Refactor/crates publish pipeline

.github/scripts/publish-crate.sh

@@ -0,0 +1,34 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+CRATE="${1:-}"
+
+if [ -z "$CRATE" ]; then
+  echo "❌ Missing crate name argument"
+  exit 1
+fi
+
+echo "Preparing publish check for $CRATE"
+
+set +e
+DRY_RUN_OUTPUT=$(cargo publish --dry-run -p "$CRATE" 2>&1)
+DRY_RUN_EXIT=$?
+set -e
+
+if [ $DRY_RUN_EXIT -ne 0 ]; then
+  if echo "$DRY_RUN_OUTPUT" | grep -q "already exists on crates.io index"; then
+    echo "⚠️  Crate version already exists. Skipping publish."
+    exit 0
+  fi
+
+  echo "❌ Dry-run failed:"
+  echo "$DRY_RUN_OUTPUT"
+  exit $DRY_RUN_EXIT
+fi
+
+echo "Dry-run successful. Publishing $CRATE..."
+
+cargo publish -p "$CRATE"
+
+echo "⏳ Waiting for registry index propagation"
+sleep 20

.github/workflows/publish.yml

@@ -13,52 +13,52 @@ on:
     types: [created]
 
 jobs:
-  publish:
-    name: Publish / ${{ matrix.crate }}
+  publish-foundation:
+    name: Publish foundation / ${{ matrix.crate }}
     runs-on: ubuntu-latest
     environment: ${{ github.event.inputs.deploy_environment || 'pre-prod' }}
     env:
       CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }}
 
+    strategy:
+      fail-fast: false
+      max-parallel: 2
+      matrix:
+        crate:
+          - authkestra-core
+          - authkestra-macros
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Install Rust
+        uses: dtolnay/rust-toolchain@stable
+
+      - name: Publish crate
+        run: bash .github/scripts/publish-crate.sh "${{ matrix.crate }}"
+
+  publish-core:
+    name: Publish core / ${{ matrix.crate }}
+    runs-on: ubuntu-latest
+    needs: publish-foundation
+    environment: ${{ github.event.inputs.deploy_environment || 'pre-prod' }}
+    env:
+      CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }}
+
     strategy:
       fail-fast: false
       max-parallel: 4
       matrix:
-        phase: [foundation, core, frameworks, root]
-        include:
-          # foundation layer
-          - phase: foundation
-            crate: authkestra-core
-          - phase: foundation
-            crate: authkestra-macros
-
-          # core dependents
-          - phase: core
-            crate: authkestra-token
-          - phase: core
-            crate: authkestra-session
-          - phase: core
-            crate: authkestra-guard
-          - phase: core
-            crate: authkestra-flow
-          - phase: core
-            crate: authkestra-providers-github
-          - phase: core
-            crate: authkestra-providers-google
-          - phase: core
-            crate: authkestra-providers-discord
-          - phase: core
-            crate: authkestra-oidc
-
-          # framework adapters
-          - phase: frameworks
-            crate: authkestra-axum
-          - phase: frameworks
-            crate: authkestra-actix
-
-          # final crate
-          - phase: root
-            crate: authkestra
+        crate:
+          - authkestra-token
+          - authkestra-session
+          - authkestra-guard
+          - authkestra-flow
+          - authkestra-providers-github
+          - authkestra-providers-google
+          - authkestra-providers-discord
+          - authkestra-oidc
 
     steps:
       - name: Checkout repository
@@ -68,37 +68,55 @@ jobs:
         uses: dtolnay/rust-toolchain@stable
 
       - name: Publish crate
-        run: |
-          CRATE="${{ matrix.crate }}"
+        run: bash .github/scripts/publish-crate.sh "${{ matrix.crate }}"
 
-          echo "Publishing $CRATE"
+  publish-frameworks:
+    name: Publish frameworks / ${{ matrix.crate }}
+    runs-on: ubuntu-latest
+    needs: publish-core
+    environment: ${{ github.event.inputs.deploy_environment || 'pre-prod' }}
+    env:
+      CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }}
 
-          VERSION=$(cargo metadata --no-deps --format-version=1 \
-            | jq -r ".packages[] | select(.name==\"$CRATE\") | .version")
+    strategy:
+      fail-fast: false
+      max-parallel: 2
+      matrix:
+        crate:
+          - authkestra-axum
+          - authkestra-actix
 
-          if [ -z "$VERSION" ]; then
-            echo "❌ Failed to determine version for $CRATE"
-            exit 1
-          fi
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
 
-          echo "Detected version: $VERSION"
+      - name: Install Rust
+        uses: dtolnay/rust-toolchain@stable
+
+      - name: Publish crate
+        run: bash .github/scripts/publish-crate.sh "${{ matrix.crate }}"
 
-          # Check if crate exists in registry
-          SEARCH_RESULT=$(cargo search "$CRATE" --limit 1 || true)
+  publish-root:
+    name: Publish root / ${{ matrix.crate }}
+    runs-on: ubuntu-latest
+    needs: publish-frameworks
+    environment: ${{ github.event.inputs.deploy_environment || 'pre-prod' }}
+    env:
+      CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }}
 
-          if echo "$SEARCH_RESULT" | grep -q "^$CRATE ="; then
-            # Extract published version
-            PUBLISHED_VERSION=$(echo "$SEARCH_RESULT" \
-              | grep "^$CRATE =" \
-              | sed -E 's/^.*"([^"]+)".*/\1/')
+    strategy:
+      fail-fast: false
+      max-parallel: 1
+      matrix:
+        crate:
+          - authkestra
 
-            if [ "$PUBLISHED_VERSION" = "$VERSION" ]; then
-              echo "⚠️  $CRATE $VERSION already exists on crates.io. Skipping."
-              exit 0
-            fi
-          fi
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
 
-          cargo publish -p "$CRATE"
+      - name: Install Rust
+        uses: dtolnay/rust-toolchain@stable
 
-          echo "⏳ Waiting for index propagation"
-          sleep 20
+      - name: Publish crate
+        run: bash .github/scripts/publish-crate.sh "${{ matrix.crate }}"