Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Automatically publish package on version bump #72

Merged
merged 1 commit into from
Oct 6, 2021
Merged

Automatically publish package on version bump #72

merged 1 commit into from
Oct 6, 2021

Conversation

jaantohver
Copy link
Contributor

Previously the package needed to be manually published by somebody with
permissions. This is a hasstle if the changes were authored by somebody without
permissions. A Github Action will automatically publish a new version and add a
tag when changes are merged to master that increase the version number in
gemspec. If the version in unchanged when changes are merged then the action
fails but does so silently.

See this PR for related discussion.

CHAN-1774

@jaantohver
Automatically publish package on version bump
a91ba4b 
Previously the package needed to be manually published by somebody with
permissions. This is a hasstle if the changes were authored by somebody without
permissions. A Github Action will automatically publish a new version and add a
tag when changes are merged to master that increase the version number in
gemspec. If the version in unchanged when changes are merged then the action
fails but does so silently.

CHAN-1774
@jaantohver
Copy link
Contributor Author

Ostap added the RUBYGEMS_API_KEY secret.

urmastalimaa
urmastalimaa reviewed Oct 6, 2021
View reviewed changes
.github/workflows/publish.yml


- name: Release Gem
uses: discourse/publish-rubygems-action@b55d7b91b55e61752dc6cbc2972f8e16fe6c1a02
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is also https://github.com/salemove/publish-rubygems-action, I don't quite know for what reason it was created, but perhaps of security considerations. In any case, running 3rd party actions should be vetted by the inf team.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I forked that myself at some point, but at the end of the day the consensus seemed to be that pinning the action to a commit hash would be secure enough.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll just archive it.

@jaantohver
Copy link
Contributor Author

!merge

@sm-deployer sm-deployer merged commit fda07c7 into master Oct 6, 2021
@sm-deployer sm-deployer deleted the automatic-publishing branch October 6, 2021 09:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@urmastalimaa urmastalimaa urmastalimaa approved these changes

@ostap0207 ostap0207 ostap0207 approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@jaantohver @ostap0207 @urmastalimaa @sm-deployer