Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Trusted publishing GitHub Action docs should specify environment if there is one #355

Closed
mschwager opened this issue Feb 2, 2024 · 4 comments · Fixed by #356
Closed

Trusted publishing GitHub Action docs should specify environment if there is one #355

mschwager opened this issue Feb 2, 2024 · 4 comments · Fixed by #356

Comments

@mschwager
Copy link

Hi all 👋

I've been working through the new trusted publishing, and everything seems to be working pretty well. I did notice one thing missing from the docs: the GitHub Actions don't mention including the environment if there is one. In other words, if you specify an environment when creating a trusted publisher you must also specify it in the GitHub Action workflow.
@woodruffw
Copy link
Contributor

For context: the equivalent docs on the PyPI side: https://docs.pypi.org/trusted-publishers/using-a-publisher/

Specifically, this is the example we use on PyPI:

jobs:
  pypi-publish:
    name: upload release to PyPI
    runs-on: ubuntu-latest
    # Specifying a GitHub environment is optional, but strongly encouraged
    environment: release
    permissions:
      # IMPORTANT: this permission is mandatory for trusted publishing
      id-token: write
    steps:
      # retrieve your distributions here

      - name: Publish package distributions to PyPI
        uses: pypa/gh-action-pypi-publish@release/v1

This can be closely adapted to RubyGems, so I'll file a PR later today.

@mschwager
Copy link
Author

mschwager commented Feb 2, 2024
edited
Loading

It's probably also worth mentioning that the release-gem GitHub Action requires that your project be using rake-release. Unfortunately, that doesn't really work for my intended workflow because rake-release performs a git tag and git push when releasing. I'd like for my release process to be triggered on git tag, so rake-release then creates an unnecessary tag. I also received this error from release-gem when it attempted to create the tag:

Tagged v0.5.0.
fatal: You are not currently on a branch.
To push the history leading to the current (detached HEAD)
state now, use

    git push origin HEAD:<name-of-remote-branch>

Untagging v0.5.0 due to error.
rake aborted!
Running `["git", "push", "--quiet"]` failed, exit code: 128

All in all, it'd be nice if release-gem could do a simple gem build -> gem push.

EDIT: some additional context: rubygems/release-gem#3.

@woodruffw
Copy link
Contributor

Just flagging: I'll send a PR for the environment docs part later today, time permitting.

@woodruffw woodruffw mentioned this issue Feb 12, 2024
Merged
@woodruffw
Copy link
Contributor

"Later today" really meant a week, but I've opened #356 for this!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

trusted-publishing: add environment: trail-of-forks/rubygems-guides
2 participants
@mschwager @woodruffw