From a61fca32e5d45d3ee53f80ade97e3f48317b4c9b Mon Sep 17 00:00:00 2001
From: William Woodruff <william@trailofbits.com>
Date: Mon, 12 Feb 2024 14:57:36 -0500
Subject: [PATCH] trusted-publishing: add `environment:`

Signed-off-by: William Woodruff <william@trailofbits.com>
---
 trusted-publishing/releasing-gems.md | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/trusted-publishing/releasing-gems.md b/trusted-publishing/releasing-gems.md
index f1f29e3..cf5204a 100644
--- a/trusted-publishing/releasing-gems.md
+++ b/trusted-publishing/releasing-gems.md
@@ -17,6 +17,9 @@ jobs:
       contents: write
       id-token: write
 
+    # If you configured a GitHub environment on RubyGems, you must use it here.
+    environment: release
+
     steps:
       # Set up
       - uses: actions/checkout@v4
@@ -30,4 +33,4 @@ jobs:
       - uses: rubygems/release-gem@v1
 ```
 
-Note the `id-token: write`` permission: you **must** provide this permission at either the job level (strongly recommended) or workflow level (discouraged). Without it, the publishing action won't have sufficient permissions to identify itself to RubyGems.org.
+Note the `id-token: write` permission: you **must** provide this permission at either the job level (strongly recommended) or workflow level (discouraged). Without it, the publishing action won't have sufficient permissions to identify itself to RubyGems.org.