krata/.github/workflows/release-plz.yml

name: release-plz
on:
  push:
    branches:
    - main
concurrency:
  group: "${{ github.workflow }}"
  cancel-in-progress: true
jobs:
  release-plz:
    name: release-plz
    runs-on: ubuntu-latest
    permissions:
      pull-requests: write
      contents: write
    steps:
    - name: harden runner
      uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
      with:
        egress-policy: audit
    - name: generate cultivator token
      uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0
      id: generate-token
      with:
        app-id: "${{ secrets.EDERA_CULTIVATION_APP_ID }}"
        private-key: "${{ secrets.EDERA_CULTIVATION_APP_PRIVATE_KEY }}"
    - name: checkout repository
      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      with:
        submodules: recursive
        fetch-depth: 0
        token: "${{ steps.generate-token.outputs.token }}"
    - name: install stable rust toolchain
      run: |
        rustup update --no-self-update stable
        rustup default stable        
    - name: install linux dependencies
      run: ./hack/ci/install-linux-deps.sh
    - name: release-plz
      uses: MarcoIeni/release-plz-action@db75300cf27adcd986d6f0cf4a72a4ffcc11dae5 # v0.5.86
      env:
        GITHUB_TOKEN: "${{ steps.generate-token.outputs.token }}"
        CARGO_REGISTRY_TOKEN: "${{ secrets.KRATA_RELEASE_CARGO_TOKEN }}"