From 85db3a90764b0467323a7a4c26a5d119035b6f32 Mon Sep 17 00:00:00 2001
From: Hans Lemuet <hans@etamin.studio>
Date: Sat, 26 Jul 2025 17:31:50 +0200
Subject: [PATCH 1/3] Add push_gem workflow, update docs & scripts

---
 .github/workflows/push_gem.yml | 38 ++++++++++++++++++++++++++++++++++
 docs/CONTRIBUTING.md           |  2 ++
 script/publish                 |  2 +-
 script/release                 |  4 +++-
 4 files changed, 44 insertions(+), 2 deletions(-)
 create mode 100644 .github/workflows/push_gem.yml

diff --git a/.github/workflows/push_gem.yml b/.github/workflows/push_gem.yml
new file mode 100644
index 000000000..c9ec7cdaf
--- /dev/null
+++ b/.github/workflows/push_gem.yml
@@ -0,0 +1,38 @@
+name: Push Gem
+
+on:
+  push:
+    tags:
+      - v*
+
+permissions:
+  contents: read
+
+jobs:
+  push:
+    if: github.repository == 'ViewComponent/view_component'
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: write
+      id-token: write
+
+    # GitHub environment configured on RubyGems
+    environment: release
+
+    steps:
+      # Set up
+      - name: Harden Runner
+        uses: step-security/harden-runner@v2
+        with:
+          egress-policy: audit
+
+      - uses: actions/checkout@v4
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          bundler-cache: true
+          ruby-version: ruby
+
+      # Release
+      - uses: rubygems/release-gem@v1
diff --git a/docs/CONTRIBUTING.md b/docs/CONTRIBUTING.md
index 461d090a3..c19721c54 100644
--- a/docs/CONTRIBUTING.md
+++ b/docs/CONTRIBUTING.md
@@ -98,6 +98,8 @@ To run the Vale prose linter locally, `brew install vale` and `vale docs/`.
 
 `./script/release`
 
+To improve software supply chain safety, new gem versions are automatically pushed to RubyGems by Github Actions, thanks to [Trusted Publishing](https://guides.rubygems.org/trusted-publishing/).
+
 ## Governance
 
 ViewComponent is built by over a hundred members of the community. Project membership has several levels:
diff --git a/script/publish b/script/publish
index e5f5680e8..f6d97f135 100755
--- a/script/publish
+++ b/script/publish
@@ -1,7 +1,7 @@
 #!/usr/bin/env bash
 
 # Publish gem
-bundle exec rake release
+# this step has been replaced by .github/workflows/push_gem.yml
 
 # Publish updated docs
 git branch -D gh-pages
diff --git a/script/release b/script/release
index 6e4b8dc71..7c62f0f2a 100755
--- a/script/release
+++ b/script/release
@@ -82,7 +82,9 @@ push() {
 
   echo "####################################################"
   echo "Now, open a PR with this branch and merge it to main"
-  echo "Then, run script/publish on main to release the gem"
+  echo "Then, run script/publish on main to publish the docs"
+  echo "The gem will be pushed to RubyGems automatically by"
+  echo "Github Actions, using Trusted Publishing."
   echo "Finally, create a GitHub release https://github.com/viewcomponent/view_component/releases/new with the changes from docs/CHANGELOG"
   echo "####################################################"
 }

From 37d5588a79155f0700be02e5c752e3994464db9a Mon Sep 17 00:00:00 2001
From: Hans Lemuet <hans@etamin.studio>
Date: Sat, 26 Jul 2025 17:43:29 +0200
Subject: [PATCH 2/3] Add changelog

---
 docs/CHANGELOG.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md
index e203afd4e..588efeb34 100644
--- a/docs/CHANGELOG.md
+++ b/docs/CHANGELOG.md
@@ -10,6 +10,10 @@ nav_order: 6
 
 ## main
 
+* Setup Trusted Publishing to RubyGems, to improve software supply chain safety.
+
+    *Hans Lemuet*
+
 ## 4.0.0.rc5
 
 * Revert change setting `#format`. In GitHub's codebase, the change led to hard-to-detect failures. For example, components rendered from controllers included layouts when they didn't before. In other cases, the response `content_type` changed, breaking downstream consumers. For cases where a specific content type is needed, use:

From 757f81cbba08ebead6de5cfd30215b26e05af346 Mon Sep 17 00:00:00 2001
From: Joel Hawksley <joel@hawksley.org>
Date: Wed, 30 Jul 2025 19:24:45 -0600
Subject: [PATCH 3/3] Apply suggestions from code review

---
 docs/CHANGELOG.md    | 2 +-
 docs/CONTRIBUTING.md | 2 --
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md
index 588efeb34..a534ac360 100644
--- a/docs/CHANGELOG.md
+++ b/docs/CHANGELOG.md
@@ -10,7 +10,7 @@ nav_order: 6
 
 ## main
 
-* Setup Trusted Publishing to RubyGems, to improve software supply chain safety.
+* Setup Trusted Publishing to RubyGems to improve software supply chain safety.
 
     *Hans Lemuet*
 
diff --git a/docs/CONTRIBUTING.md b/docs/CONTRIBUTING.md
index c19721c54..461d090a3 100644
--- a/docs/CONTRIBUTING.md
+++ b/docs/CONTRIBUTING.md
@@ -98,8 +98,6 @@ To run the Vale prose linter locally, `brew install vale` and `vale docs/`.
 
 `./script/release`
 
-To improve software supply chain safety, new gem versions are automatically pushed to RubyGems by Github Actions, thanks to [Trusted Publishing](https://guides.rubygems.org/trusted-publishing/).
-
 ## Governance
 
 ViewComponent is built by over a hundred members of the community. Project membership has several levels: