rust-lang
diff --git a/‎.gitattributes‎
Lines changed: 1 addition & 0 deletions b/‎.gitattributes‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎.github/workflows/ci.yml‎
Lines changed: 149 additions & 0 deletions b/‎.github/workflows/ci.yml‎
Lines changed: 149 additions & 0 deletions
diff --git a/‎.github/workflows/links.yml‎
Lines changed: 40 additions & 0 deletions b/‎.github/workflows/links.yml‎
Lines changed: 40 additions & 0 deletions
diff --git a/‎.github/workflows/mock.yml‎
Lines changed: 39 additions & 0 deletions b/‎.github/workflows/mock.yml‎
Lines changed: 39 additions & 0 deletions
diff --git a/‎.gitignore‎
Lines changed: 6 additions & 0 deletions b/‎.gitignore‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎.node-version‎
Lines changed: 1 addition & 0 deletions b/‎.node-version‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎.prettierignore‎
Lines changed: 2 additions & 0 deletions b/‎.prettierignore‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎.prettierrc.json‎
Lines changed: 12 additions & 0 deletions b/‎.prettierrc.json‎
Lines changed: 12 additions & 0 deletions
diff --git a/‎CODE_OF_CONDUCT.md‎
Lines changed: 3 additions & 0 deletions b/‎CODE_OF_CONDUCT.md‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎CONTRIBUTING.md‎
Lines changed: 111 additions & 0 deletions b/‎CONTRIBUTING.md‎
Lines changed: 111 additions & 0 deletions
@@ -0,0 +1 @@
+dist/ linguist-generated=true
@@ -0,0 +1,149 @@
+name: CI
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - "main"
+  pull_request:
+
+permissions: {}
+
+jobs:
+  test:
+    name: Test
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+
+      - name: Install node dependencies
+        run: npm ci
+
+      - name: Test
+        run: |
+          npm run test
+
+  lint:
+    name: Lint
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+
+      - name: Install node dependencies
+        run: npm ci
+
+      - name: Lint
+        run: |
+          npm run lint
+
+  format:
+    name: Format
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+
+      - name: Install Prettier
+        run: npm ci
+
+      - name: Format
+        run: npx prettier --check .
+
+  zizmor:
+    name: Zizmor
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+
+      - name: Run zizmor
+        uses: zizmorcore/zizmor-action@f52a838cfabf134edcbaa7c8b3677dde20045018 # v0.1.1
+        with:
+          persona: pedantic
+          # Don't use GitHub advanced security.
+          # Instead, fail if there's a security issue.
+          advanced-security: false
+
+  package:
+    name: Package
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+
+      - name: Install node dependencies
+        run: npm ci
+
+      - name: Check is packaged
+        run: |
+          # Compile to single js files.
+          npm run package
+
+          # Assert that the git diff is empty.
+          git diff --exit-code || (echo "Git diff is not empty. Please run 'npm run package' and commit the changes." && exit 1)
+
+  # This job tests the action directly by running it against a mock server.
+  action-test:
+    name: Action Test
+    runs-on: ubuntu-24.04
+
+    # Required for OpenID Connect token retrieval.
+    permissions:
+      id-token: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+
+      - name: Start mock crates.io server
+        run: |
+          # Build the mock server in advance so that the binary is already built
+          # when we start checking the health endpoint.
+          manifest_path="--manifest-path=mock/Cargo.toml"
+          cargo build $manifest_path
+          # Run the mock server in the background.
+          cargo run   $manifest_path &
+
+          # Wait for server to be ready.
+          retry_count=0
+          max_retries=3
+          until curl -s http://localhost:3000/health > /dev/null 2>&1; do
+            echo "Waiting for mock server to start... (attempt $((retry_count + 1))/$max_retries)"
+            sleep 2
+            retry_count=$((retry_count + 1))
+            if [ $retry_count -ge $max_retries ]; then
+              echo "Mock server failed to start after $max_retries attempts"
+              exit 1
+            fi
+          done
+          echo "Mock server is ready"
+
+      - name: Run trusted publishing action
+        id: trusted-publishing
+        uses: ./ # Uses the action in the root directory.
+        with:
+          url: "http://localhost:3000" # Mock server url.
+
+      - name: Assert action output
+        env:
+          TOKEN: ${{ steps.trusted-publishing.outputs.token }}
+        run: |
+          if [ "$TOKEN" != "mock-token" ]; then
+            echo "Expected token to be 'mock-token', but got '$TOKEN'"
+            exit 1
+          fi
+          echo "Token assertion passed. Token value: $TOKEN"
@@ -0,0 +1,40 @@
+# Check if links present in the repository are valid.
+
+name: Links
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+permissions: {}
+
+jobs:
+  check-links:
+    name: Check links
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+
+      - name: Link Checker
+        uses: lycheeverse/lychee-action@82202e5e9c2f4ef1a55a3d02563e1cb6041e5332 # v2.4.1
+        env:
+          # Set the GitHub token to avoid rate limits when checking GitHub links.
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          fail: true
+          # Accept the HTTP status code 429 (Too Many Requests) to avoid failing the workflow
+          # when the rate limit is exceeded.
+          args: |
+            --no-progress
+            --include-fragments
+            --accept '100..=103, 200..=299, 429'
+            .
@@ -0,0 +1,39 @@
+name: Mock CI
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - "main"
+    paths:
+      - "mock"
+  pull_request:
+    paths:
+      - "mock"
+
+permissions: {}
+
+jobs:
+  rustfmt:
+    name: Rustfmt
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+
+      - name: Check formatting
+        run: cargo fmt --all --check
+
+  clippy:
+    name: Clippy
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+
+      - name: Clippy check
+        run: cargo clippy --all-targets --all-features --workspace -- -D warnings
@@ -0,0 +1,6 @@
+.DS_Store
+.vscode
+.idea
+mock/target
+node_modules/
+*.js.map
@@ -0,0 +1 @@
+20
@@ -0,0 +1,2 @@
+# Ignore artifacts:
+dist
@@ -0,0 +1,12 @@
+{
+    "tabWidth": 4,
+    "useTabs": false,
+    "overrides": [
+        {
+            "files": ["*.yml", "*.yaml", "*.md"],
+            "options": {
+                "tabWidth": 2
+            }
+        }
+    ]
+}
@@ -0,0 +1,3 @@
+# The Rust Code of Conduct
+
+The Code of Conduct for this repository [can be found online](https://www.rust-lang.org/conduct.html).
@@ -0,0 +1,111 @@
+# Contributing
+
+Thank you for your interest in contributing to `crates-io-auth-action`!
+
+For non-trivial contributions, please open an issue first to discuss your
+proposed changes before submitting a pull request.
+
+This action is primarily maintained by the Rust Infrastructure Team.
+To chat with us, open a topic in the
+[t-infra Zulip channel](https://rust-lang.zulipchat.com/#narrow/channel/242791-t-infra).
+
+## Running the action
+
+You can't run this action locally as it requires a GitHub environment.
+
+## Install node dependencies
+
+To install node dependencies, run:
+
+```sh
+npm install
+```
+
+### Packaging
+
+The action code is located in `src/`.
+After editing the code, run the following command to
+compile the TypeScript code and its dependencies into a single file
+in the `dist/` directory:
+
+```sh
+npm run package
+```
+
+This approach is inspired by the [typescript-action](https://github.com/actions/typescript-action)
+repository and avoids committing the `node_modules` directory to the repository.
+
+To keep these files from displaying in diffs by default or counting toward the repository language,
+we added the `dist/` directory to the [`.gitattributes`](.gitattributes) file with the
+`linguist-generated=true` attribute.
+You can learn more about this in the
+[GitHub docs](https://docs.github.com/en/repositories/working-with-files/managing-files/customizing-how-changed-files-appear-on-github).
+
+### Formatting
+
+We use [Prettier](https://prettier.io/) to format TypeScript, Markdown, and YAML files.
+To format all files, run:
+
+```sh
+npx prettier --write .
+```
+
+### Linting
+
+We use [ESLint](https://eslint.org/) for linting TypeScript files.
+
+To check for linting errors, run:
+
+```sh
+npx eslint
+```
+
+### Testing
+
+There are two types of tests running in [ci.yml](.github/workflows/ci.yml):
+
+- `action-test`: Tests the action directly by running it against a mock server.
+  You can't run this job locally as it requires a GitHub environment.
+- `test`: Tests the JavaScript code by emulating a GitHub environment through
+  environment variables and mocking the `@actions/core` library.
+  To run these tests locally, run:
+
+  ```sh
+  npm run test
+  ```
+
+## Crates.io Documentation
+
+To view the Crates.io OpenAPI documentation,
+copy and paste `https://crates.io/api/openapi.json`
+into the [Swagger](https://petstore.swagger.io/) bar at the top of the page.
+
+## GitHub Documentation
+
+Here are some useful links to the GitHub documentation:
+
+- [Creating a JavaScript action](https://docs.github.com/en/actions/sharing-automations/creating-actions/creating-a-javascript-action)
+- [OpenID Connect](https://docs.github.com/en/actions/security-for-github-actions/security-hardening-your-deployments/about-security-hardening-with-openid-connect)
+
+## FAQ
+
+### Why TypeScript?
+
+There are 3 types of GitHub Actions:
+
+1. **Docker Actions**: Slower than other types because they require pulling a Docker image.
+2. **Composite Actions**: Don't support [runs.post] for job cleanup after the action runs.
+   We need this feature to revoke the token after job completion.
+3. **JavaScript Actions**:
+   - Faster than Docker Actions (no Docker image required).
+   - Support [runs.post] for job cleanup, so that we can revoke the token.
+   - Include GitHub's `@actions/core` library for easy output handling and error management.
+
+We chose a JavaScript Action for these benefits and use TypeScript for type safety.
+
+[runs.post]: https://docs.github.com/en/actions/sharing-automations/creating-actions/metadata-syntax-for-github-actions#runspost
+
+### Why Node 20?
+
+We use Node 20 because it's the latest Node version supported by GitHub Actions.
+The Node version used by this action is specified in the `action.yml` file.
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+# The Rust Code of Conduct`
	`2`	`+`
	`3`	`+The Code of Conduct for this repository [can be found online](https://www.rust-lang.org/conduct.html).`