Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set up automatic publishing to Github and Rubygems #275

Merged
merged 1 commit into from
Jan 7, 2021
Merged

Set up automatic publishing to Github and Rubygems #275

merged 1 commit into from
Jan 7, 2021

Conversation

mlarraz
Copy link
Member

@mlarraz mlarraz commented Dec 22, 2020

No description provided.

scashin133
scashin133 reviewed Jan 7, 2021
View reviewed changes
.github/workflows/gem-push.yml Outdated
env:
GEM_HOST_API_KEY: "Bearer ${{secrets.GITHUB_TOKEN}}"
OWNER: ${{ github.repository_owner }}
- name: Publish to RubyGems
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are there going to be cases where we only want to publish to github? When would we want to publish to rubygems and github?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This assumes we'll just publish everything to both, as a redundancy.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For a lot of these gems though we explicitly DON'T want them to be public right? otherwise we wouldn't need the private github repo. I'd prefer renaming this workflow to something that makes that a lot more obvious or just not include the public aspect at all until we have a usecase for it.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Github Packages follows the repo's privacy settings. Since this is a public repo the Github package will also be public. Not strictly necessary but might be nice to have

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

okay so this is for repos like amountable that are public? I would prefer that we make that more explicit in the workflow name otherwise I think someone is going to make a mistake

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated to clarify. We can also guard against accidental publishes by whitelisting allowed_push_host in a gemspec's metadata, which is more resilient.

scashin133
scashin133 approved these changes Jan 7, 2021
View reviewed changes
Copy link

@scashin133 scashin133 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for making the changes!

@mlarraz mlarraz merged commit ba327b4 into master Jan 7, 2021
@mlarraz mlarraz deleted the auto_publish branch January 7, 2021 23:57
@dependabot dependabot bot mentioned this pull request Mar 18, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@scashin133 scashin133 scashin133 approved these changes

@montanalow montanalow Awaiting requested review from montanalow

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mlarraz @scashin133