Automate RubyGems releases via OIDC trusted publishing

[ianyamey]

Adds a release.yml workflow that builds, tags vX.Y.Z, and publishes the gem to RubyGems.org automatically whenever lib/unit-ruby/version.rb changes on main, authenticating via OIDC trusted publishing so no API key is stored. Bumps the version to 1.1.1 and updates spec/version_spec.rb to match. Backfills CHANGELOG entries for the 1.0.0, 1.0.1, 1.1.0, and 1.1.1 releases (reconstructed from git history). Replaces the manual gem build/gem push steps in the README's Releasing section with the automated flow.

🤖 Generated with Claude Code

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: a06433bd-f270-40bf-b547-27bd670d800d

📥 Commits

Reviewing files that changed from the base of the PR and between 620ef60 and bf06066.

📒 Files selected for processing (1)

• .github/workflows/release.yml

🚧 Files skipped from review as they are similar to previous changes (1)

• .github/workflows/release.yml

---

📝 Walkthrough

Summary by CodeRabbit

• New Features
  • Added comprehensive support for Rails 8 / Active Support 8 for full compatibility.
• Bug Fixes
  • Fixed security vulnerabilities and dependency compatibility issues.
• Chores
  • Released v1.1.1, added automated RubyGems publishing workflow, and updated release documentation and changelog.

Walkthrough

This PR adds a GitHub Actions release workflow that publishes the gem when lib/unit-ruby/version.rb changes on main (skipping if the vX.Y.Z tag exists), bumps Unit::VERSION to 1.1.1 and updates the version spec, rewrites the README releasing section for automated releases, and expands CHANGELOG.md with entries through 1.1.1.

Suggested reviewers

• trevornelson

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main change: automating RubyGems releases using OIDC trusted publishing, which is the primary focus of the workflow addition and configuration updates.
Description check	✅ Passed	The description is directly related to the changeset, detailing the workflow addition, version bump, changelog updates, and README modifications that comprise the pull request.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch ian/oidc-rubygems-auto-release

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/release.yml:
- Around line 44-45: The workflow currently interpolates
steps.version.outputs.version directly into a shell run (used in the if test and
elsewhere) which allows command-injection via crafted version strings; add a
validation step before any run that uses steps.version.outputs.version to assert
it matches a strict semver pattern (e.g.,
^[0-9]+\.[0-9]+\.[0-9]+(-[0-9A-Za-z.-]+)?(\+[0-9A-Za-z.-]+)?$) and fail the job
if it does not; update the job to reference the validated output (or set a
sanitized variable) so the if test that checks git rev-parse "v${{
steps.version.outputs.version }}" only runs with a guaranteed-safe semver value.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: dbbfc6e8-75c9-4c11-8b10-85c623569492

📥 Commits

Reviewing files that changed from the base of the PR and between 1ac91c2 and 620ef60.

📒 Files selected for processing (5)

• .github/workflows/release.yml
• CHANGELOG.md
• README.md
• lib/unit-ruby/version.rb
• spec/version_spec.rb