Restore gated release pipeline and adopt RubyGems trusted publishing action

[Copilot]

The release workflow had been simplified in a way that removed core safeguards and outputs: tag/version validation, test/build gating, and GitHub release publishing. This change restores the full release pipeline and updates RubyGems publication to use the official rubygems/release-gem trusted publishing flow.

• Release pipeline restored

  • Reintroduced validate, test, build, release-rubygems, and release-github jobs.
  • Re-established job dependencies so publishing is gated by validation, tests, and artifact build.

• Version safety checks reinstated

  • Restored extraction of version from refs/tags/v*.
  • Restored strict check that git tag version matches Cyclonedx::Ruby::VERSION.
  • Restored prerelease detection output for downstream release behavior.

• RubyGems release modernized (official pattern)

  • release-rubygems now uses rubygems/release-gem@v1.
  • Uses trusted publishing permissions (id-token: write) and release environment.
  • Uses actions/checkout@v5 with persist-credentials: false and ruby/setup-ruby@v1.

• GitHub release behavior restored and hardened

  • Restored release asset publishing via gh release create.
  • Artifact download path is now explicit and asset discovery is deterministic.
  • Added guard to require exactly one .gem and one .sha512 before creating the GitHub release.

release-rubygems:
  needs: [validate, build]
  permissions:
    contents: write
    id-token: write
  environment: release
  steps:
    - uses: actions/checkout@v5
      with:
        persist-credentials: false
    - uses: ruby/setup-ruby@v1
      with:
        bundler-cache: true
        ruby-version: ruby
    - uses: rubygems/release-gem@v1

Original prompt

---

This section details on the original issue you should resolve

<issue_title>chore: create a release pipeline</issue_title>
<issue_description>goal: have a working, state-of-the-art pipeline for building and releasing this package to rubygems.

Requirements:

• supports prereleases
• tags releases in git

optional:

• have releases on github with the build results as release artifacts.
  </issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes chore: create a release pipeline #46

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[extern-c]

@extern-c this PR is not intended to become merged soon. It is just a show-case of how AI thinks this ticket #46 might be resolved. I'd rather prefer a human-written workflow for this

Hi @jkowalleck ,

That makes sense. I see that you've assigned #59 to yourself. Please let me know if you need any help with the implementation or review. I'd be happy to assist.