Add CI workflow to release gems via Trusted Publishing#3015
Open
soutaro wants to merge 1 commit into
Open
Conversation
Introduce `.github/workflows/release-gems.yml`, a manually-triggered (workflow_dispatch) release workflow for the `rbs` gem on `master`. It builds both platform gems (the default `ruby` C-extension gem and the `java`/JRuby gem assembled from the WebAssembly parser + Chicory jars) before pushing either, verifies that `lib/rbs/version.rb` matches the operator-supplied `expected_version`, refuses to run if the tag already exists, and supports a `dry_run` mode that builds and verifies without publishing. Gems are pushed using RubyGems Trusted Publishing (OIDC) so no long-lived API token is stored. On a real run it also pushes the `vX.Y.Z` git tag. Maintenance releases (e.g. 4.0.x from `aaa-4.0.x`) intentionally stay manual via `rake release`. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01FerVMqvEagsGmDSRv7Ecz3
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why
The
rbsgem currently ships two platform variants — the defaultrubygem (C extension) and thejava/JRuby gem (bundling the WebAssembly parser + Chicory jars).rake releaseonly handles the former, so thejavagem must be built and pushed by hand. That manual step (plus version typos and releasing from a local environment) is exactly where release mistakes happen.This adds a CI release workflow so publishing is reproducible and hard to get wrong.
What
New
.github/workflows/release-gems.yml, triggered manually viaworkflow_dispatch:master; the version is read fromlib/rbs/version.rb(single source of truth — no free-form version input to mistype).expected_versioninput — you type the version you intend to ship; CI fails if it doesn't matchlib/rbs/version.rb. Guards against running on the wrong commit.dry_runinput (defaulttrue) — builds and verifies both gems but does not push. Lets you rehearse safely; flip tofalsefor the real release.vX.Y.Ztag already exists.rubygems/configure-rubygems-credentials— no long-lived RubyGems API token stored as a secret.vX.Y.Zgit tag.The name is
release-gems.yml(plural) to leave room for a separate crates.io release workflow later.Scope: master only
Maintenance releases (e.g. 4.0.x cut from
aaa-4.0.x) intentionally stay manual viarake release. They're infrequent, and keeping this workflow onmasteronly avoids having to backport the workflow file to each maintenance branch (aworkflow_dispatchrun uses the workflow definition from the selected branch).Configure a Trusted Publisher for the
rbsgem on RubyGems.org:rbsrubyrbsrelease-gems.ymlUntil that's set up, use
dry_run: true(which never touches RubyGems).Notes / possible follow-ups
rake release:note, built fromCHANGELOG.md) is not included here yet; it can be wired in as a follow-up if desired.wasm.yml/jruby.yml(33.0).🤖 Generated with Claude Code
Generated by Claude Code