Forge publishing is handled by GitHub Actions that run our voxpupuli-release gem (which uses puppet-blacksmith under the hood).
To guarantee a frictionless process across all modules, we use modulesync. Our modulesync configuration is available at modulesync_config.
Most modulesync’ed settings can be overridden through a .sync.yml.
Ask an admin to allow the repository to read the forge password secret from the GitHub Org.
Gem publishing is handled similarly, except there is no modulesync_config (again with one exception, our puppet-lint plugins).