Skip to content

Commit 58573a2

Browse files
hsbtclaude
hsbt
and
claude
committed
Add note about required id-token: write permission for OIDC configurations
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
1 parent a9c8d48 commit 58573a2

File tree

1 file changed

+8
-0
lines changed

1 file changed

+8
-0
lines changed

README.md

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -33,6 +33,14 @@ There are three ways to configure RubyGems credentials:
3333
2. **OIDC API Key Role**: Uses OIDC with a pre-configured API Key Role on RubyGems.org.
3434
3. **Static API token**: Uses a RubyGems API token stored in repository secrets.
3535

36+
> **Note**: The OIDC-based configurations (**Trusted Publisher** and **OIDC API Key Role**) require the `id-token: write` permission in your workflow, for example:
37+
>
38+
> ```yaml
39+
> permissions:
40+
> id-token: write
41+
> contents: read
42+
> ```
43+
3644
### Trusted Publisher (recommended)
3745
3846
The simplest approach is to use [Trusted Publishing](https://guides.rubygems.org/trusted-publishing/).

0 commit comments

Comments
 (0)