Publish new ecosystems dependabot-rust_toolchain and depenadbot-vcpkg on rubygems.org

We need to publish two new ecosystems, however we are blocked since trusted publisher signing was introduced for rubygems.org in https://github.com/dependabot/dependabot-core/pull/12025

The new ecosystem gems are:

- dependabot-rust_toolchain
- depenadbot-vcpkg

We created the trusted publisher placeholders on [rubygems.org](https://rubygems.org/profile/oidc/pending_trusted_publishers):

<img width="824" height="398" alt="Image" src="https://github.com/user-attachments/assets/ea2a134e-594b-4c75-a41a-2883b2658cc3" />

However, we still have an issue [publishing](https://github.com/dependabot/dependabot-core/actions/runs/16169422339/job/45639594788) the new gems:

```bash
gem push pkg/dependabot-rust_toolchain-0.320.1.gem --attestation pkg/dependabot-rust_toolchain-0.320.1.sigstore.json
Pushing gem to https://rubygems.org.../
You are not allowed to push this gem.
gem exec sigstore-cli:0.2.1 sign pkg/dependabot-rust_toolchain-0.320.1.gem --bundle pkg/dependabot-rust_toolchain-0.320.1.sigstore.json
! `gem push` failed with error: Command failed with status (1): [gem push pkg/dependabot-rust_toolchain-0.320.1.gem --attestation pkg/dependabot-rust_toolchain-0.320.1.sigstore.json]
> Releasing pkg/dependabot-rust_toolchain-0.320.1.gem
```

<img width="2090" height="817" alt="Image" src="https://github.com/user-attachments/assets/aff67bf7-cf61-48c1-8c91-fd617b072ec0" />

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Publish new ecosystems dependabot-rust_toolchain and depenadbot-vcpkg on rubygems.org #12581

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Publish new ecosystems dependabot-rust_toolchain and depenadbot-vcpkg on rubygems.org #12581

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions