trustpub: Add database support for trustpub_only crate restriction

Turbo87 · Turbo87 · commit 97f4e8e64f60 · 2025-11-24T10:51:02.000+01:00
diff --git a/crates/crates_io_database/src/models/krate.rs b/crates/crates_io_database/src/models/krate.rs
@@ -37,6 +37,7 @@ pub struct Crate {
     pub repository: Option<String>,
     pub max_upload_size: Option<i32>,
     pub max_features: Option<i16>,
+    pub trustpub_only: bool,
 }
 
 /// We literally never want to select `textsearchable_index_col`
@@ -52,6 +53,7 @@ type AllColumns = (
     crates::repository,
     crates::max_upload_size,
     crates::max_features,
+    crates::trustpub_only,
 );
 
 pub const ALL_COLUMNS: AllColumns = (
@@ -65,6 +67,7 @@ pub const ALL_COLUMNS: AllColumns = (
     crates::repository,
     crates::max_upload_size,
     crates::max_features,
+    crates::trustpub_only,
 );
 
 pub const MAX_NAME_LENGTH: usize = 64;
diff --git a/crates/crates_io_database/src/schema.rs b/crates/crates_io_database/src/schema.rs
@@ -374,6 +374,8 @@ diesel::table! {
         ///
         /// (Automatically generated by Diesel.)
         textsearchable_index_col -> Tsvector,
+        /// When true, this crate can only be published via Trusted Publishing, not with API tokens
+        trustpub_only -> Bool,
         /// The `updated_at` column of the `crates` table.
         ///
         /// Its SQL type is `Timestamptz`.
diff --git a/crates/crates_io_database_dump/src/dump-db.toml b/crates/crates_io_database_dump/src/dump-db.toml
@@ -92,6 +92,7 @@ textsearchable_index_col = "private" # This Postgres specific and can be derived
 repository = "public"
 max_upload_size = "public"
 max_features = "public"
+trustpub_only = "public"
 
 [crates_categories]
 dependencies = ["categories", "crates"]
diff --git a/crates/crates_io_database_dump/src/snapshots/crates_io_database_dump__tests__sql_scripts@export.sql.snap b/crates/crates_io_database_dump/src/snapshots/crates_io_database_dump__tests__sql_scripts@export.sql.snap
@@ -6,7 +6,7 @@ BEGIN ISOLATION LEVEL REPEATABLE READ, READ ONLY;
 
     \copy "categories" ("category", "crates_cnt", "created_at", "description", "id", "path", "slug") TO 'data/categories.csv' WITH CSV HEADER
     \copy "crate_downloads" ("crate_id", "downloads") TO 'data/crate_downloads.csv' WITH CSV HEADER
-    \copy "crates" ("created_at", "description", "documentation", "homepage", "id", "max_features", "max_upload_size", "name", "readme", "repository", "updated_at") TO 'data/crates.csv' WITH CSV HEADER
+    \copy "crates" ("created_at", "description", "documentation", "homepage", "id", "max_features", "max_upload_size", "name", "readme", "repository", "trustpub_only", "updated_at") TO 'data/crates.csv' WITH CSV HEADER
     \copy "keywords" ("crates_cnt", "created_at", "id", "keyword") TO 'data/keywords.csv' WITH CSV HEADER
     \copy "metadata" ("total_downloads") TO 'data/metadata.csv' WITH CSV HEADER
     \copy "reserved_crate_names" ("name") TO 'data/reserved_crate_names.csv' WITH CSV HEADER
diff --git a/crates/crates_io_database_dump/src/snapshots/crates_io_database_dump__tests__sql_scripts@import.sql.snap b/crates/crates_io_database_dump/src/snapshots/crates_io_database_dump__tests__sql_scripts@import.sql.snap
@@ -50,7 +50,7 @@ BEGIN;
 
     \copy "categories" ("category", "crates_cnt", "created_at", "description", "id", "path", "slug") FROM 'data/categories.csv' WITH CSV HEADER
     \copy "crate_downloads" ("crate_id", "downloads") FROM 'data/crate_downloads.csv' WITH CSV HEADER
-    \copy "crates" ("created_at", "description", "documentation", "homepage", "id", "max_features", "max_upload_size", "name", "readme", "repository", "updated_at") FROM 'data/crates.csv' WITH CSV HEADER
+    \copy "crates" ("created_at", "description", "documentation", "homepage", "id", "max_features", "max_upload_size", "name", "readme", "repository", "trustpub_only", "updated_at") FROM 'data/crates.csv' WITH CSV HEADER
     \copy "keywords" ("crates_cnt", "created_at", "id", "keyword") FROM 'data/keywords.csv' WITH CSV HEADER
     \copy "metadata" ("total_downloads") FROM 'data/metadata.csv' WITH CSV HEADER
     \copy "reserved_crate_names" ("name") FROM 'data/reserved_crate_names.csv' WITH CSV HEADER
diff --git a/migrations/2025-11-19-091444-0000_add_trustpub_only_to_crates/down.sql b/migrations/2025-11-19-091444-0000_add_trustpub_only_to_crates/down.sql
@@ -0,0 +1 @@
+ALTER TABLE crates DROP COLUMN trustpub_only;
diff --git a/migrations/2025-11-19-091444-0000_add_trustpub_only_to_crates/up.sql b/migrations/2025-11-19-091444-0000_add_trustpub_only_to_crates/up.sql
@@ -0,0 +1,2 @@
+ALTER TABLE crates ADD COLUMN trustpub_only BOOLEAN NOT NULL DEFAULT FALSE;
+COMMENT ON COLUMN crates.trustpub_only IS 'When true, this crate can only be published via Trusted Publishing, not with API tokens';
diff --git a/src/controllers/trustpub/emails.rs b/src/controllers/trustpub/emails.rs
@@ -79,6 +79,7 @@ mod tests {
             repository: None,
             max_upload_size: None,
             max_features: None,
+            trustpub_only: false,
         }
     }
 

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+ALTER TABLE crates DROP COLUMN trustpub_only;`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+ALTER TABLE crates ADD COLUMN trustpub_only BOOLEAN NOT NULL DEFAULT FALSE;`
	`2`	`+COMMENT ON COLUMN crates.trustpub_only IS 'When true, this crate can only be published via Trusted Publishing, not with API tokens';`
Original file line number	Diff line number	Diff line change
`@@ -79,6 +79,7 @@ mod tests {`
`79`	`79`	`repository: None,`
`80`	`80`	`max_upload_size: None,`
`81`	`81`	`max_features: None,`
	`82`	`+ trustpub_only: false,`
`82`	`83`	`}`
`83`	`84`	`}`
`84`	`85`