From d920dafc84828e6e789828288e64b181f613ef3d Mon Sep 17 00:00:00 2001 From: Michal Checinski Date: Fri, 23 Feb 2024 16:23:51 +0100 Subject: [PATCH] Use rubygem api key to publish --- .github/workflows/publish-ruby.yml | 54 +++++++++++++++++++++--------- 1 file changed, 39 insertions(+), 15 deletions(-) diff --git a/.github/workflows/publish-ruby.yml b/.github/workflows/publish-ruby.yml index 931981667..9012cce4d 100644 --- a/.github/workflows/publish-ruby.yml +++ b/.github/workflows/publish-ruby.yml @@ -107,26 +107,50 @@ jobs: cp "temp/${platforms[$i]}/${files[$i]}" "languages/ruby/bitwarden_sdk_secrets/lib/${platforms[$i]}/${files[$i]}" done + - name: Login to Azure + uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 + with: + creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} + + - name: Retrieve secrets + id: retrieve-secrets + uses: bitwarden/gh-actions/get-keyvault-secrets@main + with: + keyvault: "bitwarden-ci" + secrets: "rubygem-api-key" + - name: bundle install run: bundle install working-directory: languages/ruby/bitwarden_sdk_secrets - - name: Set remote URL + - name: Push gem to Rubygems run: | - # Attribute commits to the last committer on HEAD - git config --global user.email "106330231+bitwarden-devops-bot@users.noreply.github.com" - git config --global user.name "bitwarden-devops-bot" - git remote set-url origin "https://x-access-token:${{ github.token }}@github.com/$GITHUB_REPOSITORY" + mkdir -p $HOME/.gem + touch $HOME/.gem/credentials + chmod 0600 $HOME/.gem/credentials + printf -- "---\n:rubygems_api_key: ${GEM_HOST_API_KEY}\n" > $HOME/.gem/credentials + gem push *.gem + env: + GEM_HOST_API_KEY: ${{ steps.retrieve-secrets.outputs.rubygem-api-key }} + working-directory: languages/ruby/bitwarden_sdk_secrets - - name: Configure trusted publishing credentials - uses: rubygems/configure-rubygems-credentials@bc6dd217f8a4f919d6835fcfefd470ef821f5c44 # v1.0.0 + # - name: Set remote URL + # run: | + # # Attribute commits to the last committer on HEAD + # git config --global user.email "106330231+bitwarden-devops-bot@users.noreply.github.com" + # git config --global user.name "bitwarden-devops-bot" + # git remote set-url origin "https://x-access-token:${{ github.token }}@github.com/$GITHUB_REPOSITORY" - - name: Run release rake task - if: ${{ inputs.release_type == 'Release' }} - run: bundle exec rake release - working-directory: languages/ruby/bitwarden_sdk_secrets + # - name: Configure trusted publishing credentials + # uses: rubygems/configure-rubygems-credentials@bc6dd217f8a4f919d6835fcfefd470ef821f5c44 # v1.0.0 + + # - name: Run release rake task + # if: ${{ inputs.release_type == 'Release' }} + # run: bundle exec rake release + # working-directory: languages/ruby/bitwarden_sdk_secrets + + # - name: Wait for release to propagate + # if: ${{ inputs.release_type == 'Release' }} + # run: gem exec rubygems-await pkg/*.gem + # working-directory: languages/ruby/bitwarden_sdk_secrets - - name: Wait for release to propagate - if: ${{ inputs.release_type == 'Release' }} - run: gem exec rubygems-await pkg/*.gem - working-directory: languages/ruby/bitwarden_sdk_secrets