Configured gem signing withing the release workflow

kpumuk · Sep 20, 2024 · fceebc5 · fceebc5
1 parent 14f3823
commit fceebc5
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 1 deletion.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -2,6 +2,10 @@ name: Release
 
 on:
   workflow_dispatch:
+    inputs:
+      passphrase:
+        description: "Private key passphrase for signing the gem"
+        required: true
 
 jobs:
   push:
@@ -27,4 +31,12 @@ jobs:
         with:
           ruby-version: ${{ matrix.ruby-version }}
           bundler-cache: true
+      - name: Setup private key
+        env:
+          GEM_PRIVATE_KEY: ${{ secrets.GEM_PRIVATE_KEY }}
+        run: |
+          mkdir -p ~/.gem
+          echo "${GEM_PRIVATE_KEY}" > ~/.gem/gem-private_key.pem
       - uses: rubygems/release-gem@v1
+        env:
+          GEM_PRIVATE_KEY_PASSPHRASE: "${{ inputs.passphrase }}"
diff --git a/meta-tags.gemspec b/meta-tags.gemspec
@@ -41,7 +41,7 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "rspec_junit_formatter", "~> 0.6.0"
 
   spec.cert_chain = ["certs/kpumuk.pem"]
-  spec.signing_key = File.expand_path("~/.ssh/gem-kpumuk.pem") if $PROGRAM_NAME.end_with?("gem")
+  spec.signing_key = File.expand_path("~/.gem/gem-private_key.pem") if $PROGRAM_NAME.end_with?("gem")
 
   spec.metadata = {
     "bug_tracker_uri" => "https://github.com/kpumuk/meta-tags/issues/",