Skip to content

Add Read Action to Role Assignment Condition #2908

Add Read Action to Role Assignment Condition

Add Read Action to Role Assignment Condition #2908

Workflow file for this run

name: Cargo publish or validate
on:
pull_request:
branches:
- main
paths-ignore:
- 'tembo-py/**'
push:
branches:
- 'main'
paths-ignore:
- 'tembo-py/**'
jobs:
find_directories:
name: Find crates that changed
runs-on: ubuntu-20.04
outputs:
changed_crates: ${{ steps.find_directories.outputs.build_matrix }}
steps:
- name: Check out the repo
uses: actions/checkout@v4
- name: Find directories including Cargo.toml that changed
id: find_directories
uses: ./.github/actions/find-changed-directories
with:
contains_the_file: Cargo.toml
# If the branch does not exist, then it will not
# filter any directories containing the file.
# This allows for filtering out unchanged directories
# in a pull request, and using all directories on the release
# or main branches.
changed_relative_to_ref: origin/${{ github.base_ref || 'not-a-branch' }}
cargo_publish:
# On a pull request, this is validating that the version
# is not already published to crates.io, and on a push to
# main or release branches, it is publishing if the version
# does not exist, ignoring if the version is already
# published.
name: Cargo publish or validate
runs-on: ubuntu-20.04
needs:
- find_directories
strategy:
fail-fast: false
matrix: ${{ fromJson(needs.find_directories.outputs.changed_crates) }}
steps:
- name: Check out the repo
uses: actions/checkout@v4
- name: Determine which flags to use on cargo publish
id: cargo_flags
run: |
set -x
BRANCH_NAME=$(git rev-parse --abbrev-ref HEAD)
if [ "${BRANCH_NAME}" == "main" ]; then
echo "dry_run=false" >> $GITHUB_OUTPUT
echo "fail_if_version_published=false" >> $GITHUB_OUTPUT
elif [[ "${BRANCH_NAME}" == release/* ]]; then
echo "dry_run=false" >> $GITHUB_OUTPUT
echo "fail_if_version_published=false" >> $GITHUB_OUTPUT
else
echo "dry_run=true" >> $GITHUB_OUTPUT
echo "fail_if_version_published=false" >> $GITHUB_OUTPUT
fi
- uses: Swatinem/rust-cache@v2
with:
prefix-key: ${{ matrix.name }}
workspaces: |
${{ matrix.path }}
- name: Publish or validate
uses: ./.github/actions/publish-crate
with:
working-directory: ${{ matrix.path }}
dry-run: ${{ steps.cargo_flags.outputs.dry_run }}
fail-if-version-published: ${{ steps.cargo_flags.outputs.fail_if_version_published }}
cargo-registry-token: ${{ secrets.CARGO_REGISTRY_TOKEN }}