Skip to content

Commit a5184c6

Browse files
committed
Add README with template setup and workflow documentation
1 parent de6226d commit a5184c6

1 file changed

Lines changed: 102 additions & 0 deletions

File tree

README.md

Lines changed: 102 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,102 @@
1+
# rust-template
2+
3+
GitHub template repository for new Rust projects. Provides CI, dependabot,
4+
release tagging and three publish workflows out of the box.
5+
6+
## Use it
7+
8+
1. Click "Use this template" -> "Create a new repository" on GitHub.
9+
2. Rename the package in `Cargo.toml` and update the binary path in `Dockerfile`
10+
(the `target/release/rust-template` line).
11+
3. Add the secrets listed in [Secrets](#secrets).
12+
4. Push to `master`. The first `sync-dependencies` run creates the
13+
`dependencies` branch.
14+
15+
## Branches
16+
17+
| Branch | Role |
18+
|----------------|------------------------------------------------------------------|
19+
| `master` | Main line. Protected by required PR. |
20+
| `dependencies` | Receives dependabot PRs and accumulates updates. |
21+
| `deps-sync` | Throwaway branch for resolving `master` -> `dependencies` conflicts. |
22+
23+
Dependabot opens PRs into `dependencies`, not `master`, so dependency churn
24+
stays out of the main line until a human merges it.
25+
26+
`sync-dependencies.yml` runs on each push to `master` and fast-forwards
27+
`dependencies` when possible. On conflict it force-pushes a fresh snapshot of
28+
`master` to `deps-sync` and opens (or reuses) a PR `deps-sync -> dependencies`
29+
for manual conflict resolution.
30+
31+
## Workflows
32+
33+
| File | Trigger | Purpose |
34+
|-------------------------------------|------------------------------------|---------------------------------------------------------------|
35+
| `ci.yml` | push/PR on master, manual | fmt, clippy, test matrix (rust x distro), release build |
36+
| `ci-deps.yml` | push/PR on dependencies, deps-sync | cargo check + cargo test |
37+
| `sync-dependencies.yml` | push on master, manual | sync `master` into `dependencies` |
38+
| `bump-and-release.yml` | manual | bump version, tag, optional GitHub Release |
39+
| `publish-crates.yml` | manual on a tag | publish to crates.io |
40+
| `publish-docker-hub.yml` | manual on a tag | build and push image to Docker Hub, multi-arch |
41+
| `publish-ghcr.yml` | manual on a tag | build and push image to ghcr.io, multi-arch |
42+
43+
Commit-message or PR-title marker `[skip-CI]` skips `ci.yml` and `ci-deps.yml`.
44+
45+
### Test matrix
46+
47+
`ci.yml` runs `cargo test --all-features` across:
48+
49+
- rust: `stable`, `beta`
50+
- env: `ubuntu-latest`, `debian:12`, `archlinux:latest`, `rust:1-alpine`
51+
52+
8 jobs total, `fail-fast: false`. Distros run via `container:`.
53+
54+
### Bump and release
55+
56+
Manual trigger from any branch (selected via "Use workflow from"). Inputs:
57+
58+
| Input | Type | Default | Effect |
59+
|-----------------|---------|---------|---------------------------------------------------------|
60+
| `version` | choice | patch | bump level: patch / minor / major |
61+
| `beta` | boolean | false | append `-beta.N` suffix; N is auto-incremented per base |
62+
| `force_release` | boolean | false | create GitHub Release even for a beta tag |
63+
| `commit_note` | string | "" | optional text appended to the bump commit message |
64+
65+
The job updates `Cargo.toml`, commits, tags `vX.Y.Z[-beta.N]`, pushes to the
66+
selected branch. A second job creates a GitHub Release unless the tag is beta
67+
and `force_release` is false. Beta releases are marked `--prerelease`.
68+
69+
### Publish
70+
71+
Each publish workflow is triggered manually with "Use workflow from:
72+
tags/vX.Y.Z". A guard rejects runs from a branch. Docker tags are derived from
73+
the tag name; `latest` is set only for non-beta tags.
74+
75+
## Dependabot
76+
77+
Two ecosystems, both targeting `dependencies`:
78+
79+
- `cargo` - weekly, max 5 open PRs, minor+patch grouped, major opens its own PR
80+
- `github-actions` - weekly, max 5 open PRs, same grouping
81+
82+
## Secrets
83+
84+
Add these in repository settings before using the relevant workflow:
85+
86+
| Secret | Used by | Notes |
87+
|------------------------|--------------------------|------------------------------------------------------------------------------|
88+
| `RELEASE_TOKEN` | bump, sync, release | PAT with `contents: write`, `pull-requests: write`. Required so tag pushes trigger downstream workflows; the default `GITHUB_TOKEN` does not. |
89+
| `CARGO_REGISTRY_TOKEN` | publish-crates | crates.io API token |
90+
| `DOCKERHUB_USERNAME` | publish-docker-hub | Docker Hub login |
91+
| `DOCKERHUB_TOKEN` | publish-docker-hub | Docker Hub access token |
92+
93+
GHCR uses the built-in `GITHUB_TOKEN` with `packages: write`. No extra secret.
94+
95+
## Dockerfile
96+
97+
Minimal alpine multi-stage. The binary path in the runtime stage is
98+
`target/release/rust-template`. Rename it together with the package name in
99+
`Cargo.toml`, otherwise the `COPY --from=builder` step fails.
100+
101+
Crates with C dependencies under musl need extra apk packages in the builder
102+
stage (for example `openssl-dev pkgconfig`).

0 commit comments

Comments
 (0)