GitHub releases
Ship the artifact as a GitHub release asset. No Hub account needed.
If your rig lives in a public GitHub repo, you can distribute it via GitHub
releases. Users install with github:user/repo.
Publish
This isn't automated by rig hub publish (yet). The workflow is manual:
rig pack
gh release create v0.1.0 ./dist/my-rig-0.1.0.rig.tgz \
--title "v0.1.0" \
--notes "First release"Or use the GitHub UI: create a release, attach the .rig.tgz file.
What rig use does
rig hub use github:you/your-rig
rig hub use github:you/your-rig@v1.2.0The CLI hits GitHub's releases API, picks the latest release (or the named
tag), and downloads the first .rig.tgz asset attached. There must be exactly
one .rig.tgz per release.
Tags and versions
The release tag (e.g. v1.2.0) is what @version refers to. Your
[rig].version in the manifest should match the
tag without the v prefix:
| Release tag | rig.toml version | rig use spec |
|---|---|---|
v0.1.0 | 0.1.0 | github:you/repo@v0.1.0 |
1.2.3 | 1.2.3 | github:you/repo@1.2.3 |
Mismatches are allowed but confusing. Pick one convention.
Private repos
rig hub use github: does not currently support authentication. Only public
GitHub releases work. For private distribution, use a local registry.
CI: publish on tag push
Typical GitHub Actions workflow:
name: release
on:
push:
tags: ['v*']
jobs:
release:
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with: { node-version: '20' }
- run: npm install -g @rigxyz/cli
- run: rig pack
- run: |
gh release create "${{ github.ref_name }}" \
./dist/*.rig.tgz \
--generate-notes
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}Trust
rig hub use github: does not verify a SHA-256 (there's no canonical hash
source from GitHub). The artifact is trusted because GitHub serves it. If
you need verified integrity, publish to the Hub or a
local registry.