Update release mechanism to use RubyGem Trusted OIDC flow

.github/workflows/freeagent-gem.yml

@@ -13,46 +13,31 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v2
-    - uses: ruby/setup-ruby@v1 # .ruby-version
-      with:
-        bundler-cache: true # bundle install
+      - uses: actions/checkout@v4
+      - uses: ruby/setup-ruby@v1
+        with:
+          bundler-cache: true # bundle install
 
-    - name: Test
-      run: bundle exec rake
+      - name: Test
+        run: bundle exec rake
 
   # Builds that pass testing above, will trigger a build and push of the new
   # gem version to the registry. If the version.rb has not been bumped since
   # the last release, the push will no-op.
   release:
-    needs:   tests
+    needs: tests
     runs-on: ubuntu-latest
 
-    steps:
-    - uses: fac/ruby-gem-setup-credentials-action@v2
-      with:
-        user: ""
-        key: rubygems
-        token: ${{ secrets.FAC_RUBYGEMS_KEY }}
-
-    # Build the gem package
-    - uses: actions/checkout@v2
-    - uses: ruby/setup-ruby@v1
-      with:
-        bundler-cache: true
-    - run: bundle exec rake build
+    permissions:
+      id-token: write # IMPORTANT: this permission is mandatory for trusted publishing
+      contents: write # IMPORTANT: this permission is required for `rake release` to push the release tag
 
-    # Release production gem version from default branch
-    - name: Release
-      if:   github.ref == 'refs/heads/master'
-      uses: fac/ruby-gem-push-action@v2
-      with:
-        key: rubygems
+    if: github.ref == 'refs/heads/master'
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ruby/setup-ruby@v1
+        with:
+          bundler-cache: true
 
-    # PR branch builds will release pre-release gems
-    - name: Pre-Release
-      if:   github.ref != 'refs/heads/master'
-      uses: fac/ruby-gem-push-action@v2
-      with:
-        key: rubygems
-        pre-release: true
+      # Release
+      - uses: rubygems/release-gem@v1