From 4c46def81e4547333a1584bba8d0118666e6a5ef Mon Sep 17 00:00:00 2001
From: kuro <kuro@st.inc>
Date: Thu, 14 May 2026 12:20:54 +0900
Subject: [PATCH 1/7] security: add Takumi Guard for RubyGems

Co-Authored-By: Kuro <kuro0211@st.inc>
---
 .github/workflows/check.yml | 5 +++++
 .github/workflows/test.yml  | 5 +++++
 2 files changed, 10 insertions(+)

diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml
index 839c8a6..9d9e63e 100644
--- a/.github/workflows/check.yml
+++ b/.github/workflows/check.yml
@@ -10,9 +10,14 @@ jobs:
   rubocop:
 
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
 
     steps:
       - uses: actions/checkout@v3
+      - uses: flatt-security/setup-takumi-guard-rubygems@v1
+        with:
+          bot-id: "${{ vars.TAKUMI_GUARD_BOT_ID }}"
       - name: Set up Ruby
         uses: ruby/setup-ruby@v1
         with:
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 7440121..08e88ad 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -10,6 +10,8 @@ jobs:
   test:
 
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
 
     strategy:
       matrix:
@@ -18,6 +20,9 @@ jobs:
 
     steps:
       - uses: actions/checkout@v3
+      - uses: flatt-security/setup-takumi-guard-rubygems@v1
+        with:
+          bot-id: "${{ vars.TAKUMI_GUARD_BOT_ID }}"
       - name: Set up Ruby ${{ matrix.ruby-version }}
         uses: ruby/setup-ruby@v1
         with:

From a9a36caa6f9df4169c58f5ca7c3b64db07ab2354 Mon Sep 17 00:00:00 2001
From: kuro <kuro@st.inc>
Date: Thu, 14 May 2026 14:30:26 +0900
Subject: [PATCH 2/7] =?UTF-8?q?fix:=20ubuntu-24.04=20=E3=81=A7=20bundle=20?=
 =?UTF-8?q?=E3=82=B3=E3=83=9E=E3=83=B3=E3=83=89=E3=81=8C=E8=A6=8B=E3=81=A4?=
 =?UTF-8?q?=E3=81=8B=E3=82=89=E3=81=AA=E3=81=84=E3=82=A8=E3=83=A9=E3=83=BC?=
 =?UTF-8?q?=E3=82=92=E4=BF=AE=E6=AD=A3?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

ubuntu-24.04 ランナーでは Ruby インストール前に bundle コマンドが存在しない。
setup-takumi-guard-rubygems を ruby/setup-ruby より前に置くと
bundle config set --global の実行が exit 127 で失敗していた。

修正: ruby/setup-ruby を先に実行するよう順序を変更

Co-Authored-By: Kuro <kuro0211@st.inc>
---
 .github/workflows/check.yml | 6 +++---
 .github/workflows/test.yml  | 6 +++---
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml
index 9d9e63e..177c25f 100644
--- a/.github/workflows/check.yml
+++ b/.github/workflows/check.yml
@@ -15,13 +15,13 @@ jobs:
 
     steps:
       - uses: actions/checkout@v3
-      - uses: flatt-security/setup-takumi-guard-rubygems@v1
-        with:
-          bot-id: "${{ vars.TAKUMI_GUARD_BOT_ID }}"
       - name: Set up Ruby
         uses: ruby/setup-ruby@v1
         with:
           ruby-version: '3.4'
+      - uses: flatt-security/setup-takumi-guard-rubygems@v1
+        with:
+          bot-id: "${{ vars.TAKUMI_GUARD_BOT_ID }}"
       - name: Install dependencies
         run: bundle install
       - name: Run RuboCop
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 08e88ad..1e659e8 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -20,13 +20,13 @@ jobs:
 
     steps:
       - uses: actions/checkout@v3
-      - uses: flatt-security/setup-takumi-guard-rubygems@v1
-        with:
-          bot-id: "${{ vars.TAKUMI_GUARD_BOT_ID }}"
       - name: Set up Ruby ${{ matrix.ruby-version }}
         uses: ruby/setup-ruby@v1
         with:
           ruby-version: ${{ matrix.ruby-version }}
+      - uses: flatt-security/setup-takumi-guard-rubygems@v1
+        with:
+          bot-id: "${{ vars.TAKUMI_GUARD_BOT_ID }}"
       - name: Set up Node.js ${{ matrix.node-version }}
         uses: actions/setup-node@v4
         with:

From 6b7d797edc1237d94a85c5b0c4d3f663e38b29c1 Mon Sep 17 00:00:00 2001
From: Soh Satoh <20023945+sohsatoh@users.noreply.github.com>
Date: Tue, 19 May 2026 16:00:16 +0900
Subject: [PATCH 3/7] =?UTF-8?q?refactor:=202=20workflow=20=E3=82=92=20heyi?=
 =?UTF-8?q?nc/setup-ruby-with-takumi-guard@v1=20=E3=81=AB=E7=B5=B1?=
 =?UTF-8?q?=E4=B8=80?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .github/workflows/check.yml | 10 +++-------
 .github/workflows/test.yml  | 11 ++++-------
 2 files changed, 7 insertions(+), 14 deletions(-)

diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml
index 177c25f..6082bf0 100644
--- a/.github/workflows/check.yml
+++ b/.github/workflows/check.yml
@@ -15,14 +15,10 @@ jobs:
 
     steps:
       - uses: actions/checkout@v3
-      - name: Set up Ruby
-        uses: ruby/setup-ruby@v1
+      - uses: heyinc/setup-ruby-with-takumi-guard@v1
         with:
+          working-directory: .
+          bot-id: ${{ vars.TAKUMI_GUARD_BOT_ID }}
           ruby-version: '3.4'
-      - uses: flatt-security/setup-takumi-guard-rubygems@v1
-        with:
-          bot-id: "${{ vars.TAKUMI_GUARD_BOT_ID }}"
-      - name: Install dependencies
-        run: bundle install
       - name: Run RuboCop
         run: bundle exec rubocop
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 1e659e8..c3fa022 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -20,18 +20,15 @@ jobs:
 
     steps:
       - uses: actions/checkout@v3
-      - name: Set up Ruby ${{ matrix.ruby-version }}
-        uses: ruby/setup-ruby@v1
+      - uses: heyinc/setup-ruby-with-takumi-guard@v1
         with:
+          working-directory: .
+          bot-id: ${{ vars.TAKUMI_GUARD_BOT_ID }}
           ruby-version: ${{ matrix.ruby-version }}
-      - uses: flatt-security/setup-takumi-guard-rubygems@v1
-        with:
-          bot-id: "${{ vars.TAKUMI_GUARD_BOT_ID }}"
+          cache-key-extra: node-${{ matrix.node-version }}
       - name: Set up Node.js ${{ matrix.node-version }}
         uses: actions/setup-node@v4
         with:
           node-version: ${{ matrix.node-version }}
-      - name: Install dependencies
-        run: bundle install
       - name: Run tests
         run: bundle exec rake

From 1c263823b8d183c98df1d52bfef0d1eb95556220 Mon Sep 17 00:00:00 2001
From: Soh Satoh <20023945+sohsatoh@users.noreply.github.com>
Date: Tue, 19 May 2026 16:24:44 +0900
Subject: [PATCH 4/7] =?UTF-8?q?fix:=20public=20=E3=83=AA=E3=83=9D=E3=82=B8?=
 =?UTF-8?q?=E3=83=88=E3=83=AA=E3=81=AE=E3=81=9F=E3=82=81=20composite=20?=
 =?UTF-8?q?=E3=82=92=E4=BD=BF=E3=82=8F=E3=81=9A=E5=85=83=E6=A7=8B=E9=80=A0?=
 =?UTF-8?q?=E3=81=A7=20Takumi=20Guard=20=E7=B5=8C=E7=94=B1?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

heyinc/setup-ruby-with-takumi-guard は Internal で public リポジトリから参照できないため、
flatt-security/setup-takumi-guard-rubygems@v1 を直接呼び出す元の構造に戻す。

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .github/workflows/check.yml | 10 +++++++---
 .github/workflows/test.yml  | 11 +++++++----
 2 files changed, 14 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml
index 6082bf0..177c25f 100644
--- a/.github/workflows/check.yml
+++ b/.github/workflows/check.yml
@@ -15,10 +15,14 @@ jobs:
 
     steps:
       - uses: actions/checkout@v3
-      - uses: heyinc/setup-ruby-with-takumi-guard@v1
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
         with:
-          working-directory: .
-          bot-id: ${{ vars.TAKUMI_GUARD_BOT_ID }}
           ruby-version: '3.4'
+      - uses: flatt-security/setup-takumi-guard-rubygems@v1
+        with:
+          bot-id: "${{ vars.TAKUMI_GUARD_BOT_ID }}"
+      - name: Install dependencies
+        run: bundle install
       - name: Run RuboCop
         run: bundle exec rubocop
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index c3fa022..1e659e8 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -20,15 +20,18 @@ jobs:
 
     steps:
       - uses: actions/checkout@v3
-      - uses: heyinc/setup-ruby-with-takumi-guard@v1
+      - name: Set up Ruby ${{ matrix.ruby-version }}
+        uses: ruby/setup-ruby@v1
         with:
-          working-directory: .
-          bot-id: ${{ vars.TAKUMI_GUARD_BOT_ID }}
           ruby-version: ${{ matrix.ruby-version }}
-          cache-key-extra: node-${{ matrix.node-version }}
+      - uses: flatt-security/setup-takumi-guard-rubygems@v1
+        with:
+          bot-id: "${{ vars.TAKUMI_GUARD_BOT_ID }}"
       - name: Set up Node.js ${{ matrix.node-version }}
         uses: actions/setup-node@v4
         with:
           node-version: ${{ matrix.node-version }}
+      - name: Install dependencies
+        run: bundle install
       - name: Run tests
         run: bundle exec rake

From c8d11d0133794eedd08730ea159ed9d217cdc095 Mon Sep 17 00:00:00 2001
From: Soh Satoh <20023945+sohsatoh@users.noreply.github.com>
Date: Wed, 20 May 2026 11:19:42 +0900
Subject: [PATCH 5/7] chore: retrigger CI


From d2a6b208789480dcfa3d5ac2f22b2f2bca0c144b Mon Sep 17 00:00:00 2001
From: Soh Satoh <20023945+sohsatoh@users.noreply.github.com>
Date: Wed, 20 May 2026 11:39:22 +0900
Subject: [PATCH 6/7] chore: retrigger CI (composite v1.0.3)


From e022a961362d378d10991e5052a982550d536025 Mon Sep 17 00:00:00 2001
From: Soh Satoh <20023945+sohsatoh@users.noreply.github.com>
Date: Wed, 20 May 2026 11:54:55 +0900
Subject: [PATCH 7/7] chore: retrigger CI (composite v1.0.4)