Pre-publish polish: repo URL, docs.rs metadata, release pipeline, badges#4
Merged
Merged
Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 7fb26579f1
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
JosiahBull
requested changes
May 20, 2026
repository was set to thepartly/api-proxy, which 404s. The actual repo is thepartly/partly-proxy — set both repository and homepage to that. crates.io and docs.rs link these verbatim. Member crates inherit via 'repository.workspace = true'.
Without [package.metadata.docs.rs], docs.rs builds with default features only. all-features = true picks up storage-sqlite (lib), testing (types), and any future opt-in surface. --cfg docsrs is set so future #[cfg_attr(docsrs, doc_cfg(...))] annotations render feature gates inline in published rustdoc.
Tag-triggered (v*) workflow:
version-check verify the tag matches workspace.package.version,
every member crate's manifest version, and the
ts-client package.json version. shared-version=true
in release.toml is intent, not enforcement — drift
from cargo-release failures or hand-edits would
otherwise publish mismatched artifacts.
publish-crates crates.io via OIDC Trusted Publishing
(rust-lang/crates-io-auth-action@v1) — no long-lived
CARGO_REGISTRY_TOKEN secret. Publishes in dep order
(types → storage-jsonl → storage-sqlite → lib) with
30s waits for sparse-index propagation.
publish-npm @partly/proxy-client via npm OIDC Trusted Publishing
with --provenance. No NPM_TOKEN secret.
github-release created only after both publish jobs succeed, so
the release page never advertises a version that
failed to upload.
Bootstrap prerequisite (one-time per artifact, not gated by this PR):
configure Trusted Publishers on crates.io and npmjs.com for each
package, bound to repo=thepartly/partly-proxy, workflow=release.yml,
environment=release. Until those exist, the publish jobs fail on OIDC
auth and the release isn't created — safe to re-run.
hardbyte
force-pushed
the
brian/release-pipeline-and-publish-prep
branch
from
50cf292 to
ca0d8a5
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Pre-publish polish ahead of v0.3.0 on crates.io and npm. Metadata, workflow, and README only — no library code touched.
What
workspace.package.repository— set tothepartly/partly-proxy(currently lands onthepartly/api-proxy, which 404s). crates.io and docs.rs link this verbatim.[package.metadata.docs.rs]on all 4 publishable crates —all-features = true+rustdoc-args = ["--cfg", "docsrs"]. Without it, docs.rs builds with default features only (hidingstorage-sqliteon the lib, thetestingconformance suite onpartly-proxy-types, etc.). The--cfg docsrsflag is set so future#[cfg_attr(docsrs, doc_cfg(...))]annotations render feature gates inline in rustdoc — no source change needed to land that later..github/workflows/release.yml— tag-triggered (v*), four jobs:version-check→ (publish-crates∥publish-npm) →github-release. Both registry publishes use OIDC Trusted Publishing — no long-livedCARGO_REGISTRY_TOKENorNPM_TOKENsecret.rust-lang/crates-io-auth-action@v1, publishes in dep order (types → storage-jsonl → storage-sqlite → lib) with 30s waits for sparse-index propagation.npm publish --provenance --access publicfor@partly/proxy-client(GA Aug 2025).version-checkverifies the tag againstworkspace.package.version, every member crate manifest, andts-client/package.json— catches drift from acargo releasemid-failure or a hand-edit thatshared-version = truecan't enforce.github-releaseruns only after both publishes succeed, so the release page never advertises a version that failed to upload.Bootstrap prerequisite — required before tagging
OIDC publishing needs a Trusted Publisher (or Pending Publisher for unpublished names) configured per registry per package. Until they exist, the publish jobs fail on OIDC auth and the release isn't created — safe to re-run after configuring.
crates.io → Settings → Trusted Publishing → Add. Four entries:
partly-proxy-types,partly-proxy-storage-jsonl,partly-proxy-storage-sqlite,partly-proxy-lib.npmjs.com → package settings → Trusted Publisher. One entry:
@partly/proxy-client.All bound to:
thepartly/partly-proxyrelease.ymlrelease