Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Configure RubyGems Trusted Publishing #815

Merged
merged 1 commit into from
Dec 18, 2024

Conversation

rhenium
Copy link
Member

@rhenium rhenium commented Nov 12, 2024

Added .github/workflows/push_gem.yml based on that of net-imap and psych.

If nothing goes wrong, pushing a tag named v* should publish openssl-.gem and openssl--java.gem to rubygems.org, and create a draft GitHub release.

See also: ruby/net-imap#265

This is not tested yet.

@hsbt
Copy link
Member

hsbt commented Nov 12, 2024

@rhenium Should I prepare @matzbot credential for GitHub releases?

@rhenium
Copy link
Member Author

rhenium commented Nov 12, 2024

@rhenium Should I prepare @matzbot credential for GitHub releases?

Actually, I didn't understand that part while looking at the workflow in psych, webrick, etc. Isn't the default secrets.GITHUB_TOKEN token supposed to be able to create a GitHub release?

@hsbt
Copy link
Member

hsbt commented Nov 12, 2024

I also not sure about secrets.GITHUB_TOKEN with release workflow. It may resolve you or account who invoke git push --tag.

BTW, I prepared to use secrets.MATZBOT_GITHUB_WORKFLOW_TOKEN in this repository. You can use that.

@segiddins
Copy link
Contributor

No special token should be needed, please use secrets.GITHUB_TOKEN, a PAT won't work for getting an id token from GitHub actions

@rhenium
Copy link
Member Author

rhenium commented Nov 13, 2024

ruby/net-imap and ruby/net-ftp use secrets.GITHUB_TOKEN for it and have published several releases already, so I'll give it a try.

https://github.com/ruby/net-imap/blob/3094fcc0520ad2b53e0d619830d816a683847207/.github/workflows/push_gem.yml
https://github.com/ruby/net-ftp/blob/cd19a243b1a742a05d0d4608bf9bee36c1e8f1d1/.github/workflows/push_gem.yml

@rhenium rhenium force-pushed the ky/use-rubygems-trusted-publishing branch from ed1c84b to 70377d3 Compare November 13, 2024 08:02
@rhenium rhenium changed the base branch from master to maint-3.2 November 13, 2024 08:02
@rhenium rhenium force-pushed the ky/use-rubygems-trusted-publishing branch 2 times, most recently from 86ce872 to 7194da6 Compare December 18, 2024 11:44
Added .github/workflows/push_gem.yml based on that of net-imap and
psych.

If nothing goes wrong, pushing a tag named v* should publish
openssl-*.gem and openssl-*-java.gem to rubygems.org, and create a
draft GitHub release.
@rhenium rhenium force-pushed the ky/use-rubygems-trusted-publishing branch from 7194da6 to 1269785 Compare December 18, 2024 11:51
@rhenium rhenium merged commit d484254 into ruby:maint-3.2 Dec 18, 2024
57 checks passed
@rhenium
Copy link
Member Author

rhenium commented Dec 18, 2024

v3.2.1 has been released to rubygems.org using this workflow: https://rubygems.org/gems/openssl/versions/3.2.1

The -java version failed for some reason. I manually built the stub gem and pushed it to rubygems.org.

https://github.com/ruby/openssl/actions/runs/12393510385/job/34594907881

@rhenium
Copy link
Member Author

rhenium commented Dec 18, 2024

The error with building -jruby version seems to be due to a bug fixed in jruby/jruby#8502 (to be included in JRuby 9.4.10.0).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

Successfully merging this pull request may close these issues.

3 participants