Upgrade to cargo-dist v0.18.0 (#4792)

## Summary

This enables us to get rid of `allow-dirty`!

.github/workflows/release.yml

@@ -12,9 +12,8 @@
 # title/body based on your changelogs.
 
 name: Release
-
 permissions:
-  contents: write
+  "contents": "write"
 
 # This task will run whenever you workflow_dispatch with a tag that looks like a version
 # like "1.0.0", "v0.1.0-prerelease.1", "my-app/0.1.0", "releases/v1.0.0", etc.
@@ -65,7 +64,7 @@ jobs:
         # we specify bash to get pipefail; it guards against the `curl` command
         # failing. otherwise `sh` won't catch that `curl` returned non-0
         shell: bash
-        run: "curl --proto '=https' --tlsv1.2 -LsSf https://github.com/axodotdev/cargo-dist/releases/download/v0.17.0/cargo-dist-installer.sh | sh"
+        run: "curl --proto '=https' --tlsv1.2 -LsSf https://github.com/axodotdev/cargo-dist/releases/download/v0.18.0/cargo-dist-installer.sh | sh"
       - name: Cache cargo-dist
         uses: actions/upload-artifact@v4
         with:
@@ -106,8 +105,8 @@ jobs:
       plan: ${{ needs.plan.outputs.val }}
     secrets: inherit
     permissions:
-      packages: write
-      contents: read
+      "contents": "read"
+      "packages": "write"
 
   # Build and package all the platform-agnostic(ish) things
   build-global-artifacts:
@@ -212,8 +211,8 @@ jobs:
     secrets: inherit
     # publish jobs get escalated permissions
     permissions:
-      id-token: write
-      packages: write
+      "id-token": "write"
+      "packages": "write"
 
   # Create a GitHub Release while uploading all files to it
   announce:

Cargo.toml

@@ -212,7 +212,7 @@ lto = "thin"
 # Config for 'cargo dist'
 [workspace.metadata.dist]
 # The preferred cargo-dist version to use in CI (Cargo.toml SemVer syntax)
-cargo-dist-version = "0.17.0"
+cargo-dist-version = "0.18.0"
 # CI backends to support
 ci = ["github"]
 # The installers to generate for each app
@@ -242,13 +242,13 @@ targets = [
 ]
 # Whether to auto-include files like READMEs, LICENSEs, and CHANGELOGs (default true)
 auto-includes = false
-# Whether cargo-dist should create a Github Release or use an existing draft
+# Whether cargo-dist should create a GitHub Release or use an existing draft
 create-release = true
 # Publish jobs to run in CI
 pr-run-mode = "skip"
 # Whether CI should trigger releases with dispatches instead of tag pushes
 dispatch-releases = true
-# The stage during which the Github Release should be created
+# The stage during which the GitHub Release should be created
 github-release = "announce"
 # Whether CI should include auto-generated code to build local artifacts
 build-local-artifacts = false
@@ -256,7 +256,7 @@ build-local-artifacts = false
 local-artifacts-jobs = ["./build-binaries", "./build-docker"]
 # Publish jobs to run in CI
 publish-jobs = ["./publish-pypi"]
-# Skip checking whether the specified configuration files are up to date
-allow-dirty = ["ci"]
+# Custom permissions for GitHub Jobs
+github-custom-job-permissions = { "build-docker" = { packages = "write", contents = "read" } }
 # Whether to install an updater program
 install-updater = false