[40.0.x] Migrate this workspace to using trusted publishing #12265
Merged
alexcrichton merged 1 commit intobytecodealliance:release-40.0.0from Jan 7, 2026
Merged
[40.0.x] Migrate this workspace to using trusted publishing #12265alexcrichton merged 1 commit intobytecodealliance:release-40.0.0from
alexcrichton merged 1 commit intobytecodealliance:release-40.0.0from
Conversation
…12257) This commit updates CI config and such to ensure that we're compatible with crates.io-based trusted publishing. Eventually we'll want the restriction that only `wasmtime-publish` is the user on all of our crates, but for now this needs to land and get backported before that's done. Changes here are: * The `publish-to-cratesio.yml` workflow now uses `rust-lang/crates-io-auth-action@v1` to get a crates.io-based token. The in-repository secret is no longer used. * The `publish-to-cratesio.yml` workflow has a new github "Environment" it runs in named `publish` * The publish script no longer adds the `github:bytecodealliance:wasmtime-publish` user to crates. * The publish script now verifies that the `wasmtime-publish` github users is on all crates. * Eventually the publish script will verify that it's the only user on all the crates, but that's left for a future PR. External changes are: * A new `publish` "Environment" was added to this repository. * All crates are configured on crates.io to have a trusted publishing workflow for this repository. * All crates now require being published through a trusted publishing workflow. My plan is to backport this to the 40.0.0 branch, run a point release, fix anything that comes up, and then backport this to all supported branches of Wasmtime.
fitzgen
approved these changes
Jan 7, 2026
01cc1c0
into
bytecodealliance:release-40.0.0
172 checks passed
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Backport of #12257 to do a trial run of trusted publishing