1- ---
2- name : Push Gem
1+ name : Push gem to RubyGems
32
4- " on "
3+ on :
54 push :
65 tags :
7- - v*
6+ - " v*"
7+
8+ permissions :
9+ contents : read
810
911jobs :
1012 push :
13+ if : github.repository == 'httprb/http'
1114 runs-on : ubuntu-latest
12-
15+ environment :
16+ name : rubygems.org
17+ url : https://rubygems.org/gems/http
1318 permissions :
1419 contents : write
1520 id-token : write
@@ -26,38 +31,32 @@ jobs:
2631 BUNDLE_WITHOUT : sig
2732
2833 steps :
29- - uses : rubygems/configure-rubygems-credentials@main
30- with :
31- role-to-assume : rg_oidc_akr_j4j75yxftmnzz97q1cvd
32-
33- - uses : actions/checkout@v6
34-
35- - name : Set up Ruby
36- uses : ruby/setup-ruby@v1
34+ - uses : actions/checkout@v4
35+ - uses : ruby/setup-ruby@v1
3736 with :
38- bundler-cache : true
3937 ruby-version : ${{ matrix.ruby }}
40-
38+ bundler-cache : true
39+ - uses : rubygems/configure-rubygems-credentials@v1.0.0
40+ - name : Update RubyGems
41+ run : gem update --system
4142 - name : Build gem
4243 run : gem build http.gemspec
4344 env :
4445 HTTP_PLATFORM : ${{ matrix.platform }}
45-
46+ - name : Sign gem with Sigstore
47+ run : |
48+ for gem in http-*.gem; do
49+ gem exec sigstore-cli sign "$gem" --bundle "${gem%.gem}.gem.sigstore.json"
50+ done
4651name : Push gem
47- run : gem push http-*.gem
48-
49- - name : Wait for release to propagate
5052 run : |
51- gem install rubygems-await
52- gem_tuple="$(ruby -rbundler/setup -rbundler -e '
53- spec = Bundler.definition.specs.find {|s| s.name == ARGV[0] }
54- raise "No spec for #{ARGV[0]}" unless spec
55- print [spec.name, spec.version, spec.platform].join(":")
56- ' "http")"
57- gem await "${gem_tuple}"
53+ for gem in http-*.gem; do
54+ gem push "$gem" --attestation "${gem%.gem}.gem.sigstore.json"
55+ done
56+ name : Wait for release
57+ run : gem exec rubygems-await http-*.gem
5858 env :
5959 HTTP_PLATFORM : ${{ matrix.platform }}
60-
6160 - name : Create GitHub release
6261 if : matrix.ruby == 'ruby'
6362 run : |
0 commit comments