From 090ecf22d8fba06cb9a8c65e1536cb7834ccdf86 Mon Sep 17 00:00:00 2001 From: Fern Support <126544928+fern-support@users.noreply.github.com> Date: Wed, 17 Jun 2026 18:04:14 -0400 Subject: [PATCH 1/2] Switch gem-publish to RubyGems OIDC trusted publishing (FER-11279) --- .github/workflows/ci.yml | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c578045d..32adc423 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,6 +1,6 @@ name: CI -on: +on: push: workflow_dispatch: @@ -75,6 +75,9 @@ jobs: gem-publish: runs-on: ubuntu-latest if: (github.event_name == 'push' && contains(github.ref, 'refs/tags/')) || github.event_name == 'workflow_dispatch' + permissions: + id-token: write + contents: read steps: - name: Checkout repository uses: actions/checkout@v4 @@ -92,8 +95,9 @@ jobs: run: | bundle exec rake build + - name: Configure RubyGems credentials (OIDC trusted publishing) + uses: rubygems/configure-rubygems-credentials@v1.0.0 + - name: Publish to RubyGems run: | gem push pkg/*.gem --host https://rubygems.org/ - env: - GEM_HOST_API_KEY: ${{ secrets.RUBYGEMS_API_KEY }} From 0621ac26f6972aea2af0bdc5126abd3e1fbeb17b Mon Sep 17 00:00:00 2001 From: Mike Konopelski Date: Mon, 22 Jun 2026 10:00:51 -0400 Subject: [PATCH 2/2] Pin RubyGems credentials action --- .github/workflows/ci.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 32adc423..2f10b051 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -96,7 +96,8 @@ jobs: bundle exec rake build - name: Configure RubyGems credentials (OIDC trusted publishing) - uses: rubygems/configure-rubygems-credentials@v1.0.0 + # rubygems/configure-rubygems-credentials@v1.0.0 + uses: rubygems/configure-rubygems-credentials@bc6dd217f8a4f919d6835fcfefd470ef821f5c44 - name: Publish to RubyGems run: |