RubyGems Navigation menu

Adding a trusted publisher to a gem only requires a single setup step.

On your profile page, click the link to any gem you’d like to configure.

List of gems on a profile

If you’re a gem owner, you’ll see a link to “Trusted publishers” on the right side of the page. Click that link.

Links shown on the sidebar of a gem page when the user is an owner

This will take you to the gem’s trusted publishers page.

Gem's trusted publisher page with a create button

Click the “Create” button, which will take you to the publisher configuration page.

Gem trusted publisher creation form

Providing the owner name, repository name, and GitHub Actions workflow name allows RubyGems to securely accept uploaded gems from the GitHub Actions infrastructure. If you have multiple workflows that push gems, you can create one Trusted Publisher for each workflow.

Once you click “Create Rubygem trusted publisher”, your publisher will be registered and will appear in the list of trusted publishers for this gem.

List of configured gem trusted publishers

Now, the push.yml workflow on indirect/indirect-trusted-publishing will be able to generate short-lived API tokens from that are able to push to this gem.

A repo and workflow can be registered to multiple gems. For example, the release.yml workflow from the rails/rails repo can be registered for both the rails and activerecord gems. Each gem can likewise allow multiple publishers, for example a single gem could allow both workflows release-linux.yml and release-mac.yml.

Now that you’ve created a Trusted Publisher, create a GitHub Actions workflow to publish your gem. You can use rubygem-await’s release workflow as a starting point.