Skip to content

fix(_release-rust): publish with PAT so release events cascade to downstream workflows#111

Merged
emmanuelm41 merged 1 commit into
mainfrom
fix/release-publish-cascade-token
Jul 1, 2026
Merged

fix(_release-rust): publish with PAT so release events cascade to downstream workflows#111
emmanuelm41 merged 1 commit into
mainfrom
fix/release-publish-cascade-token

Conversation

@emmanuelm41

Copy link
Copy Markdown
Member

Problem

After #110 switched the release job to draft→upload→publish, the publish transition (gh release edit --draft=false) runs as GITHUB_TOKEN / github-actions[bot]. GitHub suppresses workflow triggers for events produced by GITHUB_TOKEN, so the release: published event is sterile — downstream release-triggered workflows never fire.

Observed on kunobi-ninja/kache v0.9.0-rc.1 (first release after #110): the release published fine (immutable: true), but Publish crates and Package Publish never ran. Comparison:

release publish method author cascaded?
v0.8.0 direct create-publish (pre-#110) emmanuelm41 (PAT)
v0.9.0-rc.1 draft→edit-publish (#110) github-actions[bot]

Fix

Set the release step's GH_TOKEN to ${{ secrets.pgp_signer_token || github.token }} — publish with the caller's release PAT when provided (already wired for signing), falling back to GITHUB_TOKEN. A PAT-authored publish cascades, restoring pre-#110 behavior. Consumers that don't pass pgp_signer_token keep the current (fallback) behavior.

Notes

The draft→upload→publish change (#110) made the publish transition
(gh release edit --draft=false) run as GITHUB_TOKEN / github-actions[bot].
GitHub suppresses workflow triggers for events produced by GITHUB_TOKEN,
so the resulting release: published event was sterile — downstream
release-triggered workflows (crates publish, package publish) never ran.

Publish with the caller's release PAT (secrets.pgp_signer_token) when
provided, falling back to GITHUB_TOKEN. A PAT-authored publish cascades,
restoring the pre-#110 behavior where the direct create-publish (also
authored by the PAT) triggered downstream release workflows.

Refs kunobi-ninja/kache#481
@emmanuelm41 emmanuelm41 merged commit 7f61511 into main Jul 1, 2026
1 check passed
@emmanuelm41 emmanuelm41 deleted the fix/release-publish-cascade-token branch July 1, 2026 23:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant