diff --git a/.github/workflows/rubygems-rake.yaml b/.github/workflows/rubygems-rake.yaml new file mode 100644 index 0000000..475a390 --- /dev/null +++ b/.github/workflows/rubygems-rake.yaml @@ -0,0 +1,67 @@ +name: Release + +on: + workflow_call: + inputs: + environment: + description: "GitHub environment for the workflow" + type: string + default: "rubygems" + +permissions: + # for uploading artifacts to GitHub release + contents: write + + # for trusted publishing and attest-build-provenance + id-token: write + + # for attest-build-provenance + attestations: write + +jobs: + release: + runs-on: ubuntu-latest + environment: ${{ inputs.environment }} + + steps: + - name: 📥 Checkout Repository + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false + - name: 🏗️ Set up Ruby + uses: ruby/setup-ruby@2a18b06812b0e15bb916e1df298d3e740422c47e # v1.203.0 + with: + bundler-cache: true + + - name: 🔄 Sync version file + run: | + version="${GH_VERSION#v}" + if ! ruby -e "require 'rubygems'; Gem::Version.new('$version')"; then + echo "Error: Invalid version string '$version'" + exit 1 + fi + sed -i "s/VERSION = '.*'/VERSION = '${version}'/" lib/version.rb + + git update-index --skip-worktree lib/version.rb + env: + GH_VERSION: ${{ github.event.release.tag_name }} + + - name: 🚀 Publish to rubygems + uses: rubygems/release-gem@9e85cb11501bebc2ae661c1500176316d3987059 # v1.1.0 + + - name: 🗑️ Clean signable artifacts + run: rm pkg/*.sigstore.json + + - name: 🔐 Generate Build Provenance + uses: actions/attest-build-provenance@7668571508540a607bdfd90a87a560489fe372eb # v2.1.0 + with: + subject-path: "pkg/*" + + - name: 📥 Upload to GitHub + run: | + for file in pkg/*; do + gh release upload "${GH_VERSION}" "$file" + done + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GH_VERSION: ${{ github.event.release.tag_name }}