ensures that mozjs-sys and mozjs are always bumped together.
+  # We always publish both versions, since mozjs depends on a speciifc version
+  # of mozjs-sys
+  publish-crates-io:
+    name: Publish to crates.io
+    runs-on: ubuntu-latest
+    needs:
+      - publish-github-release
+      - verify-release
+    permissions:
+      id-token: write
+    if: ${{ needs.publish-github-release.outputs.create-release }}
+    steps:
+      - uses: actions/checkout@v6
+      - uses: rust-lang/crates-io-auth-action@v1
+        id: auth
+      # publish mozjs-sys
+      - run: cargo publish -p mozjs-sys
+        env:
+          CARGO_REGISTRY_TOKEN: ${{ steps.auth.outputs.token }}
+      # Wait a bit to ensure the release is published
+      - run: sleep 5
+      - run: cargo publish -p mozjs
+        env:
+          CARGO_REGISTRY_TOKEN: ${{ steps.auth.outputs.token }}
\ No newline at end of file

From 50a5b792cde0177a139a9c03f63c115f19a78937 Mon Sep 17 00:00:00 2001
From: Jonathan Schwender <schwenderjonathan@gmail.com>
Date: Wed, 10 Dec 2025 14:31:14 +0100
Subject: [PATCH 2/2] Always attempt to publish, and handle exists error
 gracefully

Signed-off-by: Jonathan Schwender <schwenderjonathan@gmail.com>
---
 .github/workflows/publish.yml | 17 ++++++++---------
 1 file changed, 8 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 3b1cc8e4c4..da23bdb6e8 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -42,14 +42,10 @@ jobs:
           git fetch --tags --quiet
           if ! git show-ref --tags --verify --quiet "refs/tags/${RELEASE_TAG}" ; then
             gh release create ${RELEASE_TAG} ./*.tar.gz
-            echo "CREATE_RELEASE=true" >> ${GITHUB_OUTPUT}
-          else
-            echo "CREATE_RELEASE=false" >> ${GITHUB_OUTPUT}
           fi
           echo "RELEASE_TAG=${RELEASE_TAG}" >> ${GITHUB_OUTPUT}
     outputs:
       release-tag: ${{ steps.check-tag.outputs.RELEASE_TAG }}
-      create-release: ${{ steps.check-tag.outputs.CREATE_RELEASE }}
 
   verify-release:
     name: Verify release
@@ -61,7 +57,7 @@ jobs:
       rust_version: stable
 
   # Our CI testing ensures that mozjs-sys and mozjs are always bumped together.
-  # We always publish both versions, since mozjs depends on a speciifc version
+  # We always publish both versions, since mozjs depends on a specific version
   # of mozjs-sys
   publish-crates-io:
     name: Publish to crates.io
@@ -71,17 +67,20 @@ jobs:
       - verify-release
     permissions:
       id-token: write
-    if: ${{ needs.publish-github-release.outputs.create-release }}
     steps:
       - uses: actions/checkout@v6
       - uses: rust-lang/crates-io-auth-action@v1
         id: auth
-      # publish mozjs-sys
-      - run: cargo publish -p mozjs-sys
+      # publish mozjs-sys. We ignore the error if the version is already published, but abort the workflow
+      # on other errors.
+      - run: |
+          cargo publish -p mozjs-sys 2> err.log || grep "already exists on crates.io" err.log || ( cat err.log ; exit 1)
         env:
           CARGO_REGISTRY_TOKEN: ${{ steps.auth.outputs.token }}
       # Wait a bit to ensure the release is published
       - run: sleep 5
-      - run: cargo publish -p mozjs
+      - run: |
+          rm -f err.log
+          cargo publish -p mozjs 2> err.log || grep "already exists on crates.io" err.log || ( cat err.log ; exit 1)
         env:
           CARGO_REGISTRY_TOKEN: ${{ steps.auth.outputs.token }}
\ No newline at end of file