Create gem-push.yml workflow #44
Conversation
Initial workflow for pushing to rubygems.
.github/workflows/gem-push.yml
Outdated
| # push: | ||
| # branches: [ master ] | ||
| # run manually for now | ||
| workflow_dispatch: |
There was a problem hiding this comment.
Eventually, could we have this linked to creating on publishing a new release?
https://docs.github.com/en/actions/reference/events-that-trigger-workflows#release
Out of curiosity, how can we run actions manually? I've only had experience with automatically triggered ones.
There was a problem hiding this comment.
Changed to be run after a published release.
Before, to run it manually, we'd have to go to the "Actions" tab, select the workflow, and click "Run Manually". I wanted to have this for testing, but I think it's straightforward enough to just try a release.
.github/workflows/gem-push.yml
Outdated
| env: | ||
| GEM_HOST_API_KEY: "${{secrets.RUBYGEMS_AUTH_TOKEN}}" |
There was a problem hiding this comment.
Nitpicking, but could we add the env line above the run? I find it slightly easier to read the GEM_HOST_API_KEY being set, then how it's used.
| permissions: | ||
| contents: read |
There was a problem hiding this comment.
Not a required change, but I believe @npaufler set the default Actions permission to read, so I think we get read by default.
| mkdir -p $HOME/.gem | ||
| touch $HOME/.gem/credentials | ||
| chmod 0600 $HOME/.gem/credentials | ||
| printf -- "---\n:rubygems_api_key: ${GEM_HOST_API_KEY}\n" > $HOME/.gem/credentials |
There was a problem hiding this comment.
Will this log the token to the Action's artifacts (where it can be viewed by any contributor)? If so, can it be used maliciously?
There was a problem hiding this comment.
Its a push only API token and you can't replace an existing gem version in rubygems.org. This should not end up in artifacts from what I understand. This is literally the supplied code from GitHub for implementing this action.
There was a problem hiding this comment.
The above line puts the credentials in a file, it won't be logged/printed anywhere.
There was a problem hiding this comment.
Ah! Thanks for the explanation! That was the piece I was missing.
Address PR comments
Update to run workflow after a release has been published.
alecclarke
left a comment
alecclarke
left a comment
There was a problem hiding this comment.
Thank you for adding this in! It will make working on our public gems much easier ❤️
Initial workflow for pushing to rubygems.
This creates a workflow that is triggered after a release is published on github. It uses a token created specifically for github actions to be able to push a gem to rubygems.org.