Skip to content

Workflow: Cargo Ecosystem ​

Updated Mar 2026

Overview ​

Cargo is Rust's build system and package manager. This workflow covers project management, dependency handling, workspaces, feature flags, and the publishing pipeline.

Cargo Workflow ​

Cargo.toml Deep Dive ​

toml
[package]
name = "my_project"
version = "0.1.0"
edition = "2021"
rust-version = "1.75"
authors = ["Your Name <you@example.com>"]
description = "A short description"
license = "MIT OR Apache-2.0"
repository = "https://github.com/you/project"
keywords = ["cli", "tool"]
categories = ["command-line-utilities"]

[dependencies]
# Crates.io dependency
serde = { version = "1.0", features = ["derive"] }

# Git dependency
my_crate = { git = "https://github.com/user/repo", branch = "main" }

# Path dependency (local)
shared = { path = "../shared" }

# Optional dependency (for feature flags)
fancy_output = { version = "0.5", optional = true }

[dev-dependencies]
pretty_assertions = "1"
criterion = { version = "0.5", features = ["html_reports"] }

[build-dependencies]
cc = "1"

[features]
default = ["fancy"]
fancy = ["dep:fancy_output"]
full = ["fancy", "serde/rc"]

[profile.release]
opt-level = 3
lto = true
strip = true
codegen-units = 1
panic = "abort"

[profile.dev]
opt-level = 0
debug = true

[[bench]]
name = "my_benchmark"
harness = false

Dependency Management ​

bash
# Add a dependency
cargo add serde --features derive
cargo add tokio -F full

# Add dev dependency
cargo add --dev pretty_assertions

# Add build dependency
cargo add --build cc

# Remove dependency
cargo remove serde

# Update dependencies
cargo update              # Update all within semver ranges
cargo update serde        # Update specific crate

# Check for outdated dependencies
cargo install cargo-outdated
cargo outdated

# Audit for vulnerabilities
cargo install cargo-audit
cargo audit

Version Syntax ​

SyntaxMeaningExample
"1.0">=1.0.0, <2.0.0Compatible updates
"=1.0.5"Exactly 1.0.5Pin exact version
">=1.0, <1.5"RangeCustom range
"~1.0.4">=1.0.4, <1.1.0Patch updates only
"*"Any versionNot recommended

Workspaces ​

toml
# Root Cargo.toml
[workspace]
members = [
    "crates/core",
    "crates/api",
    "crates/cli",
]
resolver = "2"

# Shared dependencies — declare once, use everywhere
[workspace.dependencies]
serde = { version = "1", features = ["derive"] }
tokio = { version = "1", features = ["full"] }
anyhow = "1"

[workspace.package]
version = "0.1.0"
edition = "2021"
license = "MIT"
toml
# crates/core/Cargo.toml
[package]
name = "my-core"
version.workspace = true
edition.workspace = true

[dependencies]
serde = { workspace = true }
bash
# Build specific crate
cargo build -p my-core

# Run specific binary
cargo run -p my-cli

# Test all crates
cargo test --workspace

# Test specific crate
cargo test -p my-core

Feature Flags ​

rust
// Conditional compilation based on features
#[cfg(feature = "fancy")]
fn render_fancy() {
    println!("Fancy rendering enabled!");
}

#[cfg(not(feature = "fancy"))]
fn render_fancy() {
    println!("Basic rendering.");
}

// Conditional dependency usage
#[cfg(feature = "serde")]
use serde::{Serialize, Deserialize};

#[cfg_attr(feature = "serde", derive(Serialize, Deserialize))]
struct Config {
    name: String,
    value: i32,
}
bash
# Build with specific features
cargo build --features "fancy,serde"

# Build without default features
cargo build --no-default-features

# Build with all features
cargo build --all-features

Build Scripts ​

rust
// build.rs — runs BEFORE compilation
fn main() {
    // Tell Cargo to rerun if file changes
    println!("cargo:rerun-if-changed=src/native/helper.c");

    // Set environment variable for code
    println!("cargo:rustc-env=BUILD_TIME={}", chrono::Utc::now());

    // Link a system library
    println!("cargo:rustc-link-lib=ssl");

    // Compile C code
    cc::Build::new()
        .file("src/native/helper.c")
        .compile("helper");
}

Publishing to crates.io ​

bash
# Login (one time)
cargo login your-api-token

# Verify package
cargo package --list      # See what will be included
cargo package              # Create .crate file locally

# Dry run
cargo publish --dry-run

# Publish
cargo publish

# Yank a version (prevent new downloads)
cargo yank --version 0.1.0

Essential Cargo Plugins ​

bash
# Install useful plugins
cargo install cargo-watch    # Auto-rebuild on save
cargo install cargo-expand   # Expand macros
cargo install cargo-bloat    # Analyze binary size
cargo install cargo-flamegraph  # Performance profiling
cargo install cargo-deny     # License and vulnerability checking

# Usage
cargo watch -x check        # Re-check on file save
cargo expand                 # Show macro expansions
cargo bloat --release        # See what's making the binary big
cargo flamegraph             # Generate flamegraph
cargo deny check             # Check licenses and advisories

Cargo.lock Strategy ​

Project TypeCommit Cargo.lock?Why
Binary / ApplicationYesReproducible builds
LibraryNo (.gitignore it)Let consumers resolve versions
WorkspaceYesShared lock for all members

Built with VitePress | Rust SOP Documentation