release-gem/action.yml at v1 · rubygems/release-gem · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
name: "Release Gem"
description: "Upload gems to RubyGems.org"
inputs:
  token:
    description: >-
      GitHub token used to authenticate git operations (e.g. pushing the release tag).
      Defaults to the built-in github.token. Override with a PAT or GitHub App token
      when tag push protection rules require a specific actor or bypass permission.
    required: false
    default: ${{ github.token }}
  await-release:
    description: "Whether to poll for the release to be available on RubyGems.org"
    required: false
    default: "true"
  setup-trusted-publisher:
    description: "Whether to setup the trusted publisher for the gem"
    required: false
    default: "true"
  attestations:
    description: >-
      [EXPERIMENTAL]
      Enable experimental support for sigstore attestations.
      Only works with RubyGems.org via Trusted Publishing.
    required: false
    default: "true"
  working-directory:
    description: "The working directory to run the release rake task in"
    required: false
    default: ""
outputs: {}
branding:
  color: "red"
  icon: "upload-cloud"
runs:
  using: "composite"
  steps:
    - name: Attribute commits to last committer
      run: |
        git config --global user.email "$(git log -1 --pretty=format:'%ae')"
        git config --global user.name "$(git log -1 --pretty=format:'%an')"
      shell: bash
    - name: Configure Git using cached credentials
      run: |
        git credential-cache --timeout=300 store <<EOF
        protocol=https
        host=github.com
        username=x-access-token
        password=${{ inputs.token }}

        EOF
        git config --local credential.helper 'cache --timeout=300'
      shell: bash
    - name: Fetch tags
      run: git fetch --tags --force
      shell: bash
    - name: Configure trusted publishing credentials
      if: ${{ inputs.setup-trusted-publisher == 'true' }}
      uses: rubygems/configure-rubygems-credentials@bc6dd217f8a4f919d6835fcfefd470ef821f5c44 # v1.0.0
    - name: Run release rake task
      run: bundle exec rake release
      shell: bash
      env:
        RUBYOPT: "${{ inputs.attestations == 'true' && format('-r{0}/rubygems-attestation-patch.rb {1}', github.action_path, env.RUBYOPT) || env.RUBYOPT }}"
      working-directory: ${{ inputs.working-directory }}
    - name: Wait for release to propagate
      if: ${{ inputs.await-release == 'true' }}
      run: gem exec rubygems-await pkg/*.gem
      shell: bash
      working-directory: ${{ inputs.working-directory }}
    - name: Clean up credentials
      if: always()
      run: git credential-cache exit || true
      shell: bash