Adds GitHub Action to release to RubyGems

[jeschneiderhan]

What did we change?

Setup a GitHub Action that uses the RubyGems trusted publishing feature to publish the gem without requiring long-lived secrets. A trusted publisher has already been added on the RubyGems side for this gem.

Why are we doing this?

To reduce the supply chain risk that comes with multiple people having push access with personal RubyGems accounts. Once we know this works we can remove everyone except the ezCater-controlled RubyGems account from the owners list.

Note: rubocop was failing. Bumping the version, as well as the Ruby version, seams to have fixed it. Ruby 3.0 and 3.1 are both EOL.

How was it tested?

• Specs
• Locally
• Staging

[jeschneiderhan]

There is no reason we couldn't change this to run on pushes to main in the future. I'd like to see that it works manually first, though.

[thiagopecanha]

Should we add an entry to the CHANGELOG for this?

[thiagopecanha]

Is it expected that this is failing?

[kraila]

It doesn't look like this repo is currently set up to be using Release Please, so not a concern here specifically, but in general do you know if this type of action will be able to integrate with release please smoothly? example release please workflow: https://github.com/ezcater/ezcater_http/blob/main/.github/workflows/release.yml

[j-sm-n]

It doesn't look like this repo is currently set up to be using Release Please, so not a concern here specifically, but in general do you know if this type of action will be able to integrate with release please smoothly? example release please workflow: https://github.com/ezcater/ezcater_http/blob/main/.github/workflows/release.yml

I am also curious if we wanted to use Release Please for our public libraries since we use them for our private gems (in most places). Our eng docs on it.

I would also want to update our documentation specifying the differences in that doc between the tooling.

[j-sm-n]

Is it expected that this is failing?

Yeah, unfortunately this is expected because this is a public gem and our CODEOWNERS workflow is private.

[jeschneiderhan]

@thiagopecanha I added an entry to the CHANGELOG.md and bumped the version to 3.3.0.

This release-gem action would only make sense for our public repos that we are publishing to RubyGems.

do you know if this type of action will be able to integrate with release please smoothly

@kraila I'm not sure, but I wouldn't be surprised if it works together smoothly. It looks like release-please is doing some prep work like automating changelog entries and creating GitHub releases. The release-gem action is really just setting up RubyGems credentials and calling bundle exec rake release

[jeschneiderhan]

I'm going to wait until Monday to merge this. I don't want to push a new version with a new workflow on a Friday.

[j-sm-n]

Looks good!

My only non-blocking, larger ask is if we could also socialize this change in our Eng doc about our goals with public gems here and how we are trying to manage credentials moving forward.

[jeschneiderhan]

@j-sm-n heard. If the process works for this gem, I will fast follow with an update to the Eng docs.