Skip to content

Tracking Issue for "Trusted Publishing Support" #10247

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
17 tasks
Turbo87 opened this issue Dec 19, 2024 · 0 comments
Open
17 tasks

Tracking Issue for "Trusted Publishing Support" #10247

Turbo87 opened this issue Dec 19, 2024 · 0 comments
Labels
C-enhancement ✨ Category: Adding new behavior or a change to the way an existing feature works C-tracking-issue Category: A tracking issue for an RFC, an unstable feature, or an issue made of many parts

Comments

@Turbo87
Copy link
Member

Turbo87 commented Dec 19, 2024
edited
Loading

This is a tracking issue for the RFC "crates.io: Trusted Publishing Support" (rust-lang/rfcs#3691).

About tracking issues

Tracking issues are used to record the overall progress of implementation.
They are also used as hubs connecting to other relevant issues, e.g., bugs or open design questions.
A tracking issue is however not meant for large scale discussion, questions, or bug reports about a feature.
Instead, open a dedicated issue for the specific matter and add the relevant feature gate label.
Discussion comments will get marked as off-topic or deleted.
Repeated discussions on the tracking issue may lead to the tracking issue getting locked.

Steps

  • Implement backend support in crates.io
    • Add database table for (GitHub Actions) trusted publishing configs
    • Implement API endpoint to list trusted publishing configs
    • Implement API endpoint to create trusted publishing config (incl. email notification)
    • Implement API endpoint to delete trusted publishing config (incl. email notification)
    • Add database table for temporary access tokens
    • Implement API endpoint to exchange GHA OIDC token for temporary access token
    • Implement API endpoint to revoke temporary access token
    • Adjust publish API endpoint to accept temporary access tokens
    • Add database table for used OIDC token IDs (?)
    • Adjust exchange API endpoint to save used OIDC token IDs and reject replays (?)
    • Implement regular background job to delete expired temporary access tokens and OIDC token IDs
  • Implement frontend UI in crates.io
    • Implement route to list trusted publishing configs
    • Implement route to create trusted publishing config
    • Implement button to delete trusted publishing config
  • Implement GitHub Action

Unresolved Questions

None? (see https://rust-lang.github.io/rfcs/3691-trusted-publishing-cratesio.html#unresolved-questions)
@Turbo87 Turbo87 added C-enhancement ✨ Category: Adding new behavior or a change to the way an existing feature works C-tracking-issue Category: A tracking issue for an RFC, an unstable feature, or an issue made of many parts labels Dec 19, 2024
This was referenced Apr 24, 2025
Draft
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
C-enhancement ✨ Category: Adding new behavior or a change to the way an existing feature works C-tracking-issue Category: A tracking issue for an RFC, an unstable feature, or an issue made of many parts
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Turbo87