Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Configure RubyGems Trusted Publishing #815

Open
wants to merge 1 commit into
base: maint-3.2
Choose a base branch
from
Open

Configure RubyGems Trusted Publishing #815

wants to merge 1 commit into from
+51 −0

Conversation

rhenium
Copy link
Member

@rhenium rhenium commented Nov 12, 2024

Added .github/workflows/push_gem.yml based on that of net-imap and psych.

If nothing goes wrong, pushing a tag named v* should publish openssl-.gem and openssl--java.gem to rubygems.org, and create a draft GitHub release.

See also: ruby/net-imap#265

This is not tested yet.

@hsbt
Copy link
Member

hsbt commented Nov 12, 2024

@rhenium Should I prepare @matzbot credential for GitHub releases?

@rhenium
Copy link
Member Author

rhenium commented Nov 12, 2024

@rhenium Should I prepare @matzbot credential for GitHub releases?

Actually, I didn't understand that part while looking at the workflow in psych, webrick, etc. Isn't the default secrets.GITHUB_TOKEN token supposed to be able to create a GitHub release?

@hsbt
Copy link
Member

hsbt commented Nov 12, 2024

I also not sure about secrets.GITHUB_TOKEN with release workflow. It may resolve you or account who invoke git push --tag.

BTW, I prepared to use secrets.MATZBOT_GITHUB_WORKFLOW_TOKEN in this repository. You can use that.

@segiddins
Copy link
Contributor

No special token should be needed, please use secrets.GITHUB_TOKEN, a PAT won't work for getting an id token from GitHub actions

@rhenium
Copy link
Member Author

rhenium commented Nov 13, 2024

ruby/net-imap and ruby/net-ftp use secrets.GITHUB_TOKEN for it and have published several releases already, so I'll give it a try.

https://github.com/ruby/net-imap/blob/3094fcc0520ad2b53e0d619830d816a683847207/.github/workflows/push_gem.yml
https://github.com/ruby/net-ftp/blob/cd19a243b1a742a05d0d4608bf9bee36c1e8f1d1/.github/workflows/push_gem.yml

@rhenium
Configure RubyGems Trusted Publishing
70377d3 
Added .github/workflows/push_gem.yml based on that of net-imap and
psych.

If nothing goes wrong, pushing a tag named v* should publish
openssl-*.gem and openssl-*-java.gem to rubygems.org, and create a
draft GitHub release.
@rhenium rhenium force-pushed the ky/use-rubygems-trusted-publishing branch from ed1c84b to 70377d3 Compare November 13, 2024 08:02
@rhenium rhenium changed the base branch from master to maint-3.2 November 13, 2024 08:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rhenium @hsbt @segiddins