-
I've got a few scoped tokens stored in per-repository secrets to allow publishing a few crates hosted here. Recently, cargo added trusted publishing:
https://blog.rust-lang.org/2025/07/11/crates-io-development-update-2025-07/#trusted-publishing
This allows one to configure a trusted GitHub workflow on crates.io that is allowed to publish the crate, without setting up a secret. I'm opening this discussion for myself to track down all the repositories here that use such a setup and replace them, but also want to encourage all other developers to do the same (or set up a publishing pipeline based on this in the first place, to reduce the bus factor too).
Beta Was this translation helpful? Give feedback.
All reactions
Replies: 1 comment
-
Tokens are listed at https://crates.io/settings/tokens. Tracking for myself:
To convert
To add publishing workflow to
- https://github.com/rust-mobile/cargo-subcommand
- https://github.com/rust-mobile/android_logger-rs
- https://github.com/rust-mobile/android-intent (need ownership from @matthunz)
- https://github.com/rust-mobile/ndk-context (need ownership from @dvc94ch)
Separately, publishing groups might remain for manual publishes and yanks?
Beta Was this translation helpful? Give feedback.