From 4c46def81e4547333a1584bba8d0118666e6a5ef Mon Sep 17 00:00:00 2001
From: kuro <kuro@st.inc>
Date: Thu, 14 May 2026 12:20:54 +0900
Subject: [PATCH 1/2] security: add Takumi Guard for RubyGems

Co-Authored-By: Kuro <kuro0211@st.inc>
---
 .github/workflows/check.yml | 5 +++++
 .github/workflows/test.yml  | 5 +++++
 2 files changed, 10 insertions(+)

diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml
index 839c8a6..9d9e63e 100644
--- a/.github/workflows/check.yml
+++ b/.github/workflows/check.yml
@@ -10,9 +10,14 @@ jobs:
   rubocop:
 
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
 
     steps:
       - uses: actions/checkout@v3
+      - uses: flatt-security/setup-takumi-guard-rubygems@v1
+        with:
+          bot-id: "${{ vars.TAKUMI_GUARD_BOT_ID }}"
       - name: Set up Ruby
         uses: ruby/setup-ruby@v1
         with:
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 7440121..08e88ad 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -10,6 +10,8 @@ jobs:
   test:
 
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
 
     strategy:
       matrix:
@@ -18,6 +20,9 @@ jobs:
 
     steps:
       - uses: actions/checkout@v3
+      - uses: flatt-security/setup-takumi-guard-rubygems@v1
+        with:
+          bot-id: "${{ vars.TAKUMI_GUARD_BOT_ID }}"
       - name: Set up Ruby ${{ matrix.ruby-version }}
         uses: ruby/setup-ruby@v1
         with:

From a9a36caa6f9df4169c58f5ca7c3b64db07ab2354 Mon Sep 17 00:00:00 2001
From: kuro <kuro@st.inc>
Date: Thu, 14 May 2026 14:30:26 +0900
Subject: [PATCH 2/2] =?UTF-8?q?fix:=20ubuntu-24.04=20=E3=81=A7=20bundle=20?=
 =?UTF-8?q?=E3=82=B3=E3=83=9E=E3=83=B3=E3=83=89=E3=81=8C=E8=A6=8B=E3=81=A4?=
 =?UTF-8?q?=E3=81=8B=E3=82=89=E3=81=AA=E3=81=84=E3=82=A8=E3=83=A9=E3=83=BC?=
 =?UTF-8?q?=E3=82=92=E4=BF=AE=E6=AD=A3?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

ubuntu-24.04 ランナーでは Ruby インストール前に bundle コマンドが存在しない。
setup-takumi-guard-rubygems を ruby/setup-ruby より前に置くと
bundle config set --global の実行が exit 127 で失敗していた。

修正: ruby/setup-ruby を先に実行するよう順序を変更

Co-Authored-By: Kuro <kuro0211@st.inc>
---
 .github/workflows/check.yml | 6 +++---
 .github/workflows/test.yml  | 6 +++---
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml
index 9d9e63e..177c25f 100644
--- a/.github/workflows/check.yml
+++ b/.github/workflows/check.yml
@@ -15,13 +15,13 @@ jobs:
 
     steps:
       - uses: actions/checkout@v3
-      - uses: flatt-security/setup-takumi-guard-rubygems@v1
-        with:
-          bot-id: "${{ vars.TAKUMI_GUARD_BOT_ID }}"
       - name: Set up Ruby
         uses: ruby/setup-ruby@v1
         with:
           ruby-version: '3.4'
+      - uses: flatt-security/setup-takumi-guard-rubygems@v1
+        with:
+          bot-id: "${{ vars.TAKUMI_GUARD_BOT_ID }}"
       - name: Install dependencies
         run: bundle install
       - name: Run RuboCop
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 08e88ad..1e659e8 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -20,13 +20,13 @@ jobs:
 
     steps:
       - uses: actions/checkout@v3
-      - uses: flatt-security/setup-takumi-guard-rubygems@v1
-        with:
-          bot-id: "${{ vars.TAKUMI_GUARD_BOT_ID }}"
       - name: Set up Ruby ${{ matrix.ruby-version }}
         uses: ruby/setup-ruby@v1
         with:
           ruby-version: ${{ matrix.ruby-version }}
+      - uses: flatt-security/setup-takumi-guard-rubygems@v1
+        with:
+          bot-id: "${{ vars.TAKUMI_GUARD_BOT_ID }}"
       - name: Set up Node.js ${{ matrix.node-version }}
         uses: actions/setup-node@v4
         with: