Closed bbarani closed 1 year ago
Adding the approach here as discussed with @opensearch-project/engineering-effectiveness
Apart from building and maintaining the build environment for building the gems, another approach is to use the AWS secrets manager integrated with GitHub Actions to fetch the key and sign the gems while they are being built in Github Actions. Reference:
The above publishToRubyGems
jenkins library would then just grab the gem from release artifacts and publish them using the API https://guides.rubygems.org/rubygems-org-api/
curl --data-binary @sample-0.2.1.gem \
-H 'Authorization:rubygems_api_key' \
https://rubygems.org/api/v1/gems
After debugging alot the missing piece was the content header in above curl:
curl -X POST --data-binary @hello_world.gem -H 'Authorization:rubygems_sample_key' -H "Content-Type: application/octet-stream" https://rubygems.org/api/v1/gems
Ruby client is published to RubyGems.org.
Note: The signing for ruby takes place when the artifact is built. (Need to check if we have a work around) In order to replicate the build environment of ruby clients they need to be build on docker images which can be also used by release pipeline
Acceptance Criteria: