use plugin to fetch rubygems token via OIDC

yob · yob · commit b64af5d3dad5 · 2025-01-07T20:27:46.000+11:00
diff --git a/.buildkite/pipeline.release.yml b/.buildkite/pipeline.release.yml
@@ -7,4 +7,7 @@ steps:
     key: release
     env:
       RELEASE_VERSION: "__TEMPLATE__"
+    plugins:
+      - rubygems-oidc#bashify:
+          role: "rg_oidc_akr_xoy8sqmj25t8ok4rn5sq"
 
diff --git a/auto/release-gem b/auto/release-gem
@@ -2,43 +2,11 @@
 
 set -euo pipefail
 
-echo "--- Request OIDC token"
-
-export BUILDKITE_OIDC_TOKEN="$(buildkite-agent oidc request-token --audience "rubygems.org" --lifetime 60)"
-
-echo "${BUILDKITE_OIDC_TOKEN}" | head -c 20
-echo
-
-echo "--- Request rubygems token"
-
-RUBYGEMS_ROLE="rg_oidc_akr_xoy8sqmj25t8ok4rn5sq"
-
-echo "{\"jwt\":\"${BUILDKITE_OIDC_TOKEN}\"}"  | head -c 30
-echo
-
-#curl -v -s -X POST \
-#  --fail-with-body \
-#  -H "Content-Type: application/json" \
-#  --data "{\"jwt\":\"${BUILDKITE_OIDC_TOKEN}\"}" \
-#  "https://rubygems.org/api/v1/oidc/api_key_roles/${RUBYGEMS_ROLE}/assume_role"
-
-#--fail-with-body \
-RESPONSE=$(curl -s -X POST \
-  -H "Content-Type: application/json" \
-  --data "{\"jwt\":\"${BUILDKITE_OIDC_TOKEN}\"}" \
-  "https://rubygems.org/api/v1/oidc/api_key_roles/${RUBYGEMS_ROLE}/assume_role")
-
-ERROR_MESSAGE=$(echo "${RESPONSE}" | jq -r .error)
-GEM_HOST_API_KEY==$(echo "${RESPONSE}" | jq -r .rubygems_api_key)
-
-if [ "${ERROR_MESSAGE}" != "null" ]; then
-  echo "Requesting API token failed"
-  echo "ERROR: ${ERROR_MESSAGE}"
-  exit 1
+if [ -z "${GEM_HOST_API_KEY}" ]; then
+  echo "GEM_HOST_API_KEY environment variable not found"
+  exit
 fi
 
-echo "${GEM_HOST_API_KEY}" | head -c 10
-
 echo "--- Build and publish gem"
 
 cd $(dirname $0)/..
