-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add release workflow #4
base: main
Are you sure you want to change the base?
Conversation
@dosas Hey, could you give me a little more context on how we would use this and the advantages? I've been fine with just doing it locally so far and I'm also not sure how a workflow would work with 2FA, so would appreciate your help understanding the options. Thanks! |
I shamelessly copied the workflow from https://github.com/theforeman/actions/blob/v0/.github/workflows/release-gem.yml Sadly I have no github project where I have admin rights, so I never configured these settings. @sbernhard I think you configured these settings once, maybe you can add some context here? I suppose when using a token there is usually no need for 2FA. The biggest advantage I see as opposed to doing it manual locally is automation (pushing a tag should then automatically trigger a release) and a single source of truth for gems, the CI. |
I think since I have 2FA turned on this wouldn't work. Looking at their docs it looks like in addition to the API token you need to set an OTP header: https://guides.rubygems.org/rubygems-org-api/. I don't think there is an easy way to do that here, unless I'm missing something. So maybe it's best for me to stick with the more manual process, where I can respond to the 2FA prompt inline. Do let me know if I'm missing something, as I don't want to disable 2FA. |
@geemus I will see if I can change this PR to trusted publishing. Would this be an acceptable solution for you. In the meantime, could you publish a new version of https://github.com/fog/fog-ovirt ? |
@dosas I need to read up and think about trusted publishing a bit more to decide. I'm certainly happy to publish directly in the mean time, I'll try to do that presently. |
I pushed a PR with version bump/etc, looks like fog-ovirt is setup to require reviews, so I'll wait for that and then try to get it all released soon. |
If this gets merged someone with admin rights needs to set the api key for rubygems in the github settings.