fix(release): drop chicken-and-egg verify step from publish-to-crates-io.yml#144
Merged
Conversation
The 'Verify all crates can publish' step runs `cargo publish --dry-run -p <name>` for every workspace crate before any have been published. cargo's dry-run resolves dependencies through the public crates.io index — so the moment a dependent workspace crate is asked to dry-run, it requires every synth-* dep to already exist on crates.io at the new version. For v0.7.0 (or any first publish of a new version), that's impossible: synth-opt needs synth-cfg ^0.7.0, synth-frontend needs synth-core ^0.7.0, etc., and the registry has none of them at the new version yet. This blocked publish-to-crates-io.yml on v0.7.0 entirely — verify failed, the actual publish step never ran. The `./publish publish` helper already has a 10-attempt retry loop with 40s sleeps specifically to ride out crates.io index propagation as each leaf publishes, so the verify step is functionally redundant. `cargo publish` (without --dry-run) also performs the full metadata validation before uploading, so we don't lose the safety check by removing the pre-flight. After this lands, re-run publish-to-crates-io.yml via workflow_dispatch on the v0.7.0 tag to publish the workspace to crates.io. Recoverable variant: change `./publish verify` to use `cargo package -p` (which uses path deps and doesn't hit the registry) if a fail-fast metadata check is wanted. Tracked as a follow-up but not blocking v0.7.0.
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
./publish verifystep from.github/workflows/publish-to-crates-io.ymlv0.7.0(and every future version's first publish)./publish publish's 10-attempt retry loop +cargo publish's own metadata validation cover the same ground correctlyRoot cause
cargo publish --dry-run -p <name>resolves dependencies through the public crates.io index, not the local workspace. For a first publish of v0.7.0 of an internally-coupled workspace, the dependents (synth-opt, synth-frontend, synth-synthesis, …) fail dry-run because synth-cfg / synth-core / etc. aren't on the registry at 0.7.0 yet. This is inherent to cargo's dry-run semantics, not a script bug per se — but it makes a pre-flightverifystep structurally impossible for new-version publishes.Evidence
The first run of publish-to-crates-io.yml on the (re-tagged) v0.7.0 commit
70f5fd2failed in the verify step with:(run 26384884309)
What the publish step does that verify doesn't
cargo publish(without--dry-run) runs the same metadata + packaging checks before upload, so we don't lose validation../publish publishhas a curated dependency order + per-attempt retry, sleeping 40s between attempts to ride out crates.io index propagation as each leaf publishes.Recovery
After merge: re-run publish-to-crates-io.yml via
gh workflow run publish-to-crates-io.yml -f tag=v0.7.0to actually publish the workspace.Follow-up
If a fail-fast metadata pre-flight is wanted later,
./publish verifycould be changed to usecargo package -p <name>(path deps, no registry hit). Tracked as a separate issue.Test plan