Allow token expiration time to be configurable

[Xuanwo]

Hi, thank you for building this. Trusted publishing is great, but the default token expiration time is too short for a large workspace to release.

Like our repo: https://github.com/lancedb/lance, we have many crates to release:

- uses: rust-lang/crates-io-auth-action@v1
  id: auth
- uses: albertlockett/publish-crates@v2.2
  with:
    registry-token: ${{ steps.auth.outputs.token }}
    args: "--all-features"
    path: .

And it's also impossible for us to fetch a new token per crate. Can we make the token expiration time longer? Or at least make it last as long as the job is running?

[marcoieni]

Hi! Thanks for opening this issue.
This is just the client for trusted publishing. Crates.io doesn't support setting a custom expiration time as far as I know. Can you open a corresponding issue in https://github.com/rust-lang/crates.io so that the crates-io team is aware of this and maybe can implement a solution? 🙏

[Xuanwo]

Hi! Thanks for opening this issue. This is just the client for trusted publishing. Crates.io doesn't support setting a custom expiration time as far as I know. Can you open a corresponding issue in https://github.com/rust-lang/crates.io so that the crates-io team is aware of this and maybe can implement a solution? 🙏

Thank you for the quick response! Can you help move this issue to crates.io? (if you have the permission)

[marcoieni]

I wanted to have two separate issues, one for the client and one for crates.io, so that:

• other users have visibility of this issue in this repo
• we remember to add this option if crates.io implements it

[Xuanwo]

That makes sense. I will create one on the crates.io side.

Tracked at rust-lang/crates.io#11711