Add GitHub Actions workflow for crate publishing #9
Conversation
This workflow automates the process of publishing a Rust crate to crates.io, including version checking, tagging, building, and generating a Software Bill of Materials (SBOM). Signed-off-by: Glenn Jocher <[email protected]>
|
👋 Hello @glenn-jocher, thank you for submitting a -✅ Define a Purpose: Clearly explain the purpose of your fix or feature in your PR description, and link to any relevant issues. Ensure your commit messages are clear, concise, and adhere to the project's conventions. For more guidance, please refer to our Contributing Guide. Don't hesitate to leave a comment if you have any questions. Thank you for contributing to Ultralytics! 🚀 |
UltralyticsAssistant
left a comment
UltralyticsAssistant
left a comment
There was a problem hiding this comment.
🔍 PR Review
Made with ❤️ by Ultralytics Actions
Fix the workflow so it can run reliably: use valid action versions (not actions/checkout@v6), avoid creating tags/releases before CI + cargo publish succeed, and harden the version-check step output writing. Also improve release/publish robustness by using stable Rust for CI, running cargo publish --locked, making SBOM upload idempotent, and correcting the crates.io URL to the actual crate for this repo.
💬 Posted 7 inline comments
|
@onuralpszr let's not merge this until we define package name and ready to publish, as this will likely publish a first version on PR merge. |
|
TODO: Update L26 crate_url: https://crates.io/crates/ultralytics-template-rust |
yes we can do meeting and decide when it is time |
UltralyticsAssistant
left a comment
UltralyticsAssistant
left a comment
There was a problem hiding this comment.
🔍 PR Review 2
Made with ❤️ by Ultralytics Actions
Overall the workflow structure is solid (version check → tag/release → build gates → publish → SBOM upload), but there are a few reliability issues to address: the shell: python step may not execute on Ubuntu runners, the ls-remote call can silently fail and cause an incorrect publish decision, and the SBOM upload isn’t idempotent without --clobber. Also, the workflow_dispatch input is currently unused, and the crate URL appears to point to a template rather than this repo’s crate.
💬 Posted 6 inline comments
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
This workflow automates the process of publishing a Rust crate to crates.io, including version checking, tagging, building, and generating a Software Bill of Materials (SBOM).
🛠️ PR Summary
Made with ❤️ by Ultralytics Actions
🌟 Summary
Adds an automated GitHub Actions workflow to tag, test, publish, and attach an SBOM when releasing the Rust crate to crates.io 🚀
📊 Key Changes
-Introduces a new
.github/workflows/publish.ymlworkflow that runs onmainpushes or manual dispatch-Automatically checks
Cargo.tomlversion, compares against existing git tags, and creates a new annotated tag + GitHub Release when needed 🏷️-Adds CI gates before publishing:
cargo fmt,cargo clippy, andcargo test✅-Publishes the crate to crates.io using
cargo publishwith a protected environment token 🔐-Generates and uploads an SPDX JSON SBOM (
sbom.spdx.json) to the GitHub Release 📦🎯 Purpose & Impact
-Streamlines and standardizes Rust crate releases, reducing manual steps and release mistakes
-Ensures only version-incremented releases publish, with quality checks enforced before publish
-Improves release transparency and compliance by attaching an SBOM to each tagged release