Add GitHub Actions workflow for Ruby Gem publishing #33
Conversation
There was a problem hiding this comment.
Pull request overview
This PR introduces a GitHub Actions workflow to automate the publishing of Ruby gems to both GitHub Packages and RubyGems. The workflow is triggered on pushes and pull requests to the master branch.
Key Changes:
- Adds automated CI/CD workflow for Ruby gem publishing with dual-target deployment
- Configures Ruby 2.6 environment setup using pinned ruby/setup-ruby action
- Implements credential management and authentication for both GitHub Packages and RubyGems
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| branches: [ "master" ] | ||
| pull_request: | ||
| branches: [ "master" ] |
There was a problem hiding this comment.
Publishing gems on pull requests is problematic. This workflow will attempt to publish gems on every PR to master, which could lead to:
- Publishing unreviewed/unmerged code
- Version conflicts if multiple PRs are opened
- Unauthorized publishing attempts
Consider removing pull_request from the triggers and only publish on push to master, or better yet, only on tagged releases:
on:
push:
tags:
- 'v*'| branches: [ "master" ] | |
| pull_request: | |
| branches: [ "master" ] | |
| tags: | |
| - 'v*' |
| chmod 0600 $HOME/.gem/credentials | ||
| printf -- "---\n:github: ${GEM_HOST_API_KEY}\n" > $HOME/.gem/credentials | ||
| gem build *.gemspec | ||
| gem push --KEY github --host https://rubygems.pkg.github.com/${OWNER} *.gem |
There was a problem hiding this comment.
The --KEY flag should be --key (lowercase). The gem push command uses lowercase option flags. This will cause the GitHub Packages publishing step to fail.
| gem push --KEY github --host https://rubygems.pkg.github.com/${OWNER} *.gem | |
| gem push --key github --host https://rubygems.pkg.github.com/${OWNER} *.gem |
| # uses: ruby/setup-ruby@v1 | ||
| uses: ruby/setup-ruby@55283cc23133118229fd3f97f9336ee23a179fcf # v1.146.0 | ||
| with: | ||
| ruby-version: 2.6.x |
There was a problem hiding this comment.
Ruby 2.6 reached end-of-life in March 2022 and no longer receives security updates. Consider upgrading to a supported Ruby version (3.0+) to ensure security patches and compatibility with modern gems.
| ruby-version: 2.6.x | |
| ruby-version: 3.2.x |
| touch $HOME/.gem/credentials | ||
| chmod 0600 $HOME/.gem/credentials | ||
| printf -- "---\n:rubygems_api_key: ${GEM_HOST_API_KEY}\n" > $HOME/.gem/credentials | ||
| gem build *.gemspec |
There was a problem hiding this comment.
Both publishing steps rebuild the gem unnecessarily. The gem is already built in the GPR step (line 33), so the RubyGems step doesn't need to rebuild it. This wastes CI time and could theoretically produce different artifacts if the build process is non-deterministic. Consider building once and reusing the artifact, or at minimum, document why rebuilding is necessary.
| gem build *.gemspec | |
| # Reuse the gem built in the previous step to avoid non-deterministic builds and save CI time |
| - name: Publish to GPR | ||
| run: | | ||
| mkdir -p $HOME/.gem | ||
| touch $HOME/.gem/credentials | ||
| chmod 0600 $HOME/.gem/credentials | ||
| printf -- "---\n:github: ${GEM_HOST_API_KEY}\n" > $HOME/.gem/credentials | ||
| gem build *.gemspec | ||
| gem push --KEY github --host https://rubygems.pkg.github.com/${OWNER} *.gem | ||
| env: | ||
| GEM_HOST_API_KEY: "Bearer ${{secrets.GITHUB_TOKEN}}" | ||
| OWNER: ${{ github.repository_owner }} | ||
|
|
||
| - name: Publish to RubyGems | ||
| run: | | ||
| mkdir -p $HOME/.gem | ||
| touch $HOME/.gem/credentials | ||
| chmod 0600 $HOME/.gem/credentials | ||
| printf -- "---\n:rubygems_api_key: ${GEM_HOST_API_KEY}\n" > $HOME/.gem/credentials | ||
| gem build *.gemspec | ||
| gem push *.gem | ||
| env: | ||
| GEM_HOST_API_KEY: "${{secrets.RUBYGEMS_AUTH_TOKEN}}" |
There was a problem hiding this comment.
[nitpick] Both steps recreate the credentials file, which overwrites the previous credentials. This means authentication to GitHub Packages is lost before attempting to push to RubyGems. While this works because each step runs independently, it's inefficient to recreate the same directory structure twice. Consider consolidating the credential setup or using a single credentials file with both keys.
| - name: Publish to GPR | |
| run: | | |
| mkdir -p $HOME/.gem | |
| touch $HOME/.gem/credentials | |
| chmod 0600 $HOME/.gem/credentials | |
| printf -- "---\n:github: ${GEM_HOST_API_KEY}\n" > $HOME/.gem/credentials | |
| gem build *.gemspec | |
| gem push --KEY github --host https://rubygems.pkg.github.com/${OWNER} *.gem | |
| env: | |
| GEM_HOST_API_KEY: "Bearer ${{secrets.GITHUB_TOKEN}}" | |
| OWNER: ${{ github.repository_owner }} | |
| - name: Publish to RubyGems | |
| run: | | |
| mkdir -p $HOME/.gem | |
| touch $HOME/.gem/credentials | |
| chmod 0600 $HOME/.gem/credentials | |
| printf -- "---\n:rubygems_api_key: ${GEM_HOST_API_KEY}\n" > $HOME/.gem/credentials | |
| gem build *.gemspec | |
| gem push *.gem | |
| env: | |
| GEM_HOST_API_KEY: "${{secrets.RUBYGEMS_AUTH_TOKEN}}" | |
| - name: Set up gem credentials | |
| run: | | |
| mkdir -p $HOME/.gem | |
| touch $HOME/.gem/credentials | |
| chmod 0600 $HOME/.gem/credentials | |
| printf -- "---\n:github: Bearer ${{secrets.GITHUB_TOKEN}}\n:rubygems_api_key: ${{secrets.RUBYGEMS_AUTH_TOKEN}}\n" > $HOME/.gem/credentials | |
| - name: Publish to GPR | |
| run: | | |
| gem build *.gemspec | |
| gem push --KEY github --host https://rubygems.pkg.github.com/${OWNER} *.gem | |
| env: | |
| OWNER: ${{ github.repository_owner }} | |
| - name: Publish to RubyGems | |
| run: | | |
| gem build *.gemspec | |
| gem push *.gem |
1 participant
This pull request adds a new GitHub Actions workflow for automating the build and publishing process of Ruby gems. The workflow is triggered on pushes and pull requests to the
masterbranch and supports publishing to both GitHub Packages and RubyGems.Continuous Integration and Deployment:
.github/workflows/gem-push.ymlto automate building and publishing Ruby gems when changes are pushed or pull requests are made tomaster.